On Jul 7, 2011, at 3:21 PM, John Levine wrote: >> Will your "assume one more From than listed in h=" lead to failed >> verifications on messages that actually follow the advice in the RFC >> to list duplicate headers in their h= values? > > The RFC also says you shouldn't sign messages that aren't RFC 2822. So > pick your poison. > > I have to say it's a little surreal to have these arguments about what > changes to make to avoid the horrors of a duplicate From: attack that > is and likely will always be entirely hypothetical, when we can't even > get our act together to deprecate the l= option, including l=0.
It is. This group finds it much easier to add cruft (or argue that cruft should be added) than to remove cruft. But we're past the point where we can improve things on this round of the spec. Time to move on. Cheers, Steve _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
