Re: [dmarc-ietf] Minutes from IETF 112

2021-11-18 Thread Dotzero
On Thu, Nov 18, 2021 at 3:51 PM Douglas Foster < dougfoster.emailstanda...@gmail.com> wrote: > Don't the alignment rules allow any DKIM signature for the organization to > validate any FROM address for the organization -- up, down, or sideways? > > To use the sideways example, this means that an R

Re: [dmarc-ietf] Minutes from IETF 112

2021-11-18 Thread Douglas Foster
Don't the alignment rules allow any DKIM signature for the organization to validate any FROM address for the organization -- up, down, or sideways? To use the sideways example, this means that an RFC 5322.From address of " u...@security.example.edu" can be validated for DMARC: - by SPF PASS on an

Re: [dmarc-ietf] Minutes from IETF 112

2021-11-18 Thread John Levine
It appears that Todd Herr said: >It seems to me that DMARC already provides the ability for >security.example.edu to ensure that no other part of example.edu can send >mail on their behalf. To accomplish this, security.example.edu can today: > > - Publish an SPF record listing only hosts under

Re: [dmarc-ietf] Minutes from IETF 112

2021-11-18 Thread Todd Herr
On Thu, Nov 18, 2021 at 8:11 AM Douglas Foster < dougfoster.emailstanda...@gmail.com> wrote: > > Do we want to provide a sub-tree alignment option? > > Suppose that “security.example.edu” does not want any other part of “ > example.edu” to be sending emails on their behalf, so they want to limit >

Re: [dmarc-ietf] Minutes from IETF 112

2021-11-18 Thread Douglas Foster
Consensus on Tree Walk? A comment in the minutes suggested that consensus was forming around Tree Walk for Policy Discovery. I do not have that impression. Instead, the "strongly favor" and "strongly oppose" voices seem about equal, with the balance determined by those who, like myself, are tep