John R. Levine wrote: >> I don't see incentives to spoof: >> >> MIME-Version >> Content-Type >> >> What are the gains? > > This has been discussed at great length. Please consult the list archives.
Thanks - you couldn't summarize or its too hard to explain? I can search, certainly not consult. But let me "consult" GOOGLE: MIME-Version Exploits IETF-DKIM Without going nuts looking all the results, I see whats in 4871 section 8.1.1. Addition of New MIME Parts to Multipart/* and this seems about the l= body size issue which most people already agreed is a bad idea. I don't see how the 5322.Mime-Version header can be exploited. Anyway, never mind. -- Hector Santos, CTO http://www.santronics.com http://santronics.blogspot.com _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html