On Tue, May 5, 2015 at 1:17 PM, Terry Zink <[email protected]> wrote:
> > > What advantage does this have over John's proposal? It actually looks > more c > > complicated to me, because it spans the divide between DKIM and DMARC. > John's > > proposal is completely contained within DKIM. > > > John’s proposal changes DKIM but also requires additional changes in DMARC > to respect the changes that were made to DKIM when doing alignment (the > @fs=domain is more or less the same as the Original-To below). If I rescind > my DKIM v=2 to only v=1, then it requires changes to DMARC analysis logic > (which John’s would have required anyhow to extract the @fs and compare to > the from address); and, requires some configuration changes to senders in > DKIM but no code change (unless adding a second signature requires a code > change). > > I interpreted John's proposal to mean a DKIM verifier would not pass a signature with "@fs=" unless it was also accompanied by a signature from the "fs" domain. Thus, the modified result logic is completely within the DKIM module, which DMARC then consumes. It's a much cleaner separation of function that way. -MSK
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
