I would like to see John Levine's BATV document revived from expired draft status https://datatracker.ietf.org/doc/html/draft-levine-smtp-batv
BATV is in use within the current mail stream, and one commercial product has cloned it to make a proprietary version of the same idea, so it is time to declare it a success. More importantly, it provides a general technique, based on signature and timestamp, which permits private communication between MTAs using insecure RFC5322 header fields. That technique has other uses. For example, A-R does not include a signature security mechanism, so implementers must be concerned about injection of spoofed A-R records. Because ARC is dependent on the secure transmission of A-R within one organization, weak A-R also weakens ARC. Both problems would have been avoided by using the BATV signature system, but expired drafts make poor reference documents for other RFCs Doug
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc