>>#18 3.6.1, "g=". Is "g=*s*t*e*p*h*e*n" allowed or is one "*" the limit? I >>don't care, but it should say. > >Good catch. Why does the definition for key-g-tag-lpart only allow one "*"?
The intention was to allow sub addresses so if your MTA delivers all addresses of the form fred+foo or fred-foo to fred, it can cover all the versions. I would suggest changing the wording and ABNF to permit a * only at the end. I can tell you from experience that coding pattern matchers, even one for a single * in the middle, is tricky and a rich source of obscure bugs, so I would prefer if the the patterns were trivial. >It prevents a MITM attack that many people think is significant, >namely adding headers that mean something to the recipient. The usual example is a plain text message without MIME headers to which a bad guy adds headers making some random line in the message into the MIME separator, thereby hiding everything in the message above that. It interacts particularly badly with l= since you could add new MIME stuff at the end and make the original message completely invisible. >Current DNS RRtypes which result in a leaf record will not loop. CNAMEs can always loop, but that is a general problem that we aren't making any worse. R's, John _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
