On Thu, Sep 1, 2022 at 7:08 PM Scott Kitterman <[email protected]> wrote:
> > > On September 1, 2022 6:05:29 PM UTC, Barry Leiba <[email protected]> > wrote: > >> As we may have mentioned a few times before. PSDs that send their own > >> mail are extremely rare. You can probably count them all on your > fingers. > >> > >> I cannot understand why someone would want to introduce this giant > >> security risk to benefit a tiny exotic set of domains that is almost > >> too small to measure. > > > >Indeed: this *has* come up many times and continues to, in various > >versions. I think we need to settle this point clearly, so let's be > >clear about that now: > > > >The sense I get from discussions is that we *do* have rough consensus > >that we prefer not to cater to truly small edge cases, and that when > >we're proposing things that address them and try to close them we're > >doing it by way of being engineers and looking for that perfection. > > > >So the question: Does anyone *really* think we *do* have to close out > >these edge cases at the risk of complexity, incompatibility, or other > >down-sides? If you do, please explain why it's worth it and give a > >*real world* not theoretical example that shows the importance of > >doing so. > > To this specific question, the reason I'm taking on the new proposed text > is that currently we have a reference to RFC 9091, which is a document the > DMARCbis will obsolete, if approved. As a result, I think we need to bring > the text into the new documents and drop the reference. > > Due to the current way the documents are split, it's not just a simple > copy/paste. Everything about publishing DMARC records is in DMARCbis and > everything about sending aggregate and failure reports is in the respective > drafts for each. > > As I get into it, I see that the current Privacy Considerations are very > incomplete (non-existent in DMARCbis), so not everything I'm proposing is > straight from RFC 9091. > > Given the current emphasis on privacy in the IETF (and because it's the > right thing to do), we need to put some effort in towards getting that part > of the draft to be at least substantially complete and correct). > > +1 with Scott on improving the Privacy Considerations, which means I'll need to suggest some text. tim
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
