On Mon, 5 Nov 2018, Brandon Long wrote:
If it does work, I'd be a surprised. Most likely, it'll fail validation
prior to full parsing (we extract the i= first, and only fully parse all
the k=v pairs later).
Also, does that mean you have to use the same algorithm in both the AMS and
AS for a given instance? And how does that correspond to an AAR which
doesn't have an algorithm... and how does that work with the AS signing
previous headers, does it only sign the ones with matching algorithm?
That's in my draft. Each chain of seals uses a single algorithm, so the
AS and AMS algos all have to match. There's no signature in the AAR so
it's shared between multiple seals in the same instance. You're only
allowed to seal the longest chain(s) so if the longest chain uses an
algorithm you don't understand, it fails.
I'd be a bit surprised if all of those caveats are correctly matched in the
original arc spec.
No kidding.
Regards,
John Levine, [email protected], Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
