John’s proposal changes DKIM but also requires additional changes in
DMARC to respect the changes that were made to DKIM when doing alignment
(the @fs=domain is more or less the same as the Original-To below). ...
It's not supposed to. The decision about whether a DKIM signature that
depends on a chained signature is valid is supposed to happen entirely
within the updated DKIM module. DMARC just uses that result. I assume
the DKIM module is able to look at all of the DKIM signatures on a message
and report back which ones are valid.
Regards,
John Levine, [email protected], Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail.
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
