On Thu, 8 Nov 2007, Michael Thomas wrote:
Maybe rather than proposing a change, it might be more productive to
talk through what the problem actually is? I'm not convinced that random
reports from potentially untrustworthy outsiders is what's wanted here.
I'm not sure I should defend someone else's position directly. I just
said I'd provide language as a starting point given the suggestion I
received at MAAWG and thus initiate this discussion.
That said, originally I had some motivation during the initial
interoperability testing of DKIM over a year ago; specifically, it was
nice to have someplace to send diagnostic reports (canonicalizations,
etc.) when verifications failed. I still find that practise useful, and
that's the motivation for adding something like "report=" (probably just
"r=") to key records as well.
That's till my own motivation, but there are now others such as the one
described in my previous message. Those people (hopefully they're
subscribed here) should provide their own support for the proposal.
Moreover, I would think an SSP publisher who elects to use the "report="
option does so knowing the risks involved. Perhaps we have to enumerate
some of those risks in this specification, but that doesn't make it an
entirely bad idea.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html