On Tue, Aug 7, 2018 at 3:37 PM, Kurt Andersen (b) <kb...@drkurt.com> wrote:
> On Mon, Aug 6, 2018 at 5:46 PM, Brandon Long <blong=40google.com@dmarc.
> ietf.org> wrote:
>> Do we actually have consensus on what to do, though?
>> The current proposal seems pretty bad, sign one or all depending on vague
>> things that might be different per impl.
> It does not seem to me like we have consensus. Can we pick one option for
> this experimental phase and re-evaluate afterward? For the sake of
> non-ambiguity, I'd suggest the "sign one" approach. During the experiment
> we can see how often it has to be invoked and request people to examine
> those cases for further evaluation.
"Sign one" (I think you mean "seal one") remains ambiguous to me, because
as Seth said, once I see "cv=fail", I don't care about anything else. Now
I have a seal nobody cares about, which means the sealer shouldn't be
bothered with generating it, irrespective of what gets fed to the hash.
Can we clear that part up?
dmarc mailing list