Re: [dmarc-ietf] reporting security requirements

Mon, 25 Jan 2021 13:06:28 -0800 


On 1/25/21 12:47 PM, Seth Blank wrote:
Entire sections of the document are devoted to preventing reporting abuse. Of course reviewing the security recommendations are part of the process of going standards track which we’ll be undertaking. 


As I said, it doesn't appear that there is a whole lot of agreement of 
what the requirements are. Getting a DISCUSS from a security AD is not 
usually the best time to deal with security issues.


Mike





If there are seeing specific operational issues that you believe 
require clarification in the document, please speak up.


Back to open tickets, please.


On Mon, Jan 25, 2021 at 12:41 Michael Thomas <[email protected] 
<mailto:[email protected]>> wrote:



    On 1/25/21 10:02 AM, Seth Blank wrote:
    > Michael, are you aware of anyone not following the guidance in the
    > document? This thread feels like we're discussing a non-issue.
    > Aggregate reports are already required to be authenticated and I'm
    > unaware of anyone sending failure reports, let along
    unauthenticated
    > ones. Is the language causing problems? Such problems have not been
    > brought to the list, and would be a good place to start if you
    want to
    > build consensus.

     From the looks of it, it doesn't seem like the security
    requirements of
    reporting was ever undertaken. There seems to be a wide range of
    disagreement even if there was given the thread from which this came.
     From there is actually text, to don't know if it's an issue, to
    there
    hasn't been a problem before (as if that were some sort of
    barometer),
    to authentication might inconvenience google, to contradicting your
    assertion that authentication in the way you mentioned can be done.
    Since this is going to proposed standard from informational, that
    is not
    a very good state of affairs, IMO.

    Mike


--
*Seth Blank*| VP, Standards and New Technologies
*e:*[email protected] <mailto:[email protected]>
*p:*415.273.8818



This email and all data transmitted with it contains confidential 
and/or proprietary information intended solely for the use of 
individual(s) authorized to receive it. If you are not an intended and 
authorized recipient you are hereby notified of any use, disclosure, 
copying or distribution of the information included in this 
transmission is prohibited and may be unlawful. Please immediately 
notify the sender by replying to this email and then delete it from 
your system.



_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc























					Reply via email to