Re: [marf] Comments on draft-ietf-marf-authfailure-report-01.txt

Sat, 01 Oct 2011 16:41:46 -0700 

At 12:58 13-09-2011, Barry Leiba wrote:

Let's say that this now officially starts working-group last call on
draft-ietf-marf-authfailure-report-02 (


In the Abstract:

  "This memo registers an extension report type to ARF to be used for
   reporting forensic information about messages that fail one or more
   message authentication schemes in use by the purported sender of the
   message."


The term purported sender sounds like one borrowed from SPF.  DKIM 
does not use such a term.  I suggest reusing some wording from ARF 
such as "to report feedback about received email" or use the text 
from the Introduction section.


In Section 3:

  "The current report format defined in [ARF] lacks some specific
   features required to do effective sender authentication reporting."


I don't think that "sender authentication reporting" is the 
appropriate term.  Please let me know if the comment is unclear and I 
will expand on it.


  "Authentication-Results:  This field MUST be formatted as defined in
      [AUTH-RESULTS], except that it MUST include explicit results for
      both DKIM and SPF."

John Levine already commented on this.

  "Reported-Domain:  As specified in [ARF].  This field MUST appear
      exactly once."

This is an optional field in ARF which can appear more than once.

  "If this information is either not available at the time the
   report is generated, or the generating ADMD's policy requires it
   be redacted, a value of 0.0.0.0 MUST be used."

Why must 0.0.0.0 be used?
In Section 3.2.1:

  "policy:  The message was not delivered to the intended inbox due
         to authentication failure.  The specific action taken is not
         specified."

The term "policy" is confusing.  is this a "discard"?

In Section 3.3:

  "The DKIM-ADSP-DNS field MUST be included in the report."

What is the DKIM-ADSP-DNS field?


Section 7.4 discusses about Envelope Sender Selection.  I suggest 
reusing the idea from Section 5 of RFC 5965 as it is easier to build upon ARF.



The DKIM reference should be updated to RFC 6376.  MAIL should be 
updated to RFC 5322.


In Appendix B:

Please point to the relevant RFC instead of http://www.mipassoc.org/arf/

Regards,

-sm 


_______________________________________________
marf mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/marf



























					Reply via email to