On Wed, May 20, 2015 at 6:20 AM, Rolf E. Sonneveld < [email protected]> wrote:
> > It is fairly common for a system to shutdown while being > > patched whenever an active exploit is noticed. Undelivered > > messages are then queued and retried later. Unreasonably > > short expiry will once again make DMARC a primary cause for > > message disruption whenever DMARC asserts inappropriate > > handling requests. > > Doug rephrased my concern about short expiry times quite well. Of course > author domains are free to choose what expiry they want, but the question > is: is it OK to design a(n extension to a) protocol which don't take the > existing status quo of Internet mail into account? > I don't think it's at all the case that we're not taking the existing status quo into account. In fact I'm explicitly saying the opposite: Operators need to select expiration times that balance the expected flow of email (with its typical and atypical patterns) with the security concerns of a signature that has a risk of abuse, and we would do well to remind them of this, either explicitly or by reference. -MSK
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
