-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Thu 03/Dec/2020 18:08:50 +0100 John R Levine wrote: >>> When this came up before someone said that reports can be extremely >>> large, many megabytes. An HTTP POST or PUT is a much better way to send >>> that. >> >> However faster, an https PUT/POST at midnight arrives later than a mailto at >> midday. > > I'm sorry but this makes no sense at all.
I said so because you said https is faster. The spec is unclear about intervals, but this is matter for another ticket. > Why do you believe that people would not send reports by mail and by https > at the same time? Oh my. Hadn't thought about that. It will certainly cause duplicates. >> Yes, PUT is better than POST. >> >> How about pgp-signing the file with the dkim key? > > Sorry, that doesn't make any sense either. DKIM keys and PGP keys are > different. Hm... let me try and sign this message. $ cat delta.private | PEM2OPENPGP_USAGE_FLAGS=sign pem2openpgp "Delta selector <[email protected]>" | gpg --import Now I have: sec rsa1148 2020-12-03 [SC] 500982D49712C507C236B2D6B8ABBBF9A091CC0D uid [ unknown] Delta selector <[email protected]> $ gpg -u 500982D49712C507C236B2D6B8ABBBF9A091CC0D --clearsign < this text Can you verify it? I cannot find how to transform the delta selector public key into a pgp public key block. That is to transform this: $ eval $(digs delta._domainkey.tana.it txt |sed -rn -e 's/^"//' -e 's/" *"//g' -e 's/"$//p') && printf -- '-----BEGIN PUBLIC KEY-----\n%s\n-----END PUBLIC KEY-----\n' "$(echo $p |base64 -d |base64)" - -----BEGIN PUBLIC KEY----- MIGuMA0GCSqGSIb3DQEBAQUAA4GcADCBmAKBkA5YMrfcQD3kzCQJFRXLatbXbl6h07EE1TrJOVp9 4EeBV50QFuBIk0igZgPTA39O77mUyNii81hD4q2g9/Hoj9asqQHTTKjqk+gwZWC+X46K5BYSRPTC C9sidg20Laubyn0ATGaz+OyIl4JcE2rsEXwXLJ98OFEaa3gWyUVO9+lNwebs932bOtHbM2YpzJzE PQIDAQAB - -----END PUBLIC KEY----- To this: $ gpg --export --armor 500982D49712C507C236B2D6B8ABBBF9A091CC0D\! - -----BEGIN PGP PUBLIC KEY BLOCK----- mJ0EX8kn8gEEfA5YMrfcQD3kzCQJFRXLatbXbl6h07EE1TrJOVp94EeBV50QFuBI k0igZgPTA39O77mUyNii81hD4q2g9/Hoj9asqQHTTKjqk+gwZWC+X46K5BYSRPTC C9sidg20Laubyn0ATGaz+OyIl4JcE2rsEXwXLJ98OFEaa3gWyUVO9+lNwebs932b OtHbM2YpzJzEPQARAQABtCNEZWx0YSBzZWxlY3RvciA8cG9zdG1hc3RlckB0YW5h Lml0PojgBBMBCAA6FiEEUAmC1JcSxQfCNrLWuKu7+aCRzA0FAl/JJ/ICGwIGCwkI BwMCBxUKCQgLAwIEFgIDAQIeAQIXgAAKCRC4q7v5oJHMDfCfBHwKlNsrYbL+8uyb y1RBhP/epV0M9xTji9J4Tg2dHcZLgkq9odH7LbOBMuVlZxQ6ksJEVmh131CHHPCr /GmmQpsrxvpo0b5hXKRYTDqemwyvqNtWAMJpW4bLZ4XAy9c6fSICsXdfm8azKE8J jZeHlnxMnvqhctQXTFSeJ+Ijnyn2ZC31V5J2ZzCfXSpY/fxoteo= =KJkG - -----END PGP PUBLIC KEY BLOCK----- > It is hypothetically possible to sign an http transaction with DKIM Any example? > but that would be a giant distraction from what we're doing here. Should be optional, like DKIM-signing aggregate reports sent by mailto. Best Ale - -- -----BEGIN PGP SIGNATURE----- iMMEAQEKAB0WIQRQCYLUlxLFB8I2sta4q7v5oJHMDQUCX8k7GgAKCRC4q7v5oJHM DbyaBHwJ7JddtR6f9mAEF22QdZVX01ZQZagggwaqvHfXPWlD+wPafGH7Hi4dm4B+ Bh1BO/mevC5l0wYdLg5X2mTPhqNMzU+aCWz2MwdYK1iU2JQ6/KQOXpGZuhf597N0 BmRMpe56UDWt06wsE8cNUKmNiaVlJ6yaHXHSV5tUmcqXpXtGaqheAYxyY1BXepd5 KmcpmQg= =+5y4 -----END PGP SIGNATURE----- _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
