On 8/25/20 11:13 AM, John R Levine wrote: > On Tue, 25 Aug 2020, Dotzero wrote: >>>> I would expect there to be multiple potential approaches to >>>> identifying >>>> acceptable intermediaries. >>> >>> The harder part is to decide which intermediary gets to re-sign which >>> message at the time you apply the weak signature. >> >> It would have be the domain in the "To" field. It wouldn't work with >> random unknown intermediaries. It would address the MLM issue as long as >> the MLM domain is the same as the "To" domain when the message was >> originally sent. It could also presumably work for vanity domains if >> they >> DKIM sign. It wouldn't work for forwards on the receiver side that the >> sender is unaware of. > > If the list is somel...@lists.foo.org, does the signature have to be > d=lists.foo.org? How about d=foo.org? > > This seems like an analogous situation to the DKIM i= flag, where the domain MUST be the same as, or a subdomain of, the value of the d= flag. So I'd recommend allowing d=foo.org.
-Jim _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc