On Wed, Jul 11, 2018 at 8:19 AM, Martijn van der Lee < [email protected]> wrote:
> In 5.1.1. (Header Fields To Include In ARC-Seal Signatures) he text states > to include the ARC Set currently being added. > However, the signature cannot include the current ARC-Seal header, as it's > full contents are not yet known at the time (for obvious reasons). > Should the current ARC-Seal be excluded from the hash or should some part > of it be included? > I'm assuming the former, but regardless I can find no text to make this > explicit. > Is such text missing or am I simply overlooking it? > If there's a question here, then there's probably room for improvement in the text. The way I read this and implemented it, the AMS and AAR are fully generated before the AS is, so you have the entire ARC Set except for the "b=" part of the AS available, and that's what gets fed to the hash function. It's the same way DKIM works, really. -MSK
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
