just one comment:
> Section 5.3 paragraph 3: "MUST match the value found in the filename"
> but the value in the filename is only a recommendation (section 5.1). I
> continue to lean toward not depending on values in other than the
> message body (single source of truth).
I believe that this section describes how the "TLS-Report-Submitter" is filled
by sender, not how it is checked by the receiver. Section 5.6. already states
that the report body is the only authoritative source for receiver.
I agree that the current wording is a confusing and can be improved. For
When constructed the "TLS-Report-Submitter" value MUST match the value in the
filename (if it is present there) and the [RFC5321] domain from the
"contact-info" from the
report body. These message headers MUST be included and should allow
for easy searching for all reports submitted by a report domain or a
particular submitter, for example in IMAP [RFC3501]:
Daniel, Alex, is this interpretation correct?
Uta mailing list