The spec currently calls for the n-th instance of AAR to be signed by the related AMS[n] header as well as the AS[n] header.
There have been some offlist discussions about whether that is really necessary, and, generally the conclusion was that it is not really necessary to the integrity of the mechanism to have the AAR incorporated into the signed space for both AMS and AS. The question to the list (and one which we will also raise in the meeting on Thursday @ IETF) is whether to change the spec to make the signing of AAR[n] by AMS[n] optional. It won't break any current implementations and apparently will make some deployments easier (I'll have to let Seth and Gene chime in with details) so I'm inclined to make the change. Opinions? --Kurt
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
