On 4/9/2015 2:27 PM, John Levine wrote:
A database is still needed of which domains will have an
outbound mail stream with two signatures.
Sorry, no, that's completely wrong. Please reread the draft.
Do you have a reference point, text in the draft related to this to
clear it up?
How will signers know what domains will have the extra processing,
dual signature creation enabled? Does all outbound mail get dual
signatures? How will Yahoo know that ietf.org is an "authorized" 3rd
party signer in order for yahoo to create two signatures?
As you know this will create a major loophole. Your security section
admits as much to the security loophole.
--
HLS
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
