Negative on software specifics. A general security principle is to not release configuration specifics that could be used against you to exploit a product-specific vulnerability.
Doug On Tue, Mar 28, 2023, 1:09 PM Alessandro Vesely <[email protected]> wrote: > On Tue 28/Mar/2023 17:49:57 +0200 Scott Kitterman wrote: > > I can live with it [the <discovery_method>] since it's optional (I > > don't think it'll get a lot of traction), but I do think it's > misplaced. I > > think it's metadata, not message data as it's about how the receiver > processed > > the message, not about anything that was found in the message. > > > Agreed, it should be in <report_metadata>, before <report_id>. > > In addition, couldn't we add there also a <reporting_software> or similar > element to write the name+version of the software that collected and > formatted > the data? The <discovery_method> probably depends on that, but possibly > also > on local system configuration. > > > Best > Ale > -- > > > > _______________________________________________ > dmarc mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dmarc >
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
