On Wed, Sep 13, 2017 at 1:03 PM, Murray S. Kucherawy <[email protected]> wrote:
> At the risk of bringing up the whole "cv=invalid" debate again... > > When a chain is invalid (say, an AMS is missing), Section 9.3 says to add > a seal that only covers itself but uses N+1 for its "i=" value. Could > someone propose some informational text for the draft that explains why > that decision was made? > Yes, will add such information. In short, the reason for covering only the last ARCset is because it is impossible to determine exactly what the "implicit-h" list would be if the chain is corrupt. That makes it indeterminate as to whether one should believe the "failing" report since validating the signature would be ambiguous. --Kurt
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
