I think there's still something missing from the draft wrt fail/invalid. In section 5.2.2, it says that gross violations MUST be capped in the manner specified. This seems to only encompass what we were previously considering cv=invalid. Does it say somewhere that cv=fail should be handled in this fashion as well? Or does what was previously cv=fail still sign all arc sets? Are we handling these differently? I'm not necessarily sure we should. Also, the language here is MUST. Shouldn't this be optional, as we'd discussed?
On Fri, Jun 30, 2017 at 4:48 PM, Kurt Andersen <[email protected]> wrote: > > On Jun 30, 2017 2:37 PM, Brandon Long <[email protected]> wrote: > > Looking through the changes, I see that in 5.2.2 we previously and still > say that the AAR field should be unknown. Unknown is a valid value for > result names for dkim-adsp and rrvs, but I'm curious why we would use that > and not just fail? fail seems to match better, especially now that we > don't differentiate between invalid and fail in the cv value. > > > Fair point. I'll look at rephrasing that. > > We also discussed signing/verifying a cv=fail differently, which isn't in > the draft yet (I don't think, I was looking at the diff not the whole > document). > > We discussed that the signing/verifying of a cv=fail would only do so > based on the single (presumably last) hop that contained the cv=fail. > > So, the AMS would be added/verified like normal, but the AS would only > sign the as/ams/aar of that hop. > > > That is already the specified handling in the case of fail. > > --Kurt > > > > _______________________________________________ > dmarc mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dmarc > >
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
