It appears that Bron Gondwana <[email protected]> said: >So if there's anything ARC currently does better, I'd want to see if we can >implement that into DKIM2 as well. One case that has already been discussed is >the signed Authentication-Results headers, and I would be very keen for a >`DKIM2-Authentication-Results: ...
I have mixed feelings about this. On the one hand, a likely model for mailing lists, borrowed from ARC, is to look back through the chain and if the original message was DMARC aligned, accept the list's version. If you can just pick the DMARC result our of a header, that would be nice. On ther other hand, a buggy or malicious system could lie about A-R results, so I was wondering how you could check for that. When I look at the A-R headers in my mailbox, I see results for DKIM, DMARC, and SPF. If DKIM2 recipients undo the changes and check the chain of signatures, they're going to know about each DKIM2 signature anyway. You can't recheck the SPF result, but we all seem to agree that if SPF isn't dead, it should be. If you have the DKIM results, it's trivial to figure out DMARC alignment. I don't see anything useful in the A-R header that the recipient doesn't know, or couldn't easily figure out. Am I missing something? R's, John _______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
