Scott Kitterman wrote on 2023-04-26 21:05:
I think if a non-encrypted transport is used there's a privacy issue with
sending the report. I think that's one approach.
Currently we have nothing about it in any document. I think the latest
revision introduced an undocumented privacy issue. I'm less bothered about how
we document it than that it be documented in some manner.
I think it's about sending a report, so the reporting document makes sense as
the place to document it. I think the easiest way to do so is just put the old
text back, but I'm open to alternatives.
Are you asking to enforce TLS on the reporter side or does opportunistic
TLS suffice?
I interpreted the requirement as: SHOULD employ a secure transport
mechanism, *if supported by the report receiver*.
Regards,
Matt
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc