I'm still at a bit of a loss as to how one can effectively do a "greedy" seal over a broken chain in a deterministic fashion.
I've been discussing this with Seth. Particularly once we start doing parallel chains for different algorithms, different implementations will disagree about what's a broken chain, so I'd just as soon not try.
If the previous seal was good, add cv=fail only signing your own seal. If the previous seal was cv=fail, don't sign.
Regards, John Levine, [email protected], Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. https://jl.ly _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
