On Thu, Oct 27, 2022 at 7:45 AM Dotzero <dotz...@gmail.com> wrote: > This is why I don't believe "weak" should be included in any normative > manner. I'm not sure that it should be defined for reporting. I think a > better approach is some verbiage about weak signatures as a problem. > Perhaps for reporting something like "Local Policy: weak signature" but > leave it up to the validator to deal with the weak signature decision > outside of DMARC. It's really a DKIM issue. >
I think this is the simpler solution. Think of it as layers. DKIM is a layer below DMARC. The DKIM standard only stipulates a few possible results from looking at a signature: it validates (and the name of the validated domain is included), it doesn't validate, or there was an error. As that's the extent of the output, that's the extent of what DMARC knows, and we shouldn't presume to be able to include anything further in a report. -MSK
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
