On Tue 29/Sep/2015 16:34:44 +0200 Tim Draegen wrote:
>
> The editing team deems this draft as ready for last call review.
Section 4.2 mentions dkim-conditional. (IMHO, the latter should be named
draft-dmarc-dkim-conditional.) Both Section 4.2:
This DKIM
signature would come with the condition that a subsequent known
domain fully DKIM sign the message.
and Section 4 of dkim-conditional:
A sender that expects a message to be forwarded might put both a
conventional DKIM signature and a signature with a !fs tag that
refers to the domain name of the expected forwarder.
require conventional, full DKIM signatures. Why? It seems to me that any
DMARC authentication method could suffice. That is, the author domain (!fs
signer) could be SPF authenticated by the MLM; and the MLM could be SPF
authenticated by list recipients. No?
In case the !fs signature is missing, it may be handy to have the resender
issue a forensic report. That way, a sender could automatically set up its
signing daemon to add a tag "!fs=mlm.example" to mail destined to, say,
"[email protected]", where the latter address is extracted from that report.
jm2c
Ale
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
