> >To make this really interoperable standard, we MUST have at least one > >MUST to implement authentication method, and we need to clearly > >express those requirements. > > That would be a seriously incompatible change to 7489, so definitely no.
More to the point, this is a very different situation to the usual one that Tero is thinking about. First, DMARC isn't doing authentication: it's using other mechanisms (DKIM, SPF) to authenticate a domain name, and then applying domain policy based on that. So it's not a question of making sure the authentication mechanism is interoperable in the sense of "is there a common crypto suite". Second, where a common crypto suite is needed, as with DKIM, we have it specified there. And third, the document does make it quite clear how to use DKIM and SPF within the DMARC protocol, and we have demonstrated interoperability there. Where there are interop issues (such as SPF always failing on re-sent messages), the DMARC spec discussed those situations and explains what the options are. I, as Tero, would greatly prefer us to just say "use DKIM and toss SPF for this purpose." Alas, we do not have rough consensus to do that, so we have to move ahead as we are. Barry _______________________________________________ dmarc mailing list -- [email protected] To unsubscribe send an email to [email protected]
