On Fri, Oct 28, 2022 at 3:31 AM Alessandro Vesely <[email protected]> wrote:
> I beg to disagree. DMARC reporting is all about acceptance of a site's > cryptographic settings by remote receivers. Domain owners configure their > MTAs > trying to follow the prevailing trend. Doing so without feedback can > cause > detachment from reality. > > RFC8601 provides for a result of dkim=policy, exemplified by a non-signed > Subject: field which makes a signature too weak in the eyes of the > receiver. I > imagine the same mechanism can be used for insufficient key size or > deprecated > SHA-1. Banning such result from being reported looks like unjustified > censorship. > > Rather, it would make reports more interesting to add some information > about > what Doug calls the deprecated zone, where my signature is accepted as a > boundary case. Finally, why can't I report that an 8k RSA key is > excessive? > Nobody is saying you can't report that. What I'm saying is that the DKIM specification doesn't require an implementation to tell you that. You should, therefore, not expect to be able to report that in all cases even if you really really want to. And if that's true, then requiring it in DMARC doesn't make any sense. We could say that if you have those details, it's really helpful to include them, but we can't require a report to include something that isn't guaranteed to be available. -MSK
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
