On 5/24/19 7:37 AM, John R Levine wrote:
>> MTA-STS and TLSRPT started out as one document as well, and separated
>> quite cleanly IMO. I'm not sure what kind of incompatibilities you think
>> might be created.
>
> That's because they separated before they were published, so there was
> nothing to be incompatible with. If I knew what would break when
> reorganizing and rewriting a document into pieces, I could fix it, but
> since I don't, and nobody else does, let's not go there.
I hope this isn't devolving into a "we can't make any changes, because
it might break something" argument. If that's the case, there isn't
anything for IETF to do. But I can understand not wanting to make
changes without seeing clear benefit. Here are the benefits I see:
1. When an MTA product says that it "supports DMARC", does that mean
that it has to support both policy and reporting? RFC 7489 Section 8
seems to say so. Implementation of reporting introduces significant
complexity (aggregation of data into reports, provisions to verify
authorization of external destinations, etc.). This seems like it would
be a significant barrier to support of the policy piece of DMARC. Or
have all of the relevant MTAs already implemented this?
2. Along similar lines, I get confused when I hear that x% of {some set
of domains} has "deployed DMARC". What does that mean? Have they
asserted a particular policy? Are they generating reports? Both? Either?
Perhaps there is a marketing benefit to leaving this fuzzy, but I'm an
engineer and I want to know what the statistics mean.
-Jim
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
