Murray S. Kucherawy writes: > That means any actor inside "A" can sign mail that claims to come > from "B". So if "A" is compromised, "B" is hosed. The "B"s of the > world tend not to be so thrilled with this.
I think only Hector and Douglas would argue with you, and I predict they will. Let's agree to disagree, and move on to something that the rest of us think might possibly work if we fix a few details. > This "How do we populate the set?" is "the registration problem". > There are some implicit "safely" and "at scale" adverbs in there > too, just for flavor. Sure, but even with the adverbs it's not a "problem" for per-message delegation proposals like yours and John's. For those proposals, we already have technology in place for incoming messages (eg, Gmail user filters) which could easily be applied to collect information from incoming messages (and optionally from the users) and add delegation fields computed *per user* per *outgoing* message. It's a *task* with *costs* that can be estimated, they're not outrageous, and they provably scale because they're already implemented at scale (for different purposes). Those costs may still be too big to be justified by the prospective benefits, but we need to come to some consensus on protocols and how much risk of abuse they entail before we can estimate benefits, and compute benefit/cost ratios. _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc