On Tue, 26 Jan 2021, Alessandro Vesely wrote:
Won't we put a DKIM-Signature: in the http: header?
Sheesh. That isn't mission creep, it's mission gallop.
The spec can be commissioned to a narrowly focused WG (like dcrup).
Really, no. It's something we might think about on its own merits some
other time, but its absurd to try to do it as a detour from DMARC.
If you want a domain identity (even though in this case it provides
nothing useful), what's wrong with a client cert? They exist, they
work, they have software support everywhere.
Even if you can deduce a From: email address after the Subject Alt Name, you
cannot reliably associate it to an organizational domain.
Sorry, that makes no sense at all. The cert has a domain name, or a bunch
of domain names. You can do exactly as much or as little with those
domain names as you can with the domain in an e-mail From: header. Keep
in mind, of course, that none of those domains have any connection at all
with the contents of an aggregate report, no matter how it is delivered.
Regards,
John Levine, [email protected], Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
