I think so. Scott K
On April 27, 2023 2:49:07 PM UTC, "Brotman, Alex" <Alex_Brotman=40comcast....@dmarc.ietf.org> wrote: >You just want: > > Where the URI specified in a "rua" tag does not specify otherwise, a > Mail Receiver generating a feedback report SHOULD employ a secure > transport mechanism. > >Restored in some useful place? > >-- >Alex Brotman >Sr. Engineer, Anti-Abuse & Messaging Policy >Comcast > >> -----Original Message----- >> From: dmarc <dmarc-boun...@ietf.org> On Behalf Of Scott Kitterman >> Sent: Thursday, April 27, 2023 10:26 AM >> To: dmarc@ietf.org >> Subject: Re: [dmarc-ietf] I-D Action: >> draft-ietf-dmarc-aggregate-reporting-10.txt >> >> I think that the original wording, which is technology agnostic, is better. >> As you >> suggest, there are multiple ways to address the requirement and being overly >> specific will not age well. >> >> Scott K >> >> On April 27, 2023 2:11:17 PM UTC, "Brotman, Alex" >> <Alex_Brotman=40comcast....@dmarc.ietf.org> wrote: >> >In summary: >> > >> >“Report senders SHOULD attempt delivery via SMTP using STARTTLS to all >> receivers. Transmitting these reports via a secured session is preferrable.” >> > >> >I don’t think we should add this in, but receivers could deploy >> >DANE/MTA-STS if >> they wanted to ensure senders who honor those will use TLS. >> > >> > >> >-- >> >Alex Brotman >> >Sr. Engineer, Anti-Abuse & Messaging Policy Comcast >> > >> >From: dmarc <dmarc-boun...@ietf.org> On Behalf Of Hector Santos >> >Sent: Wednesday, April 26, 2023 4:29 PM >> >To: Scott Kitterman <skl...@kitterman.com> >> >Cc: IETF DMARC WG <dmarc@ietf.org> >> >Subject: Re: [dmarc-ietf] I-D Action: >> >draft-ietf-dmarc-aggregate-reporting-10.txt >> > >> > >> > >> > >> >On Apr 26, 2023, at 3:50 PM, Scott Kitterman >> <skl...@kitterman.com<mailto:skl...@kitterman.com>> wrote: >> > >> >I think it would be crazy in 2023 not to use STARTTLS is offered. >> > >> >+1 >> > >> > >> >Personally I interpreted it more as employ a secure transport and think >> >through >> if you really want to be sending the report if you can't. >> > >> >I think there's some room for interpretation and I think that's fine. >> > >> >I believe connectivity is independent of the application. >> > >> >All connections SHOULD assume the highest possible security available today. >> > >> >For unsolicited email, the presumption would be: >> > >> >Port 25 >> >STARTTLS >> > >> >If I was start performing reports (and I think I will), that is how I would >> >begin, >> naturally, with outbound SMTP clients with optional TLS if offered. >> > >> >Sorry if I was not focused with the main question, >> > >> >— >> >HLS >> >> _______________________________________________ >> dmarc mailing list >> dmarc@ietf.org >> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/dmarc__;! >> !CQl3mcHX2A!AVsdi1d3H3sasZaM8-wu8vjzqXURKE-7ScPmC46NRIUY1Bm- >> BCM87bHXhlrobfn5hRcqTP-Q-joOqGmXiPi-$ >_______________________________________________ >dmarc mailing list >dmarc@ietf.org >https://www.ietf.org/mailman/listinfo/dmarc _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
