Here's what I did. Whadda ya think?
The goal here is not acceptance, but deterministic results from the authentication layer.
Well, that's the problem. The current spec has a well defined rule that a verifier uses on the headers and body and the key from the DNS. Either the signature's valid or it isn't. The recipient can certainly decide to do whatever it wants with that bit, but it's one well defined bit.
Unless I'm misreading these drafts, the signature now says "I took the message, and then I deleted this part, and then I added that part" or the like. While it's likely possible for the recipient to say, yes, that's what you did, the recipient still has to make up its own rules about what transformations it likes, probably including body filtering of new parts.
That seems too squishy to have much hope of interoperating. Regards, John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc