On Saturday, August 5, 2023 6:11:03 PM EDT Tim Wicinski wrote: > On Sat, Aug 5, 2023 at 6:00 PM Scott Kitterman <skl...@kitterman.com> wrote: > > On August 5, 2023 9:51:54 PM UTC, Tim Wicinski <tjw.i...@gmail.com> wrote: > > >On Sat, Aug 5, 2023 at 5:35 PM John Levine <jo...@taugh.com> wrote: > > >> According to Tim Wicinski <tjw.i...@gmail.com>: > > >> >-=-=-=-=-=- > > >> > > > >> >Based on the ABNF in -28, how about something like this: > > >> > > > >> > > > >> >dmarc-method = "dkim" / "spf" > > >> > > > >> >dmarc-auth = "auth" equals dmarc-method *(*WSP "," *WSP dmarc-method) > > > > > >1) I realize we may need someway to update the dmarc-method if a new one > > > > is > > > > >added (okay okay) > > > > > >> That looks OK, with large clear text saying that if any of the listed > > >> methods pass, it's aligned. > > > > > >2) I missed Scott's comment the default should be "spf,dkim" > > > > > >I wordsmithed Wei's definition above for Section 5.3 > > > > > > auth: (comma-separated plain-text list of dmarc-methods; OPTIONAL; > > > > > >default is "spf,dkim") > > > > > > Indicates the supported authentication methods. If more than one > > > > method > > > > >is specified, > > > > > > they are comma ',' separated without whitespace. The order of the > > > > list > > > > >is not significant and > > > > > > unknown methods are ignored. Possible values are as follows: > > > dkim: Authenticate with DKIM > > > spf: Authenticate with SPF > > > > > > An empty list indicates no authentication method is specified and > > > > DMARC > > > > >is disabled. > > > > > > If any listed method passes, then DMARC is aligned. > > > > > >Should I do a pull request etc, etc? > > Scott > > I'd prefer an empty list means the tag is ignored. I don't see a use case > > > for publishing a record that means DMARC is disabled. Also, I think it's > > confusing. I would find it more natural to mean no auth methods are used > > (i.e. everything fails), not DMARC is disabled. The canonical method for > > disabiling DMARC is to not publish a record. I don't think we need > > another > > way to express the same thing in a less clear way. > > Agreed. > > auth: (comma-separated plain-text list of dmarc-methods; OPTIONAL; > default is "spf,dkim") > Indicates the supported authentication methods. If more than one method > is specified, > they are comma ',' separated without whitespace. The order of the list > is not significant and > unknown methods are ignored. Possible values are as follows: > dkim: Authenticate with DKIM > spf: Authenticate with SPF > > An empty list indicates the tag is ignored. > > If any listed method passes, then DMARC is aligned. > > https://gist.github.com/moonshiner/70377e69d482e7bf3a927d5ac468babb > > > also " I don't think we need another way to express the same thing in a > less clear way." > > +eleventy billion
I missed this before ... Shouldn't "If any listed method passes, then DMARC is aligned." be "If any listed method passes and is aligned, then DMARC passes."? Scott K _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
