I'm going back through this thread to try once more to get WG momentum on doing this work. If it fails, I'll look into taking it back to an individual submission and/or lowering it to "Experimental" status. Accordingly, I'm brewing up a new version now.
> -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of > John R Levine > Sent: Sunday, October 02, 2011 8:59 AM > To: ARF mailing list > Subject: Re: [marf] draft-ietf-marf-dkim-reporting feedback > > I presume the motivation for this is that you have a few people who > want to use it to debug DKIM failures. That's perfectly reasonable, > but if people already know each other, they can use private agreements > with no need to standardize anything. Actually, I think even private agreements to do this sort of work can benefit from a standardized approach, because then software can be shipped with the support in there, activated by the flip of a switch. In light of this... > This strikes me as a poor thing to standardize for a variety of > reasons. One is that the number of people debugging a protocol is less > by many orders of magnitude than the number who are just using it, and > to the users, debugging features are just cruft. Also, to some extent > this is an invitation to mailbomb anyone who uses it, and as Steve > noted, the people who you'd most want to implement this, the ones who > are smashing signatures on the way in, are the least likely to do so. ...I've added some text to Security Considerations that says if you want to do this, you shouldn't do it automatically; rather, only actually pay attention to "r=" if "d=" matches a domain for which you've agreed to do reporting. That should solve the mailbomb problem except for domains that want that kind of forensic information anyway. -MSK _______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
