On Mon 02/Dec/2024 21:53:42 +0100 Brotman, Alex wrote:
[...]
2) Implementation Identifier
I saw some chatter about this, and I'm not entirely sure I saw a consensus.
I'm sort of on the fence about this. I don't see what benefit it has to the
receiver (I do see benefit to vendors and researchers), but I could see where
an attacker somehow exposes a bug in XML processing to a given DMARC generator.
That being said, I could be convinced.
Sorry, I can't render the last sentence. You mean buggy parser can be attacked
by setting a <generator>?
I think parsers are going to face some difficulties when extensions will start
to pop up. Generators should produce correct code, and parsers should be
upgraded when new data becomes available. Still, recognizing the generator
version at the beginning of the file can allow to work around any problematic
code that that generator produces.
Best
Ale
--
_______________________________________________
dmarc mailing list -- [email protected]
To unsubscribe send an email to [email protected]
