I interpreted John's proposal to mean a DKIM verifier would not pass a signature with "@fs=" unless it was also accompanied by a signature from the "fs" domain. Thus, the modified result logic is completely within the DKIM module, which DMARC then consumes. It's a much cleaner separation of function that way.
Yes, exactly. The idea was also that the new @ (or ! or whatever) modifier allows people to add new mandatory tags in the future that DKIM will understand but upper layer protocols don't have to.
Regards, John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc