On 17/11/22 04:34, Alessandro Vesely wrote:
On Wed 16/Nov/2022 05:35:52 +0100 Roland Turner wrote:
> Not quite, because they're not usually applied when a message is forwarded
> intact. One outcome of the proposed WG might be to specifically encourage all
> MLMs to ARC-sign, even if they don't break the author's DKIM signature, in this
> case to facilitate path reasoning in addition to coping with DKIM-breakage.
Right. It'd be enough to require SPF pass of the last element of the chain,
besides AMS verification. That proves the ARC chain itself is not being
replayed. To me, it doesn't sound as an exaggerate requirement.
This is only true if the MTA hosting the MLM is the last element of the
chain, which is not necessarily true.
It is also not the case that a forwarding MTA will always change the
return path. meaning that there can quite reasonably be an SPF failure
at this step for legitimate email.
> (I forget the IETF language for this, but there's a distinction between
> documents which specify protocols and documents which provide guidance on their
> use.)
Application Statement?
That sounds like it.
- Roland
_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim