On Wed, Jul 11, 2018 at 8:29 AM, Murray S. Kucherawy <[email protected]> wrote:
> On Wed, Jul 11, 2018 at 8:19 AM, Martijn van der Lee < > [email protected] > <[email protected]>> wrote: > >> In 5.1.1. (Header Fields To Include In ARC-Seal Signatures) he text >> states to include the ARC Set currently being added. >> However, the signature cannot include the current ARC-Seal header, as >> it's full contents are not yet known at the time (for obvious reasons). >> Should the current ARC-Seal be excluded from the hash or should some part >> of it be included? >> I'm assuming the former, but regardless I can find no text to make this >> explicit. >> Is such text missing or am I simply overlooking it? >> > > If there's a question here, then there's probably room for improvement in > the text. > > The way I read this and implemented it, the AMS and AAR are fully > generated before the AS is, so you have the entire ARC Set except for the > "b=" part of the AS available, and that's what gets fed to the hash > function. It's the same way DKIM works, really. > That is correct. The whole ARC set with a blank "b=" value is hashed. --Kurt
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
