On Sat, Jun 14, 2014 at 12:35 PM, <[email protected]> wrote: > > Yes, you could do the equivalent of the version bump by changing the > > name of the header, but I don't see the point. > > If you're going to bump the version, you need to use the opportunity to > solve the more general underlying problem. > > I'm not sure I can completely characterize that problem, but it's something > along the times of there need to be some way to state the intention behind > this > particular signature. Is this a signature tied to use by third parties? > Whitelisting? Something else? >
What about a new canonicalization, which is largely the same as the existing ones but carries with it the additional semantic that "This can only pass when accompanied by a Mediator signature"? Current verifiers don't know what this is and thus wouldn't know what to do with it, so unless they do something abysmally stupid like "I don't know what this canonicalization is, so let's just call it a 'pass' to be on the safe side", this might be a path forward without a version bump. -MSK
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
