On Wed, Jun 21, 2017 at 1:53 PM, Gene Shuman <[email protected]> wrote:
> > It seems we have two choices available to us upon receipt of an invalid > chain(which is defined as AS b= unable to be computed). > > 1. Simply stop adding further ARC headers. Put arc=fail(or invalid) in > the AR. Further recipients will detect that the chain is broken as well, > for the same reasons. This is clearly the easiest solution. > If you put arc=fail in an AR and then the next hop ignores and strips the AR (per spec), what good is it? 2. Add one further ARC-Set with an explicit cv=invalid in order to 'close' > the chain, using the rule that Kurt has suggested. This seems to have some > benefit to me, but it's minimal. It seems to wrap things up nicely, and it > means that all ARC chains have a well defined cv value, which makes testing > a little easier. However the cost is clearly added complexity, both in the > spec and implementations. Is there any other tangible value to adding this > final ARC-Set? Does it help identify the failure point in the chain? Is > there any other benefit? Kurt, can you speak to this? > A terminal ARC-set with cv=invalid is the only way to "close" a chain and avoid reprocessing by each and every subsequent hop as far as I can see. --Kurt
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
