I know I lost the argument on cv (I think cv is entirely superfluous and there's no point adding/signing a cv=fail header), but it seems the argument for that is more data. That said, this "either or" signing set thing on cv=fail seems pretty cumbersome.
You guys have looked at as many ARC signatures as anyone. Once the chain has a cv=fail do you learn anything useful from further seals?
R's, John
In 5.2, oldest pass is confusing, since it doesn't tell you whether the validation succeeds or not. I would take out steps 5-7 and add something to the INFORMATIONAL at the end like "A validator can check the AMS headers to estimate when in a chain of forwards the message was modified."
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc