In article <caeycsz5nzmupa-rhy7srz3xc3t+fzye2b9qpcqxuy0hw4g4...@mail.gmail.com> you write: >Recently this article came to my attention: >http://noxxi.de/research/breaking-dkim-on-purpose-and-by-chance.html > >It gives a nice overview of some of the vulnerabilties in the DKIM spec. >I understand that this is mostly stuff which is in the spec already.
There is nothing whatsoever new in this article. These are all topics that have been discussed and debated ad nauseam over the past decade. I suppose it wouldn't hurt to do double signing to prevent people from adding extra From: or Subject: headers, but I also note that this purported attack has been known for many years, nobody does it, and there is little reason to think it would be effective. R's, John _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
