On Sun, Jun 8, 2014 at 9:06 PM, Hector Santos <hsan...@isdg.net> wrote:
> Fundamentally, any From-Corruption (good term to use) concept is bad. 30 > years of mail software/product/hosting development across multiple networks > tells me so, it ethically burns inside me as wrong and I have strong > confidence the IETF/IESG wise ones will agree. I hope you agree too. > I understand that this is your opinion and that you're passionate about it. I have no idea where consensus falls, and I don't think I've given it enough thought to have my own opinion yet. > You will need to add security information to your DMARC document as this > From-Corruption concept would be a security exploit that can potentially > get by RFC5322 validation checks that can hurt DMARC publishers and create > bad PR for the DMARC protocol itself. DMARC receivers will need to be > warned. > The base document doesn't advocate changing From as a method of solving anything. It only lays out the alignment requirement; compliance is an exercise for the reader (or for some other document). As far as I know, nobody's even suggested adding that to the base document, so I have no idea why you're threatening an appeal about it, or on what RFC2026 basis you might do so. Now, if someone were to write a draft that actually tries to codify this practice, then I agree, the security implications of doing so would need to be well documented. But that has yet to materialize, so I don't see what all the hubbub is about. -MSK
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc