On Mon, Dec 7, 2020 at 2:18 AM Murray S. Kucherawy <[email protected]> wrote:
> On Tue, Dec 1, 2020 at 2:22 PM John R Levine <[email protected]> wrote: > >> We would like to close this ticket by Dec 15, two weeks from now, so >> short >> trenchant comments are welcome. >> >> Ticket #1 is about https reporting. Early drafts of the DMARC spec had a >> poorly defined http report which we took out. I propose we add back >> https >> reporting similar to that for mta-sts, with a POST of the gzipped report >> to the HTTPS URI. >> > > Was this requested by someone? > I don't recall a strong security and privacy concerns discussion around HTTP(S) reporting. Presumably the report contents are protected in transit but to what extent is access by arbitrary parties an issue. Notwithstanding that things like GDPR are political issues, they are worth noting as a real life operational consideration. Michael Hammer
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
