[ietf-dkim] Two issues derived from Ticket #20: signature practices
Murray S. Kucherawy
msk at cloudmark.com
Wed Apr 27 12:17:16 PDT 2011
> -----Original Message-----
> From: ietf-dkim-bounces at mipassoc.org [mailto:ietf-dkim-bounces at mipassoc.org] On Behalf Of Alessandro Vesely
> Sent: Wednesday, April 27, 2011 11:41 AM
> To: ietf-dkim at mipassoc.org
> Subject: [ietf-dkim] Two issues derived from Ticket #20: signature practices
>
> On 27/Apr/11 01:42, John R. Levine wrote:
> > I agree with Dave's changes,
>
> +1, and also for Murray's advice of signing A-R fields. However, in
> such case, the last phrase in Sec 7.2 (INFORMATIVE ADVICE to MUA
> filter writers) should be changed from
>
> To circumvent this attack, verifiers may wish to delete existing
> results header fields after verification and before adding a new
> header field.
>
> to, e.g.,
>
> To circumvent this attack, verifiers may wish to delete counterfeit
> results header fields after verification and before adding a new
> header field.
Actually if we're talking about A-R fields, RFC5451 talks plenty about this. Rather than duplicating advice, we should just refer to it.
More information about the ietf-dkim
mailing list