> -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of Alessandro Vesely > Sent: Wednesday, April 27, 2011 11:41 AM > To: [email protected] > Subject: [ietf-dkim] Two issues derived from Ticket #20: signature practices > > On 27/Apr/11 01:42, John R. Levine wrote: > > I agree with Dave's changes, > > +1, and also for Murray's advice of signing A-R fields. However, in > such case, the last phrase in Sec 7.2 (INFORMATIVE ADVICE to MUA > filter writers) should be changed from > > To circumvent this attack, verifiers may wish to delete existing > results header fields after verification and before adding a new > header field. > > to, e.g., > > To circumvent this attack, verifiers may wish to delete counterfeit > results header fields after verification and before adding a new > header field.
Actually if we're talking about A-R fields, RFC5451 talks plenty about this. Rather than duplicating advice, we should just refer to it. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
