On Wed, Apr 8, 2015 at 9:19 AM, John Levine <[email protected]> wrote: > >Comments on either or both are welcome. > > They both have the same problem: the list says: > > Here's what I did. Whadda ya think? > > Every recipient system has to come up with its own heuristics to > decide what combinations of changes are or are not acceptable, which > means that the exact same message will be accepted by one 100% > conformant implementation and rejected by another. This does not > seem to me to be a major improvement over the current situation. >
But I think that's true of every protocol we have now. For example, independent of DMARC, a valid DKIM-signed message might be rejected by "A" and not by "B" because of its content based on local policy and filtering. Local heuristics about acceptable content will always be there regardless of what we do. The goal here is not acceptance, but deterministic results from the authentication layer. Or, more generally, we need to be able to recover a validated identifer that aligns in a way that doesn't degrade the integrity of that validation. Being able to have the author signature cover the original content and the list signature cover any changes seems like a win to me. -MSK
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
