[Top] [All Lists]

Re: Need for secured email delegation workflow

2017-07-12 12:11:22
On Wed, Jul 12, 2017 at 12:56:56PM -0400, Viktor Dukhovni wrote:
It seems you want to authorize a third party to send email on your behalf.
It is not clear that logistical guidance of how to do is proper subject
matter for an RFC.

Why?  We have a whole area dedicated to Management and Operations,
including one named DNSOP.

Any process that the third party wants you to follow in order to register
with them to send on your behalf is I think outside the scope of IETF

The more general thing is that there is no way for a domain operator
to signal to a possible vendor its authority to allow said vendor to
operate $thing on the domain operator's behalf.  It would have been
nice if the protocol we stumbled into creating that was well-suited to
this (RDAP) didn't have a bootstrapping mechanism that was nailed to
the historical facts about whois, but some of us lost that fight in
the WG.  The way this is mostly done today is to put a bunch of TXT
records at the apex of the zone in question, thereby permanently
bloating DNS answers for large numbers of domains for no good reason
(and offering a useful amplification mechanism in passing).

I can think of more than one existing IETF standard that might be good
for this, but I can't think of one that solves the use case today.  It
might be a useful thing for some of us to discuss in the halls in
Prague.  If anyone is interested in having that conversation, please
contact me off-list.  I hear there is beer in Prague.  Maybe we can
arrange for various birds to get together in a bar rather than a hall.


Andrew Sullivan