On 5/31/2017 2:32 PM, Murray S. Kucherawy wrote:
If a verifier decides an ARC is invalid, it's supposed to set
"cv=invalid", when generating its own ARC-Seal. This seems odd; we're
cryptographically signing a chain that is known to be broken, meaning
the next handler might not even be able to get as far as consuming the
"cv=" value we're putting there because the chain can't be validated in
the first place.
Perhaps a better approach would be to use the regular A-R to indicate
the chain is bad, and stop.
+1, except I think not 'perhaps' but rather 'definitely'.
If it's broken, it's broken.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
