On April 26, 2023 6:49:32 PM UTC, John Levine <jo...@taugh.com> wrote:
>It appears that Scott Kitterman <skl...@kitterman.com> said:
>>I'd like to see the 'SHOULD employ a secure transport mechanism' section
>>added back in. As I mentioned in another message, I think
>>IETF policy based on RFC 7258 supports it. Alternately, something in privacy
>>considerations might be okay. I think it's better to
>>have the SHOULD, but I could live with that.
>
>Are you saying that reporters should probe the MX for the domain in
>the rua= and if they don't see STARTTLS, don't send the report? If
>not, what is a reporter supposed to do with the advice?
>
>If you really want it, it belongs in the discussion of the rua= tag,
>not in the reporting doc. By the time you've looked at the tag, you
>have no choice what transport mechanism to use.
>
I think if a non-encrypted transport is used there's a privacy issue with
sending the report. I think that's one approach.
Currently we have nothing about it in any document. I think the latest
revision introduced an undocumented privacy issue. I'm less bothered about how
we document it than that it be documented in some manner.
I think it's about sending a report, so the reporting document makes sense as
the place to document it. I think the easiest way to do so is just put the old
text back, but I'm open to alternatives.
Scott K
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
