Murray, Personally, as a report reporter & report receiver, I would prefer to not try to figure that all out during generation/ingestion. I’m sure there some use case to be stated for storing/reporting unnecessary data elements that have “no bearing” on the outcome for DMARC. Or perhaps it could be perceived as a data leak to show where messages have passed on the way to their final destination. But point made, and if we go that route, we’ll be sure to include pros/cons. Thank you
-- Alex Brotman Sr. Engineer, Anti-Abuse & Messaging Policy Comcast From: Murray S. Kucherawy <[email protected]> Sent: Monday, January 25, 2021 12:20 PM To: Brotman, Alex <[email protected]> Cc: [email protected] Subject: Re: [dmarc-ietf] Which DKIM(s) should be reported? (Ticket #38) On Sun, Jan 24, 2021 at 4:25 PM Brotman, Alex <[email protected]<mailto:[email protected]>> wrote: Some time ago, an issue[1] was brought to the list where which DKIM(s) being reported is not clear in RFC7489 [2]. There was a short discussion, though no clear resolution before conversation trailed off. It seems like there were points that may need to be discussed. One was whether the reporting SHOULD report all signatures, regardless of alignment or validity, or perhaps just the one that aligns (if there is one). There was also another question if there should be a limit to the number of signatures reported so that it remains sane. A warning about use of "SHOULD" (or "RECOMMENDED") with respect to protocols: Text saying "implementers SHOULD do foobar" presents the implementer with a choice. If you're going to say that, you need to explain the choice; in particular, an implementer should have some idea of the circumstances under which she might legitimately not do what it says and what the implications of doing so are with respect to interoperability. A bare SHOULD, meant to be hand-wavy like "you really ought to do this, but you don't actually have to if you don't want to" is likely to draw attention. I've been kind of picky about this lately during IESG Evaluation. In this case, "reporting SHOULD report all signatures" -- why would you not? -MSK
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
