On Sun 07/Jun/2020 23:23:12 +0200 Seth Blank wrote: > https://trac.ietf.org/trac/dmarc/ticket/38 > > The spec is ambiguous about which DKIM key needs to be reported. > > The real world problem here is that sometimes the DKIM key(s) which are > reported in a row of an aggregate report have nothing to do with the DKIM key > used to evaluate the DMARC status within the same row. > > In https://tools.ietf.org/html/rfc7489#section-7.2, it says: > > The report SHOULD include the following data: > > o The identifier evaluated by DKIM and the DKIM result, > > Elizabeth Zwicky previously wrote: > > https://mailarchive.ietf.org/arch/msg/dmarc/0HnvtYeeseqopq1tLELctYte34M/ > "is genuinely unclear. Often there are multiple identifiers. Does this mean I > can pick any one of them? (That does not actually provide sufficient > interoperability.) If there’s a specific one I should pick, which is it?" > > https://mailarchive.ietf.org/arch/msg/dmarc/zDALDe2zbXhqfQ-_RVeUO1BT084/ > "I believe they MUST contain any aligned DKIM signature regardless of validity > and SHOULD contain an entry for each domain, selector, result triple."
I think every MTA can have its own criteria about how to order DKIM signatures in each message. For DMARC validation, aligned signatures are important. Valid signatures are more important than invalid or non-verifiable ones, although reporting unverifiability is important. Signature by trusted domains are more important than those by unknown ones. Key size also matters. These are all subjective criteria. > Is it desirable to clarify this language, such that it is clear which DKIM > keys > are required to include in a report, and if so, how should the appropriate > keys be determined? Signatures should be reported in order of decreasing importance. The more signatures are reported, the better. The subjective order in which they appear is part of the informative content of the report. Software should allow to configure ordering criteria when possible. Best Ale -- _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
