*Herewith are my notes that I was referring to when speaking today -
apologies for the weird line spacing that pasted itself in with the text...*
*3. Report about handling IETF Mailman*
We (Steve, Seth, Kurt) met with Henrik and Robert who support the IETF
mailman (2.x) on Tuesday. They are looking for two things before
implementing:
1. on the wire stability – spec locked (Kurt)
2. OpenSUSE packaging for an ARC implementation that can plug into
postfix before and after mailman (Seth)
*4. Open issues in the ARC specs*
*2. **Settled issues:*
a. Signing AAR within AMS – optional
b. cv=invalid collapsed into cv=fail (reasons for chain failure can be
structural, environmental (DNS failures), or invalid sigs)
c. A-R arc=policy added to pass|fail
d. Dealing with multiple A-R headers when ARC sealing
3. Language cleanup – in progress
a. Some challenges in describing how to handle algorithm evolution, but
working on it
b. Clarifying conveyance of ingress status to egress sealing
4. Signaling ARC participation – list discussion
5. Helping small receivers bootstrap “trust” – not a spec issue
6. AAR content and format (see below)
1. Standards status: Standards Track vs Experimental
a. If Experimental, what is the experiment and what constitutes success?
*5. Handling enhanced reporting*
- What should be reported in a DMARC report when ARC is involved?
Adding in connecting IPs and all selectors to help senders troubleshoot
problems – want to be able to provide the same level of detail that is
currently provided with DMARC first-receiver reports
- Where/when to report with ARC?
Each step should be reporting back to the 5322.MFrom domain – will generate
multiple reports for a message that goes through mediation steps; but
that’s an issue for the report consumers to reconcile
- Structuring ARC data info?
Package as a single line JSON in the comment? --> Fork to a separate spec
*6. Deployment discussion -- issues? Concerns? Nothing?*
1. We now have a couple of new implementations (rspamd +
Mail::Authentication – reflected in the next draft of the spec) and two
pending (Chris + Alexey)
*9*. *AOB Points*
1. Do we need to revisit the DMARC reporting to formalize how to report
local policy extensions like ARC?
2. What do we need in order to put DMARC onto standards track?
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
