On Fri, Jul 27, 2018 at 10:21 AM, Murray S. Kucherawy <superu...@gmail.com> wrote:
> On Fri, Jul 27, 2018 at 8:35 AM, Seth Blank <s...@sethblank.com> wrote: > >> The verification algorithm is straightforward. If you receive a chain >> that ends with cv=fail stop your evaluation, you’re done. There’s no >> separate validation path here. >> > > Then why bother signing anything when you affix "cv=fail"? > Because adding your ARC Seal over the chain guarantees that the receiver has a complete list of everyone who modified the message up until the failure. Without this signature any failures cannot be localized, and any ARC data in a failed chain could not be trusted. This data is crucial for analysis, understanding the experiment, and reporting back accurate and untampered information.
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc