Hi Jim,

just one comment:

> Section 5.3 paragraph 3: "MUST match the value found in the filename"
> but the value in the filename is only a recommendation (section 5.1). I
> continue to lean toward not depending on values in other than the
> message body (single source of truth).

I believe that this section describes how the "TLS-Report-Submitter" is filled 
by sender, not how it is checked by the receiver. Section 5.6. already states
that the report body is the only authoritative source for receiver. 
I agree that the current wording is a confusing and can be improved. For 

   When constructed the "TLS-Report-Submitter" value MUST match the value in the
   filename (if it is present there) and the [RFC5321] domain from the 
"contact-info" from the
   report body.  These message headers MUST be included and should allow
   for easy searching for all reports submitted by a report domain or a
   particular submitter, for example in IMAP [RFC3501]:

Daniel, Alex, is this interpretation correct?

> -Jim


Uta mailing list

Reply via email to