On September 1, 2022 6:05:29 PM UTC, Barry Leiba <[email protected]>
wrote:
>> As we may have mentioned a few times before. PSDs that send their own
>> mail are extremely rare. You can probably count them all on your fingers.
>>
>> I cannot understand why someone would want to introduce this giant
>> security risk to benefit a tiny exotic set of domains that is almost
>> too small to measure.
>
>Indeed: this *has* come up many times and continues to, in various
>versions. I think we need to settle this point clearly, so let's be
>clear about that now:
>
>The sense I get from discussions is that we *do* have rough consensus
>that we prefer not to cater to truly small edge cases, and that when
>we're proposing things that address them and try to close them we're
>doing it by way of being engineers and looking for that perfection.
>
>So the question: Does anyone *really* think we *do* have to close out
>these edge cases at the risk of complexity, incompatibility, or other
>down-sides? If you do, please explain why it's worth it and give a
>*real world* not theoretical example that shows the importance of
>doing so.
To this specific question, the reason I'm taking on the new proposed text is
that currently we have a reference to RFC 9091, which is a document the
DMARCbis will obsolete, if approved. As a result, I think we need to bring the
text into the new documents and drop the reference.
Due to the current way the documents are split, it's not just a simple
copy/paste. Everything about publishing DMARC records is in DMARCbis and
everything about sending aggregate and failure reports is in the respective
drafts for each.
As I get into it, I see that the current Privacy Considerations are very
incomplete (non-existent in DMARCbis), so not everything I'm proposing is
straight from RFC 9091.
Given the current emphasis on privacy in the IETF (and because it's the right
thing to do), we need to put some effort in towards getting that part of the
draft to be at least substantially complete and correct).
Scott K
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
