This is a way-too-late comment on draft-ietf-lamps-header-protection-20. I'm not sure if it can still be considered, but I wanted to at least submit it. I have a couple of concerns on things that are underspecified/ambiguous. I have raised these here: 1. https://mailarchive.ietf.org/arch/msg/spasm/svKKPyHAGdJIjmW6P4o28iMGH30/ 2. https://gitlab.com/dkg/lamps-header-protection/-/issues/63 I see the risk that if they are left unaddressed, different MUAs may implement different things. For 2., I additionally see the risk of unexpected leakage of private data when replying to an email with Header Protection. Kind regards, Thore
Attachment:
signature.asc
Description: OpenPGP digital signature
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
