[ietf-dkim] Final update to 4871bis for working group review
steve at wordtothewise.com
Thu Jul 7 18:15:28 PDT 2011
On Jul 7, 2011, at 3:21 PM, John Levine wrote:
>> Will your "assume one more From than listed in h=" lead to failed
>> verifications on messages that actually follow the advice in the RFC
>> to list duplicate headers in their h= values?
> The RFC also says you shouldn't sign messages that aren't RFC 2822. So
> pick your poison.
> I have to say it's a little surreal to have these arguments about what
> changes to make to avoid the horrors of a duplicate From: attack that
> is and likely will always be entirely hypothetical, when we can't even
> get our act together to deprecate the l= option, including l=0.
It is. This group finds it much easier to add cruft (or argue that
cruft should be added) than to remove cruft.
But we're past the point where we can improve things on
this round of the spec. Time to move on.
More information about the ietf-dkim