It appears that Alessandro Vesely <[email protected]> said: >I'm not clear about the last but one paragraph of that section: > > An example of such an attack includes altering the MIME structure, > exploiting lax HTML parsing in the MUA, and defeating duplicate > message detection algorithms. > >I'm going to file an errata about it. Altering the MIME structure is only >possible if the value of l= is less than the original message length.
I wish you hadn't. I think the original concern was for sloppy MIME that forgot the -- after the last part. >Anyway, I wouldn't want to authenticate a message that underwent an HTML >footer >addition, because it can completely replace the original content in the end >recipient's eyes. My draft requires footers to be plain text. Yet that's exactly what one of the largest discussion group services in the world did. As I keep pointing out, this is like an UNCOL, it does not generalize enough to be useful. On the other hand, ARC handles this just fine. R's, John _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
