On Tue, Aug 7, 2018 at 3:37 PM, Kurt Andersen (b) <kb...@drkurt.com> wrote:
> On Mon, Aug 6, 2018 at 5:46 PM, Brandon Long <blong=40google.com@dmarc. > ietf.org> wrote: > >> >> Do we actually have consensus on what to do, though? >> >> The current proposal seems pretty bad, sign one or all depending on vague >> things that might be different per impl. >> > > It does not seem to me like we have consensus. Can we pick one option for > this experimental phase and re-evaluate afterward? For the sake of > non-ambiguity, I'd suggest the "sign one" approach. During the experiment > we can see how often it has to be invoked and request people to examine > those cases for further evaluation. > "Sign one" (I think you mean "seal one") remains ambiguous to me, because as Seth said, once I see "cv=fail", I don't care about anything else. Now I have a seal nobody cares about, which means the sealer shouldn't be bothered with generating it, irrespective of what gets fed to the hash. Can we clear that part up? -MSK
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc