On July 17, 2022 10:56:38 AM UTC, Alessandro Vesely <ves...@tana.it> wrote:
>On Sat 16/Jul/2022 18:15:56 +0200 Scott Kitterman wrote:
>>> However, if you're coding the tree walk, d=; forces you to consider the
>>> assumptions you need to put on the input domain. Namely, it must neither
>>> be the root nor a PSD. Right?
>> No. It doesn't come up. In 4.8, the input to the tree walk is "Any DKIM d=
>> domain if there is a DKIM pass result for the message for that domain." A
>> null d= can never verify, so it should never be used for the tree walk.
>
>
>Good point. I'd note it in the spec.
>
>Care must still be taken against malicious From:. Presumably the tree_walk()
>call has a boolean "validated" argument.
I don't see the need. This is a protocol specification, not an implementation
specification. If an implementer needs a warning to be careful with data
extracted from emails received from unknown sources, I doubt such a note will
save them from themselves.
Scott K
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
