Scott Kitterman <[email protected]> wrote:
>On Sunday, February 05, 2012 09:27:04 PM Murray S. Kucherawy wrote: >> - further, common-factor the Security Considerations stuff that's >applicable >> to both SPF reporting and DKIM reporting into the AS > >I'm against this. It's the wrong place for it (see my note to Barry). Now that there's an updated draft for last call, here are three additional last call comments: 1. If the DKIM and SPF drafts are supposed to be supported by this draft, then the discussion on reporting address discovery is inadequate. Those drafts enable domains to explicitly publish reporting addresses, so the heuristics for address discovery in this draft are inappropriate for those types of reports. My preferred solution to this problem would be to separate them again (not providing a recommended diff since it's just reverting some of the changes in the last update). 2. Strongly suggesting use of SPF is, in my opinion, not appropriate in a general document like this. The current text adds up to SHOULD use SPF. The way it was before (IIRC), SPF only came up in the SPF draft. I suspect a general SHOULD SPF is going to be a hard sell in a standards track document that's not limited in scope to domains already interested in SPF. 3. Due to now saying senders SHOULD use SPF in the envelope sender selection paragraph, the reference to RFC 4408 needs to be normative now. My solution for #2 and #3 is the same as #1. Scott K _______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
