I'd say that I agree with John (and Seth) on this one. I'm not sure if a consensus was reached, though it doesn't appear so. I think the idea that being able to have trust in the broken chain information potentially sent back to us as a report has value. It's hard to be sure that the value will override the cost of the signature, but as John suggested below, I can't imagine the cost to be very high.
-- Alex Brotman Sr. Engineer, Anti-Abuse Comcast -----Original Message----- From: dmarc [mailto:[email protected]] On Behalf Of John R Levine Sent: Wednesday, August 15, 2018 3:54 PM To: Dave Crocker <[email protected]> Cc: [email protected] Subject: Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5.1.2 - cv=fail should sign greedily On Wed, 15 Aug 2018, Dave Crocker wrote: > This is a very different kind and degree of vague (and without > precedent, I believe (unless someone can point to operational > experience on the net that is similar?) I believe there are lots of trace fields that don't have a concrete use. I am not familiar with any standardized use of the values in the ID field in Received headers, although they're often handy in practice to track down the details of what happened to a message. Can you explain in words the damage that cv=fail signatures will cause, and a rough idea of the cost to ARC signers and verifiers? To me the answers are none, and trivial. R's, John _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
