On 1/25/21 10:02 AM, Seth Blank wrote:
Michael, are you aware of anyone not following the guidance in the
document? This thread feels like we're discussing a non-issue.
Aggregate reports are already required to be authenticated and I'm
unaware of anyone sending failure reports, let along unauthenticated
ones. Is the language causing problems? Such problems have not been
brought to the list, and would be a good place to start if you want to
build consensus.
The list seems to be digging in because no one has raised a use case
that shows a need to revisit the text. This was made worse by
asserting that reports must be authenticated, when the text already
makes that clear.
Obviously it isn't that clear. I looked for it and didn't find it.
Several people just asserted that it wasn't a problem instead of
pointing at the relevant text requiring it. Murray didn't seem to know
about it either. That tells me that the current text is not specific enough.
Ticket 99 is still in play, if and only if we decide on adding an
HTTPS transport for DMARC reports, of which historical consensus shows
this is unlikely. Let's press pause on that until the other discussion
is concluded, please.
This entire thread was by way of John Levine's proposing text for http
and me responding about how to authenticate it. If you have a problem
with that, take it up with him.
Mike
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
