On Tue, May 30, 2017 at 10:33 AM, Scott Kitterman <[email protected]> wrote:
> > At some point in the process, an AAR and ARC signature get created. Later, > someone else has to validate them. > > My point was that when you are on the signing end of this, you have to > grovel > through all the relevant AR header fields since there's nothing telling > another doing new authentication the should combine them into the same > field. > Seeing sequence of AR fields for SPF, DKIM, and DMARC is quite normal. > > I thought that what was being said was that the AAR contstruction process > could assume a single AR field and that's not correct. Now that I see it > explained again, I see I was thinking one step too far back in the process. > > So, I think it was my misunderstanding, although if you're doing to use the > results of the AAR in the verification process and assume it's all in a > single > AAR header field, then I think that should be a MUST, not a SHOULD. > I'm leaning toward MUST using Seth's language. It seems to me SHOULD leaves an interoperability hole, plus you'd have to come up with some sityations where not doing so makes sense that are stronger than "I didn't want to." -MSK
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
