On April 26, 2023 7:22:55 PM UTC, "Matthäus Wander" <mail=40wander.scie...@dmarc.ietf.org> wrote: >Scott Kitterman wrote on 2023-04-26 21:05: >> I think if a non-encrypted transport is used there's a privacy issue with >> sending the report. I think that's one approach. >> >> Currently we have nothing about it in any document. I think the latest >> revision introduced an undocumented privacy issue. I'm less bothered about >> how we document it than that it be documented in some manner. >> >> I think it's about sending a report, so the reporting document makes sense >> as the place to document it. I think the easiest way to do so is just put >> the old text back, but I'm open to alternatives. > >Are you asking to enforce TLS on the reporter side or does opportunistic TLS >suffice? > >I interpreted the requirement as: SHOULD employ a secure transport mechanism, >*if supported by the report receiver*. > I think it would be crazy in 2023 not to use STARTTLS is offered. Personally I interpreted it more as employ a secure transport and think through if you really want to be sending the report if you can't.
I think there's some room for interpretation and I think that's fine. Scott K _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc