On Wed, Apr 12, 2023 at 5:20 AM Brotman, Alex <Alex_Brotman= [email protected]> wrote:
> There is a non-zero set of cases where the IETF prefers security over > interoperability. A document like RFC8997/8996 where we've deprecated > TLSv1 in because it was no longer secure. I assure you there are still > systems/users who have devices incapable of TLSv1.2. DNSSEC (and things > that depend on it) can break in "mysterious" ways (specific to DNSSEC) that > impact interoperability, but sites do so in the in the name of security. > > I think we all understand the inconvenience that DMARC can cause to a > subset of domains, or more accurately its users. 8996 has a section about > operational considerations, and discusses the impact of systems/users that > do not support TLSv1.2 and how it will break interoperability. Can we not > do similar in DMARCbis with a more lengthy section about the implications > of "reject"? Perhaps even expand it to cover the use cases of each policy > type, and the implications of each? > To my mind, there's a substantial difference between something like TLSv1 or HTTP whose deprecation excludes you from participating in something until you upgrade, versus the DMARC situation where because of an unfortunate interaction between A (e.g., me) and B (e.g., you) through intermediary C (e.g., this list), D (e.g., someone else) is negatively impacted. -MSK, participating
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
