Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-aggregate-reporting-10.txt

On April 27, 2023 3:36:29 PM UTC, Alessandro Vesely wrote: >On Thu 27/Apr/2023 16:11:17 +0200 Brotman, Alex wrote: >> In summary: >> >> “Report senders SHOULD attempt delivery via SMTP using STARTTLS to all >> receivers.  Transmitting these reports via a secured session is preferrable.” >>

Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-aggregate-reporting-10.txt

On Thu 27/Apr/2023 16:11:17 +0200 Brotman, Alex wrote: In summary: “Report senders SHOULD attempt delivery via SMTP using STARTTLS to all receivers.  Transmitting these reports via a secured session is preferrable.” I don’t think we should add this in +1, after we said there's (almost) no

Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-aggregate-reporting-10.txt

It appears that Brotman, Alex said: >You just want: > > Where the URI specified in a "rua" tag does not specify otherwise, a > Mail Receiver generating a feedback report SHOULD employ a secure > transport mechanism. Sure. That is at worst harmless. R's, John

Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-aggregate-reporting-10.txt

chanism. > >Restored in some useful place? > >-- >Alex Brotman >Sr. Engineer, Anti-Abuse & Messaging Policy >Comcast > >> -Original Message- >> From: dmarc On Behalf Of Scott Kitterman >> Sent: Thursday, April 27, 2023 10:26 AM >> To: dmarc@iet

Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-aggregate-reporting-10.txt

gt; -Original Message- > From: dmarc On Behalf Of Scott Kitterman > Sent: Thursday, April 27, 2023 10:26 AM > To: dmarc@ietf.org > Subject: Re: [dmarc-ietf] I-D Action: > draft-ietf-dmarc-aggregate-reporting-10.txt > > I think that the original wording, which is tech

Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-aggregate-reporting-10.txt

TLS. > > >-- >Alex Brotman >Sr. Engineer, Anti-Abuse & Messaging Policy >Comcast > >From: dmarc On Behalf Of Hector Santos >Sent: Wednesday, April 26, 2023 4:29 PM >To: Scott Kitterman >Cc: IETF DMARC WG >Subject: Re: [dmarc-ietf] I-D Action: >draft-

Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-aggregate-reporting-10.txt

I-D Action: draft-ietf-dmarc-aggregate-reporting-10.txt On Apr 26, 2023, at 3:50 PM, Scott Kitterman mailto:skl...@kitterman.com>> wrote: I think it would be crazy in 2023 not to use STARTTLS is offered. +1 Personally I interpreted it more as employ a secure

Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-aggregate-reporting-10.txt

will use TLS. -- Alex Brotman Sr. Engineer, Anti-Abuse & Messaging Policy Comcast From: dmarc On Behalf Of Hector Santos Sent: Wednesday, April 26, 2023 4:29 PM To: Scott Kitterman Cc: IETF DMARC WG Subject: Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-aggregate-reporting-10.txt On Apr 26,

Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-aggregate-reporting-10.txt

> On Apr 26, 2023, at 3:50 PM, Scott Kitterman > wrote: > > I think it would be crazy in 2023 not to use STARTTLS is offered. +1 > Personally I interpreted it more as employ a secure transport and think > through if you really want to be sending the report if

Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-aggregate-reporting-10.txt

On April 26, 2023 7:22:55 PM UTC, "Matthäus Wander" wrote: >Scott Kitterman wrote on 2023-04-26 21:05: >> I think if a non-encrypted transport is used there's a privacy issue with >> sending the report. I think that's one approach. >> >> Currently we have nothing about it in any document.

Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-aggregate-reporting-10.txt

Scott Kitterman wrote on 2023-04-26 21:05: I think if a non-encrypted transport is used there's a privacy issue with sending the report. I think that's one approach. Currently we have nothing about it in any document. I think the latest revision introduced an undocumented privacy issue.

Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-aggregate-reporting-10.txt

On April 26, 2023 6:49:32 PM UTC, John Levine wrote: >It appears that Scott Kitterman said: >>I'd like to see the 'SHOULD employ a secure transport mechanism' section >>added back in. As I mentioned in another message, I think >>IETF policy based on RFC 7258 supports it. Alternately,

Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-aggregate-reporting-10.txt

It appears that Scott Kitterman said: >I'd like to see the 'SHOULD employ a secure transport mechanism' section added >back in. As I mentioned in another message, I think >IETF policy based on RFC 7258 supports it. Alternately, something in privacy >considerations might be okay. I think

Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-aggregate-reporting-10.txt

On Wed, Apr 26, 2023 at 8:58 AM Scott Kitterman wrote: > I'd like to see the 'SHOULD employ a secure transport mechanism' section > added back in. As I mentioned in another message, I think IETF policy > based on RFC 7258 supports it. Alternately, something in privacy > considerations might be

Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-aggregate-reporting-10.txt

, April 25, 2023 9:41 PM >> To: i-d-annou...@ietf.org >> Cc: dmarc@ietf.org >> Subject: [dmarc-ietf] I-D Action: draft-ietf-dmarc-aggregate-reporting-10.txt >> >> >> A New Internet-Draft is available from the on-line Internet-Drafts >> directories. >&g

Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-aggregate-reporting-10.txt

neer, Anti-Abuse & Messaging Policy Comcast > -Original Message- > From: dmarc On Behalf Of internet-dra...@ietf.org > Sent: Tuesday, April 25, 2023 9:41 PM > To: i-d-annou...@ietf.org > Cc: dmarc@ietf.org > Subject: [dmarc-ietf] I-D Action: draft-ietf-dmarc-aggregat

[dmarc-ietf] I-D Action: draft-ietf-dmarc-aggregate-reporting-10.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This Internet-Draft is a work item of the Domain-based Message Authentication, Reporting & Conformance (DMARC) WG of the IETF. Title : DMARC Aggregate Reporting Author : Alex Brotman