On May 19, 2015 2:05:18 AM EDT, "Murray S. Kucherawy" <[email protected]> wrote: >On Mon, May 18, 2015 at 10:56 PM, Terry Zink ><[email protected]> >wrote: > >> Thanks, this is useful. >> >> What would the Authentication-Results header look like? Presumably 3 >> results for DKIM (dkim=fail, dkim=pass, dkim=pass)? And what about >DMARC? >> Show one result or two? Or maybe something like >dmarc=conditionalpass? >> >Three DKIM results, one DMARC "pass" result. The idea is that DKIM >returns >a "pass" for an aligned conditional signature, which satisfies the DKIM >algorithm, so long as there's also a passing signature from the "cd" >domain. > >Is there any use in making a distinction to your acceptance/routing of >messages to know it was based on a conditional signature versus an >original >author signature?
I would think you'd have to. There's a replay risk that's unique to this type of signature, so I think treating them the same would be a naive approach. Scott K _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
