On October 27, 2023 5:54:03 PM UTC, Alessandro Vesely <ves...@tana.it> wrote:
>On Fri 27/Oct/2023 12:34:11 +0200 John Levine wrote:
>> It appears that Scott Kitterman <skl...@kitterman.com> said:
>>>> That is unfortunately true, but if we could decouple the DMARC from SPF,
>>>> then at least we could fix the situation at some point...
>>>
>>> I propose that we not repeat this discussion and instead, try to focus on
>>> finishing.
>>
>> If there isn't a consensus to do a DKIM-only feature, which seems to be the
>> case, I agree, wrap up the few minor editorial issues and we're done.
>
>
>The two reasons I see against the DKIM-only feature are that it can be fixed
>in SPF and a generic resistance to complications.
>
>If we add the feature, we should in any case exemplify how to fix SPF, saying
>that doing so is safer, at least until all DMARC software has acquired the new
>feature. As the addition would be understood as a response to the known
>vulnerability, it will likely be spread.
>
>As many of us consider it cleaner to have DMARC based on DKIM only, having
>that possibility as an option is a first step in that direction anyway. The
>thesis that DKIM is enough has been opposed but the only cases where SPF saves
>the day seem to be software bugs. The DKIM-only feature would allow to probe
>that thesis, which fixing SPF records would not.
>
What do we know now that we didn't know the last time we decided not to go DKIM
only? I'd argue there's nothing and endless relitigation of issues like this
is making it impossible to actually accomplish what we're chartered to
accomplish.
Let's either focus and finish or give up and close the group.
Scott K
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
