(dropping DMARC again)
On Wed, Nov 16, 2016 at 9:51 PM, Michael Storz
<Michael(_dot_)Storz(_at_)lrz(_dot_)de> wrote:
Version 01 is purely incremental, meaning you can just ignore the new
tags if you're more worried about breakage of forwarding than the
attack it's trying to address.
Optional for the sender, yes, but not for the receiving MTA. If the sender
decides to use the new Anti-Replay-DKIM-Signature and has published a DMARC
policy with reject or quarantine, then this policy is implicitly extended
with
"ooh, and btw reject/quarantine ALL indirect emails, even if a normal DKIM
signature could be verified"
That's not correct. The verifying MTA, if it doesn't know the new tags, is
unaffected by the new tags because RFC6376 directs the verifier to ignore
them. It's as if they weren't there.
-MSK
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html