There has been an on-list discussion about this, but in it no consensus was reached: https://mailarchive.ietf.org/arch/msg/dmarc/KvpNpf_9ywZpK6oMcwJ1OJthiHM
Off list the consensus from those I've spoken with (which is obviously not necessarily representative of the WG) is that we should drop the language suggesting coverage of the AAR by the AMS, as this adds no value when the AAR is required to be signed by the AS. Personally, I think removing this (so only the AS covers the AAR) simplifies the spec and implementations without removing value from the protocol. On Wed, Jul 19, 2017 at 4:28 AM, Kurt Andersen <[email protected]> wrote: > The spec currently calls for the n-th instance of AAR to be signed by the > related AMS[n] header as well as the AS[n] header. > > There have been some offlist discussions about whether that is really > necessary, and, generally the conclusion was that it is not really > necessary to the integrity of the mechanism to have the AAR incorporated > into the signed space for both AMS and AS. > > The question to the list (and one which we will also raise in the meeting > on Thursday @ IETF) is whether to change the spec to make the signing of > AAR[n] by AMS[n] optional. > > It won't break any current implementations and apparently will make some > deployments easier (I'll have to let Seth and Gene chime in with details) > so I'm inclined to make the change. > > Opinions? > > --Kurt > > _______________________________________________ > dmarc mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dmarc > >
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
