>The bottom part of Section 8.4 talks about not sending these automatically, >which >is kind of in line with what we tell people about FBLs. Should this just be >normative? It's the same as the DNS idea except the indication is explicit >rather >than something published, and we're not putting yet another record in the DNS.
The next question has to be: if you have an external source telling whose signatures to report, why wouldn't that source also tell you where to send the reports and how many to send? If it's supposed to be automatic, then I think it has to be reasonably resistant to abuse by hostiles, which in this case requires a hard-to-fake indication of whether you want reports. If it's manual, what's the point of a standard? R's, John _______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
