On Wed, May 24, 2017 at 4:10 PM, Brandon Long <bl...@google.com> wrote:
> I think the default using the open* libs is to do so, so probably. OTOH, > how to do so seems fairly obvious, I'm not clear on why doing so needs to > be specified. Being sure the spec specifies that only one is allowed, > definitely. > > Brandon > Yes, the open* libs create multiple AR headers, there are even various open source tools (like https://github.com/RunasSudo/combineAR) to combine them. While addressing multiple AR handling in openarc (which was immediately necessary when running it alongside opendkim and opendmarc), how to do so was not explicit in the spec, hence the question. Agreed that we're only talking about a single AAR per hop. Also agreed the solution appears as straightforward as just combining all AR results from your ADMD into a single one and then turning that into the AAR. But I'm uncertain if that's the method the group thinks is appropriate and if there's been any earlier conversation around this. Regardless, there are already implementations that do this in different ways, so I'd argue clarity in the spec is a good thing. Especially since just grabbing an existing AR header might prove lossy in a way that makes original message disposition impossible to determine for a final receiver. If we're in agreement, I would suggest adding the following sentence to the first paragraph of https://tools.ietf.org/html/dr aft-ietf-dmarc-arc-protocol-03#section-5.1.3 : "The AAR should contain all Authentication-Results results from within its ADMD, regardless of how many Authentication-Results headers are on the message." I think between that and the third paragraph of the section, the above "obvious" solution becomes the only possible solution allowed per spec. Thoughts? -- [image: logo for sig file.png] Bringing Trust to Email Seth Blank | Head of Product for Open Source and Protocols s...@valimail.com +1-415-894-2724 <415-894-2724>
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
