[dmarc-ietf] Security Considerations in aggregate-reporting

2024-03-22 Thread Matthäus Wander
The Security Considerations section of aggregate-reporting-14 currently consists of a placeholder. Suggested text follows. 7. Security Considerations Aggregate reports are supposed to be processed automatically. An attacker might attempt to compromise the integrity or availability of the

Re: [dmarc-ietf] no DMARC result for DKIM testing and policy

2024-03-22 Thread Benny Pedersen
John R. Levine skrev den 2024-03-22 19:22: On Fri, 22 Mar 2024, Benny Pedersen wrote: to confusion about DMARC and DKIM test flags. This document is already too long and too late. Unless there is an actual problem to solve here, let's close the issue and finish up. why is dkim fail here

[dmarc-ietf] Policy Override in aggregate-reporting

2024-03-22 Thread Matthäus Wander
RFC7489 contains a description of the possible PolicyOverrideType values: While aggregate-reporting-14 uses the same set of values, the description is missing. I suggest to add it back as a new section into the main body. "sampled_out"

Re: [dmarc-ietf] Working Group Last Call on draft-ietf-dmarc-aggregate-reporting-14

2024-03-22 Thread Matthäus Wander
Matthäus Wander wrote on 2024-03-21 23:23: - 2.1: "In most cases, this will be a header_from element, which will contain the 5322.From domain from the message." Add: "There may be an envelope_from element, which contains the RFC5321.MailFrom domain." This paragraph could use some more

Re: [dmarc-ietf] no DMARC result for DKIM testing and policy

2024-03-22 Thread John R. Levine
On Fri, 22 Mar 2024, Benny Pedersen wrote: to confusion about DMARC and DKIM test flags. This document is already too long and too late. Unless there is an actual problem to solve here, let's close the issue and finish up. why is dkim fail here Because the mailing list modified the

Re: [dmarc-ietf] of course no DMARC result for DKIM testing and policy

2024-03-22 Thread John R. Levine
While I generally agree, DMARC for the last decade didn't have a testing flag. That's new in DMARCbis, so I don't think that's really germane. This particular thing is on us as a working group. RFC 6376 makes it quite clear on page 28 that DKIM verifiers ignore signatures with a t=y flag,

Re: [dmarc-ietf] no DMARC result for DKIM testing and policy

2024-03-22 Thread Benny Pedersen
John Levine skrev den 2024-03-22 03:52: According to Mark Alley : I don't feel particularly strongly about this, but I can see people thinking there's some correlation between DKIM testing and DMARC testing. It's not completely illogical, so it might be better to be explicit. Scott K