On Wed, Apr 1, 2015 at 11:11 AM, John Levine <jo...@taugh.com> wrote:
> Has anyone looked at my double signing draft? The idea is the the > original sender (which we'll call, oh, Yahoo) puts on a very weak > signature probably only on From, Date, and Message-ID, with l=0 and a > new tag that says the signature is only valid if the message is also > signed by a specific other domain, call it ietf.org. It probably also > puts on an ordinary strong signature, too, and sends the message to a > list forwarder such as dmarc@ietf.org. The list does what it does, > and signs the message normally with d=ietf.org. That breaks the > strong yahoo signature, but the weak one is now valid in combination > with the normal ietf.org signature, so there's a valid d=yahoo > signature and DMARC is happy. > > The forwarder could of course do naughty things, but only the specific > forwarder to whom the message was sent, which greatly limits the scope > of damage. It's even more limited in the common case that the original > sender has a reasonably good idea who are likely to be the well > behaved forwarders and only puts the weak signatures on mail sent to > them. > Didn't we stalemate on the question of whether this has to be a whole new header field, or a "v=" increase? I seem to recall someone (Dave?) thinking both were horrible. -MSK
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
