Yes, I was planning to follow Murray's lead and leave "weak" defined only as a judgement applied by the evaluator, indicating that the signature is not fully acceptable to his network for some reason.
Doug On Wed, Oct 26, 2022, 7:56 PM Steven M Jones <[email protected]> wrote: > On 10/26/22 16:45, Neil Anuskiewicz wrote: > >> On Oct 26, 2022, at 3:48 AM, Douglas Foster < > [email protected]> wrote: > >> > >> > >> Murray first raised the issue of weak signatures. > >> ... > >> > >> Weak results need to be part of the aggregate report so that domain > owners understand the importance of moving from weak to strong signatures. > >> ... > >> > >> - DAMRC Evaluation does not exit upon finding an aligned and verified > weak signature. Instead, the result is noted but the evaluation continues > in hopes of finding an aligned and verified strong signature. > > Strong defined as the strength of the encryption algorithm (i.e., key > size). > > > And to be clear(er), any language talking about "strength" in terms of > key size has to account for algorithm + key size, or you can get some > incorrect treatment of e.g. elliptical curve signatures. > > > --S. > > > _______________________________________________ > dmarc mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dmarc >
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
