In article <cad2i3wnse+of7u8fdtnmueu3sthubpevgdyht9j6bglxoeo...@mail.gmail.com> you write: >5.1.2 says when a chain fails, to put cv=fail in the AS and only Seal the >ARC Set being added. > >Per the original message and suggested text, I believe 5.1.2 should only >provide the above guidance when it is not otherwise possible to sign the >entire ARC Chain (i.e. when the Chain is structurally invalid and a >deterministic set of headers cannot be enumerated).
I still have a question: if you have the right set of older headers, you could sign them even if they're corrupted and the signatures are invalid. But if the old sets have extra or missing headers, you can only sign your own set. I think it's fine to sign and hope for the best, but how is a validator supposed to tell the difference? Perhaps we need something like cv=restart. R's, John _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
