The downgrade attack is not addressed in the security recommendations. Regardless of whether the group thinks that the attack is out of scope the group must either:
1) Provide a mechanism that allows the attack to be prevented. 2) Understand the problem well enough to write a security considerations section. The first is much easier than the second. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
