In article <2656238.kvSPeydUtl@sk-desktop> you write: >There is probably protocol improvement work that should be done based on: > >https://www.usenix.org/system/files/sec20fall_chen-jianjun_prepub_0.pdf
I didn't see any protocol issues other than the well known DKIM multiple From: headers (the Doug Otis feature) and l=. They certainly did find a lot of implementation bugs, some of which I found pretty surprising, like Gmail allowing and misinterpreting NUL characters in DKIM signature headers. This sounds like we need more test suites and perhaps more reminders that when you're writing security software, being forgiving of other people's bugs will backfire on you. R's, John _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
