On Tue, Jul 10, 2018 at 1:24 PM Jim Fenton <fen...@bluepopcorn.net> wrote:
> On 7/10/18 12:43 PM, Murray S. Kucherawy wrote: > > RFC7601 doesn't require or encourage deletion of A-R fields in general. > (The strongest word is "could".) If it's valid and possibly useful > downstream, you can certainly keep it. It only says you have to delete > stuff that's clearly a forgery. > > > I didn't go back and check the wording used in 7601 obviously. I was > inferring from the language in 4.1.2, "are likely to be deleted". > Right, basically an ADMD right now has to delete any existing A-R field that claims to be the ADMD in order to prevent forgery. If you added it to the signature and added an instance variable, you don't need to do that anymore, but you may still run afoul of other software that is deleting them. DKIM-Signatures are also sometimes removed from messages (mailing lists often do this), and there are also MTAs which incorrectly make assumptions about how DKIM-Signature failure means (the RFC says a failed DKIM-Signature should be treated as if it's not there, but that's not what we're seeing in practice). Earlier instances of the AMS are expected to fail if the message content is changed and for that to be fine. We did spend a bunch of time, maybe before it even came to the IETF, exploring whether we could do this without having a separate set of header fields, and we decided no. Brandon
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc