It appears that Murray S. Kucherawy said:
>(a) Inertia will mean "l=" is generated and/or accepted for a long time to
>come no matter what we say or do; and
Yup.
>(b) Even if (a) weren't true, "l=" then becomes an unrecognized tag at
>verifiers, which will mean those signatures break and we hav
On Mon, May 20, 2024 at 5:29 PM John Levine wrote:
> It appears that Wei Chuang said:
> >-=-=-=-=-=-
> >
> >Hi DKIM folks,
> >As many of you know there was a DKIM security vulnerability disclosure
> >Friday around the signature header body length tag "l=". The blog post is
> >here: https://www.
On Sun, May 19, 2024 at 9:27 AM Wei Chuang wrote:
> As many of you know there was a DKIM security vulnerability disclosure
> Friday around the signature header body length tag "l=". The blog post is
> here: https://www.zone.eu/blog/2024/05/17/bimi-and-dmarc-cant-save-you/
> The authors state that
It appears that Wei Chuang said:
>-=-=-=-=-=-
>
>Hi DKIM folks,
>As many of you know there was a DKIM security vulnerability disclosure
>Friday around the signature header body length tag "l=". The blog post is
>here: https://www.zone.eu/blog/2024/05/17/bimi-and-dmarc-cant-save-you/
>The authors
On Sun, May 19, 2024 at 2:41 PM John Levine wrote:
> Honestly, I don't know. Of the trickle of mail I see with l=, most is
> from the libertarian Reason blog with l=1 and the rest is from
> Verisign who for some reason sign with l= actual length.
>
> I suspect I could get Verisign's attention. Rea
Jeremy Harris wrote in
:
|On 19/05/2024 17:26, Wei Chuang wrote:
|> then rewrite the Content-type header mime
|> delimitter
|
|Seems like including this header in the signed set would be
|Best Practice?
Indeed.
I want to remark that this thread seems to reiterate an attack
from 2018:
ht
It appears that Jeremy Harris said:
>On 20/05/2024 09:06, Alessandro Vesely wrote:
>> Content-Type: is a technical field
>
>Not a term I've met before. Is there a formal definition?
As Dave said, no. There isn't even an informal definition.
>And as far as "which forwarders need to change" goe
On 20 May 2024, at 12:55, Pete Resnick wrote:
> nobody is interested in implementing it aside from the implementer.
s/implementer/proposer (brain ahead of fingers)
--
Pete Resnick https://www.episteme.net/
All connections to the world are tenuous at best
___
On 20 May 2024, at 10:13, Bob Hinden wrote:
On May 19, 2024, at 7:22 PM, Dave Crocker wrote:
On 5/10/2024 2:33 PM, Dave Crocker wrote:
On 5/10/2024 10:54 AM, Murray S. Kucherawy wrote:
* Prior to accepting any Standards Track document for development,
there must be a commitment to implement t
Hi,
> On May 19, 2024, at 7:22 PM, Dave Crocker wrote:
>
> On 5/10/2024 2:33 PM, Dave Crocker wrote:
>> On 5/10/2024 10:54 AM, Murray S. Kucherawy wrote:
>>> * Prior to accepting any Standards Track document for development, there
>>> must
>>> be a commitment to implement the resulting propose
On 5/20/2024 2:23 AM, Jeremy Harris wrote:
And as far as "which forwarders need to change" goes -
isn't the entire point of DKIM to detect chages?
no.
"Abstract
DomainKeys Identified Mail (DKIM) permits a person, role, or
organization that owns the signing domain to claim some
respon
On 20/05/2024 09:06, Alessandro Vesely wrote:
Content-Type: is a technical field
Not a term I've met before. Is there a formal definition?
And as far as "which forwarders need to change" goes -
isn't the entire point of DKIM to detect chages?
--
Cheers,
Jeremy
_
On Sun 19/May/2024 21:28:21 +0200 Jeremy Harris wrote:
On 19/05/2024 17:26, Wei Chuang wrote:
then rewrite the Content-type header mime delimiter
Seems like including this header in the signed set would be
Best Practice?
I hope not. Content-Type: is a technical field, which forwarders nee
13 matches
Mail list logo