> -----Original Message----- > From: John Levine [mailto:[email protected]] > Sent: Wednesday, October 12, 2011 11:15 PM > To: [email protected] > Cc: Murray S. Kucherawy > Subject: Re: [marf] New Version Notification - > draft-ietf-marf-authfailure-report-03.txt > > Hmmn. We already allow multiple groups each consisting of an auth-res > header each followed by some other stuff. I suppose we could define > subgroups consisting of auth-failure, then dkim-domain, then other > stuff. But I worry that people will get it wrong. Presumably an a-r > could report multiple failures but you only send a report for > the one that is likely to be of interest to the report target, so > we need to be sure that the target can tell which failure all the > subgroup stuff refers to.
The other idea I had borrows from a MIME extension: Authentication-Results*0: ... DKIM-Domain*0: ... DKIM-Selector*0: ... Authentication-Results*1: ... DKIM-Domain*1: ... DKIM-Selector*1: ... Not pretty, but it would work. I'm a little worried about the "send one report per authentication failure" because if I send a message with twenty bogus signatures bearing your domain name, that's an amplification attack. > I see that the ABNF in section 4 of the draft doesn't update the > feedback-report ABNF in section 3.5 of RFC 5965. It better do that > or there's no place in an ARF report where the new lines can occur. It's covered by "ext-field" in Section 3.5 of RFC5965, isn't it? _______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
