> -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of Steve > Atkins > Sent: Sunday, February 05, 2012 12:07 AM > To: Message Abuse Report Format working group > Subject: Re: [marf] Change request for AS, was Working Group Last Call on > draft-ietf-marf-as-05 > > > It seems to me what's in Section 6 is good advice for any ARF > > generation case. > > 6.3 isn't bad advice, but the justification of some of it is rather > specific to authentication failure reporting. Do we want to mandate > that anyone sending ARF reports of any sort MUST also publish SPF > records or send them with a NULL envelope sender? That requirement > isn't unreasonable in the case where you're talking about reports sent > in response to an authentication failure, where avoiding an > authentication failure in response to a report of authentication > failure is a reasonably belt-and-braces way to help avoid a mail loop - > but beyond that narrow scope it seems a bit of a reach. There are > people who consider SPF irrecoverably broken, yet still offer feedback > loops.
Perhaps a compromise then: If we agree to move Section 6 to the AS, mention that the advice of 6.3 is specific to authentication failure reports. > Some of it is specific to authentication failure reporting. As for the > rest of it, are they security concerns that should be discussed in > marf-as regardless of whether the DKIM/SPF docs want to reference them? > I'm thinking yes. Probably. > And (I'm going to regret asking this, I'm sure) where does draft-ietf- > marf-authfailure come into this? It has much the same security > statements and is already referenced by the SPF and DKIM failure > drafts, I think. That's true, and probably as a result of the fact that authfailure-report was the "master" from which these others were created at some point. If we're happy with what authfailure-report says, these sections could actually be dropped since the two reporting documents already normatively reference that one. -MSK _______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
