I think this was discussed before, but perhaps it didn't reach a logical conclusion:
If a verifier decides an ARC is invalid, it's supposed to set "cv=invalid", when generating its own ARC-Seal. This seems odd; we're cryptographically signing a chain that is known to be broken, meaning the next handler might not even be able to get as far as consuming the "cv=" value we're putting there because the chain can't be validated in the first place. Perhaps a better approach would be to use the regular A-R to indicate the chain is bad, and stop. Any other ideas? -MSK
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
