On 8/15/2018 11:30 AM, John Levine wrote:
In article <799c2b18-97fe-6e22-f2cf-49245ae9c...@gmail.com> you write:
So the extra mechanism is intended an efficiency hack.
No, it also documents the fact that the chain was broken when it
arrived at the cv=fail signer. Without it, a subsequent hop can't
tell. It probably won't make much difference to spam filters, but
it could be useful if you're trying to find and fix forwarders
that make gratuitous changes.
I think there's a modest benefit to signing with cv=fail, and since
you can't count on having a chain (even an invalid one) signing as
if it were cv=none seems reasonable.
Modest, indeed. Also unknown.
This is building in a permanent behavior, for a use that is, at best,
vague conjecture.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
