On Sat 16/Jul/2022 18:15:56 +0200 Scott Kitterman wrote:
However, if you're coding the tree walk, d=; forces you to consider the
assumptions you need to put on the input domain. Namely, it must neither
be the root nor a PSD. Right?
No. It doesn't come up. In 4.8, the input to the tree walk is "Any DKIM d=
domain if there is a DKIM pass result for the message for that domain." A
null d= can never verify, so it should never be used for the tree walk.
Good point. I'd note it in the spec.
Care must still be taken against malicious From:. Presumably the
tree_walk() call has a boolean "validated" argument.
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
