On Wed, Jul 11, 2018 at 8:29 AM, Murray S. Kucherawy <superu...@gmail.com>

> On Wed, Jul 11, 2018 at 8:19 AM, Martijn van der Lee <
> martijn=40dmarcanalyzer....@dmarc.ietf.org
> <martijn=40dmarcanalyzer....@dmarc.ietf..org>> wrote:
>> In 5.1.1. (Header Fields To Include In ARC-Seal Signatures) he text
>> states to include the ARC Set currently being added.
>> However, the signature cannot include the current ARC-Seal header, as
>> it's full contents are not yet known at the time (for obvious reasons).
>> Should the current ARC-Seal be excluded from the hash or should some part
>> of it be included?
>> I'm assuming the former, but regardless I can find no text to make this
>> explicit.
>> Is such text missing or am I simply overlooking it?
> If there's a question here, then there's probably room for improvement in
> the text.
> The way I read this and implemented it, the AMS and AAR are fully
> generated before the AS is, so you have the entire ARC Set except for the
> "b=" part of the AS available, and that's what gets fed to the hash
> function.  It's the same way DKIM works, really.

That is correct. The whole ARC set with a blank "b=" value is hashed.

dmarc mailing list

Reply via email to