we handle the ever-changing definition of "weak"?
>
>--
>Alex Brotman
>Sr. Engineer, Anti-Abuse & Messaging Policy
>Comcast
>
>> -Original Message-
>> From: dmarc On Behalf Of Scott Kitterman
>> Sent: Wednesday, October 26, 2022 10:27 P
On Fri 28/Oct/2022 16:49:22 +0200 Murray S. Kucherawy wrote:
On Fri, Oct 28, 2022 at 3:31 AM Alessandro Vesely wrote:
I beg to disagree. DMARC reporting is all about acceptance of a site's
cryptographic settings by remote receivers. Domain owners configure
their MTAs trying to follow the pr
On Fri, Oct 28, 2022 at 3:31 AM Alessandro Vesely wrote:
> I beg to disagree. DMARC reporting is all about acceptance of a site's
> cryptographic settings by remote receivers. Domain owners configure their
> MTAs
> trying to follow the prevailing trend. Doing so without feedback can
> cause
>
On Fri 28/Oct/2022 07:37:54 +0200 Murray S. Kucherawy wrote:
On Thu, Oct 27, 2022 at 7:45 AM Dotzero wrote:
This is why I don't believe "weak" should be included in any normative
manner. I'm not sure that it should be defined for reporting. I think a
better approach is some verbiage about weak
On Thu, Oct 27, 2022 at 7:45 AM Dotzero wrote:
> This is why I don't believe "weak" should be included in any normative
> manner. I'm not sure that it should be defined for reporting. I think a
> better approach is some verbiage about weak signatures as a problem.
> Perhaps for reporting somethin
On 10/27/22 16:04, John Levine wrote:
It appears that Brotman, Alex said:
How will we handle the ever-changing definition of "weak"?
...
There is no reason for DMARC to say anything at all about either
flavor of weak signature.
+1.
I was concerned we might be heading toward our own definit
On Thu, Oct 27, 2022 at 10:33 AM Brotman, Alex wrote:
> How will we handle the ever-changing definition of "weak"?
>
> --
> Alex Brotman
> Sr. Engineer, Anti-Abuse & Messaging Policy
> Comcast
>
>
This is why I don't believe "weak" should be included in any normative
manner. I'm not sure that it
How will we handle the ever-changing definition of "weak"?
--
Alex Brotman
Sr. Engineer, Anti-Abuse & Messaging Policy
Comcast
> -Original Message-
> From: dmarc On Behalf Of Scott Kitterman
> Sent: Wednesday, October 26, 2022 10:27 PM
> To: dmarc@ietf.org
On October 26, 2022 11:56:31 PM UTC, Steven M Jones wrote:
>On 10/26/22 16:45, Neil Anuskiewicz wrote:
>>> On Oct 26, 2022, at 3:48 AM, Douglas Foster
>>> wrote:
>>>
>>>
>>> Murray first raised the issue of weak signatures.
>>> ...
>>>
>>> Weak results need to be part of the aggregate repo
Yes, I was planning to follow Murray's lead and leave "weak" defined only
as a judgement applied by the evaluator, indicating that the signature is
not fully acceptable to his network for some reason.
Doug
On Wed, Oct 26, 2022, 7:56 PM Steven M Jones wrote:
> On 10/26/22 16:45, Neil Anuskiewicz
On 10/26/22 16:45, Neil Anuskiewicz wrote:
On Oct 26, 2022, at 3:48 AM, Douglas Foster
wrote:
Murray first raised the issue of weak signatures.
...
Weak results need to be part of the aggregate report so that domain owners
understand the importance of moving from weak to strong signatures.
> On Oct 26, 2022, at 3:48 AM, Douglas Foster
> wrote:
>
>
> Murray first raised the issue of weak signatures. Ale has revisited the
> topic by mentioning the transition to newer hash algorithms. We know that
> encryption algorithms get retired over time, and the time sequence looks li
Murray first raised the issue of weak signatures. Ale has revisited the
topic by mentioning the transition to newer hash algorithms. We know that
encryption algorithms get retired over time, and the time sequence looks
like this:
- trusted
- deprecated
- not trusted
When applied to DKIM signat
13 matches
Mail list logo