I've also tried rolling up the comments in this thread as well. Below is
the result:
-Wei
=====
1. Introduction, 3rd paragraph insert after first sentence:
In addition, the choice of permitted authentication methods, SPF or DKIM,
method MAY be explicitly specified, potentially to restrict the supported
authentication methods.
4.3 Authentication Mechanisms append:
Domain Owners and PSOs MAY explicitly specify the supported authentication
methods via the OPTIONAL auth tag. The value is a colon ':' separated list
of supported authentication methods. The order of the list is not
significant, and unknown methods are ignored. An aligned passing result
for any listed method indicates a DMARC pass. An empty list of methods is
a syntax error. If auth is unspecified, the default is "spf:dkim" and both
DKIM and SPF authentication methods are supported.
5.3 General Record Format insert:
auth: (colon-separated plain-text list of dmarc-methods; OPTIONAL; default
is "spf:dkim")
Indicates the supported authentication methods. The order of the list
is not significant and
unknown methods are ignored. Possible values are as follows:
dkim: Authenticate with DKIM
spf: Authenticate with SPF
An empty list of methods is a syntax error.
If any listed method passes and is aligned, then DMARC passes.
5.4. Formal Definition insert:
dmarc-method = "dkim" / "spf"
dmarc-auth = dmarc-method *(*WSP ":" *WSP dmarc-method)
Tag Name
Value Rule
auth. dmarc-auth
On Mon, Aug 7, 2023 at 2:30 PM Murray S. Kucherawy <[email protected]>
wrote:
> Fine with me, just wanted to ask the question.
>
> -MSK, hatless
>
> On Mon, Aug 7, 2023 at 1:48 PM Barry Leiba <[email protected]>
> wrote:
>
>> Indeed. We can do what we've done in other cases: create a registry
>> if/when we add something else later.
>>
>> Barry
>>
>> On Mon, Aug 7, 2023 at 4:11 PM Scott Kitterman <[email protected]>
>> wrote:
>> >
>> >
>> >
>> > On August 7, 2023 7:47:03 PM UTC, "Murray S. Kucherawy" <
>> [email protected]> wrote:
>> > >On Sat, Aug 5, 2023 at 1:09 PM Tim Wicinski <[email protected]>
>> wrote:
>> > >
>> > >> Based on the ABNF in -28, how about something like this:
>> > >>
>> > >>
>> > >> dmarc-method = "dkim" / "spf"
>> > >>
>> > >> dmarc-auth = "auth" equals dmarc-method *(*WSP "," *WSP dmarc-method)
>> > >>
>> > >>
>> > >> I think this "should"(*) allow for all permutations but also
>> simplifies
>> > >> it, and I agree with Barry it should be simpler.
>> > >>
>> > >
>> > >This looks good to me, except to be consistent with DKIM (from which
>> this
>> > >general syntax was borrowed) I'd suggest:
>> > >
>> > >* using colon as the separator rather than comma
>> > >* WSP and CFWS should follow whatever we did for other tags
>> > >* don't allow an empty list; I can't think of any DKIM or DMARC tag
>> that
>> > >accepts a list and also allows an empty value
>> > >
>> > >If we think we might add "arc" or something else in the future, do we
>> need
>> > >a registry of supported methods? If not, we'll have to rev DMARC every
>> > >time a new one comes into favor.
>> >
>> > I think we don't need a registry. Rationale:
>> >
>> > 1. There is no additional method that's being contemplated (whatever
>> ARC is, it's not a first class alternative to SPF or DKIM).
>> >
>> > 2. Currently, we have text in the specification to describe how to use
>> the output of SPF and DKIM for DMARC. I don't think there's much prospect
>> any new method wouldn't need something similar.
>> >
>> > I think a registry would only complicate things and wouldn't actually
>> be helpful.
>> >
>> > Scott K
>> >
>> > _______________________________________________
>> > dmarc mailing list
>> > [email protected]
>> > https://www.ietf.org/mailman/listinfo/dmarc
>>
>> _______________________________________________
>> dmarc mailing list
>> [email protected]
>> https://www.ietf.org/mailman/listinfo/dmarc
>>
> _______________________________________________
> dmarc mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/dmarc
>
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
