On 5/5/2015 2:26 PM, Douglas Otis wrote:
Dear Murray and Hector,
,--
DMARC could make an
assertion of "sam=tpa; and tpa=third-party-authority.example.com;"
when the DMARC domain offers the Specific Advisory Methods "sam="
tag indicating the third-party advisory methods supported. The
"tpa=" tag can also indicate the domain location where third-
party-authorization hashes have been consolidated with an assumed
prefix of "_smtp._tpa.<tpa-domain>".
'--
First, it needs to protect the 1st party. The "tpa=" tag does offer
a method to allow outsourcing. As long as it remains a choice of the
first party, under control of the first party, and it defaults to the
first party, then it offers something worth while.
Corollary: Do not mandate a "Batteries Required" 3rd
party trust system.
Second, this would be a DMARC extension, so it would piggy back off
the DMARC call already being made. At most, there would be two DNS
calls. But there is no dependency on DKIM signer/verifier code change.
Third, a "sam=" tag can be used to support different methods,
including Levine's in-band method.
I think we will need the "hash=" tag to define how a lookup hash is
done, if any, default none. But in my ATPS experience, this was the
hardest part. Keep it simple.
I can support a simple spec that is basically a lookup as you
described above, with a first party priority.
--
HLS
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
