IETF Logo Mail Archive

Re: [lamps] [EXTERNAL] Re: CAA processing for email addresses

Corey Bonnell <Corey.Bonnell@digicert.com> Fri, 09 December 2022 01:05 UTC

Return-Path: <Corey.Bonnell@digicert.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8FFBBC1524B8 for <spasm@ietfa.amsl.com>; Thu, 8 Dec 2022 17:05:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.094
X-Spam-Level:
X-Spam-Status: No, score=-2.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=digicert.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CQQ5Gu6i7HUg for <spasm@ietfa.amsl.com>; Thu, 8 Dec 2022 17:05:51 -0800 (PST)
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2071f.outbound.protection.outlook.com [IPv6:2a01:111:f400:7eaa::71f]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D859FC1516E3 for <spasm@ietf.org>; Thu, 8 Dec 2022 17:05:50 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Iv7ORfK2o6ooUl/6lVyJ25f4GUXEUqOYl0q6uB9SA0Fm5KMh5BDMEfviiggr8hIDhfbjgcJ73cofCFsD5xuy1TZ10tssiMHGurKqOcNvHovpokjlG+M2ECzjVETqhPhEK67zDJVuffS1MKVojGRn380Ryd3rAIL2kiew3TLc7JH0R4M3SFCzh9lkiJTbv6lwhMVXpaQUn6IcKy7Q4foUPiLhuNLGVah2vlC+v+vgWM6aCGQ00aSF4tFA8pePpERX/z2CA/PayiZJFckH/7nJIQ8y3BpSrAVUDAMqcwkCdyBW4+DpOj3yEKDQHKARnJGwxsIybnd0lF/xX+OXm0GCfw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=1CchojMuhsTYB8ZHoyJzLClw7U3Epqsct9tVf9P7MIY=; b=AJqPshoXApjHDsKLXA0lPptSZZ5wqPDdQb05QAlb3q9Won6G5oU05FvOxk39jbRscQ1Ocd3e14NBAkXf6kqyEOzVrkQCck4L+eHmdUsJP8/20fjjUS3kgwdVTtTFnT4I/wS3KF8M7WnfMOsmVmnQ8hXGb4+XPd24FXsacMIkjV0rUfGDInmxAhGFqsEkc4BYKtQmep+6R4sarI4BOh80ek829hwgwU0E6b0p2elneg+J9+D36cdcQ2GuTKiGN7ASXEgYassdTh3E1KtUCebdzbEtT6UjYAOKqIn9F2rEiLBVo5l56O/siBLlwZtnkNa36HQIRASgETlLV7qWDxwWPQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=digicert.com; dmarc=pass action=none header.from=digicert.com; dkim=pass header.d=digicert.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1CchojMuhsTYB8ZHoyJzLClw7U3Epqsct9tVf9P7MIY=; b=sWhbgpc+j8hscaGiZ4VVQSQzQg9QVgPybxfWp3P1ZQPBJFT+7qAJ6g3usRRax5mSUug0arKn3ivC24vWqlubHknXF1ykB+Z5qKh1/FDrUyVRMK9AKCxn1RO2wYHvh8SCeFByvrokzpzf6VeGCT/JcdMRncgzjB0dPx7ASX9siMh3kxJTEzKfKsZUDpu8xYRNxVZSoYWFZzpUuapvRBmBbeWkS7WvEP/5fQiQISvKuE7tk8O7DzT67DQJLK3HF9M4wDHMNc1Jq5HFBlJaDdug1u1ZWRmWx0POMDliCtKRvCm1H7pI1d6bEjyaLKfiQ2Y8D8bhHHVWQMrdqduzBnIEwg==
Received: from DM6PR14MB2186.namprd14.prod.outlook.com (2603:10b6:5:b6::16) by PH0PR14MB4653.namprd14.prod.outlook.com (2603:10b6:510:9f::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5880.14; Fri, 9 Dec 2022 01:05:47 +0000
Received: from DM6PR14MB2186.namprd14.prod.outlook.com ([fe80::c2c2:a770:a20b:58cf]) by DM6PR14MB2186.namprd14.prod.outlook.com ([fe80::c2c2:a770:a20b:58cf%5]) with mapi id 15.20.5880.014; Fri, 9 Dec 2022 01:05:47 +0000
From: Corey Bonnell <Corey.Bonnell@digicert.com>
To: Nicolas Lidzborski <nlidz=2Bietf=40google.com@dmarc.ietf.org>, Corey Bonnell <Corey.Bonnell=40digicert.com@dmarc.ietf.org>
CC: Antonios Chariton <daknob.mac@gmail.com>, "spasm@ietf.org" <spasm@ietf.org>
Thread-Topic: [lamps] [EXTERNAL] Re: CAA processing for email addresses
Thread-Index: AQHZBbVMoBTpHlEyQEGV1Ipc4AndO65ZdDCAgAAcEwCAATAWAIAAYgIAgATRWwCABMheoA==
Date: Fri, 09 Dec 2022 01:05:47 +0000
Message-ID: <DM6PR14MB21863776702DBF999DC27651921C9@DM6PR14MB2186.namprd14.prod.outlook.com>
References: <DM6PR14MB2186A5E0A82D87085564B90D92159@DM6PR14MB2186.namprd14.prod.outlook.com> <5d2804c9-cd04-14e8-9fad-91254212e04d@gmail.com> <DM6PR14MB2186880BB993689D6CE890F292159@DM6PR14MB2186.namprd14.prod.outlook.com> <3c5ce299-8647-c481-57d8-ca604a655e0c@cs.tcd.ie> <daba6e40-227e-6229-173d-c9085902af91@cs.tcd.ie> <CH0PR11MB5739CDF4AC9F496DA341DA249F159@CH0PR11MB5739.namprd11.prod.outlook.com> <87bfb6bc-24d0-fafc-d0b9-546640bda7c3@cs.tcd.ie> <CH0PR11MB57394997AEBA7EF1FA81C4D69F149@CH0PR11MB5739.namprd11.prod.outlook.com> <DM6PR14MB2186AC61073AA34BC230CE2B92149@DM6PR14MB2186.namprd14.prod.outlook.com> <CH0PR11MB5739C121E1D96CE28382B4D49F149@CH0PR11MB5739.namprd11.prod.outlook.com> <CAMm+LwiXQzN4O=efFg6e7U1C2oW7YFPbx51ZjLhMDL5Z0s87rg@mail.gmail.com> <876b96f2-4a51-df07-a31a-4fe6caafcb73@cs.tcd.ie> <CAMm+Lwh++P3uZA3VETyAODhAGVFh4_sQhRBX63_KesLKNc04+w@mail.gmail.com> <BEDF0316-E072-427A-B050-12EBB2068281@gmail.com> <DM6PR14MB218602CDD14762D46D72E72492189@DM6PR14MB2186.namprd14.prod.outlook.com> <CAAYYu_uKgbz_kwqv+Cf+NrHQ7WmnJX0nL-L9tFt6XksuYd40CQ@mail.gmail.com>
In-Reply-To: <CAAYYu_uKgbz_kwqv+Cf+NrHQ7WmnJX0nL-L9tFt6XksuYd40CQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=digicert.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DM6PR14MB2186:EE_|PH0PR14MB4653:EE_
x-ms-office365-filtering-correlation-id: 54feb637-9e93-4c29-6417-08dad981816a
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: +i4+PDYae5YFeDqL6XH/yDRvjHJ3Wo/+qdVSIz0Q7tgvkbz0fB0uoWjBk/gN1en5DuzG6Aagy5EQ/n79kiBmXUuiRL2IddJ5kA14VzfQNXknxSDs/VYSPVGDXBPcELahi76R5zi9ASPuzjQMt0vt2+0ox3m/YDqZCPQ9Set3hpRTAeHj40E7uWESVyQEvdOKdieFwIQl+xe244g3nMqwX/Q+SyRydIN/ckU3Y8Vedsmt8sTh0XsrkH8j3fdvqREIZTBKZDe7QSdOsC2/y7Lv3Nt/F+6rt8KkKVp6hYu/vEGIKlAxl14CIbXBZ+uebwLu/L3ygIr0YJurxlJtqW/XC/RnsNLpVsJh2kpGX8kpHzAEGVGkdebg89xIc2xmU9fLj2PaHKzWJAIxmyxv88vEbwZGbn4oWy2Gsn8Gdemh4/me0Dzo3Zp4IMKhK11LDNUcZJc2DC26JhXDvNjHWk6nrVEFRisvxgklGgHknFczguXzXhg2PJUoHnhR6PHomWGUdjzIVQvT76S6Uk4haPxqrqqkmr22bS1+jWeyIU5/bEgApahGPmS3t7TAeCOAwVt7PjLQj44SoU9Tz3O25IOK2pCdCCEB7PJzIk9tc+zYjkafiNHs35KRYSvIPf/+mEKSplsjJFXQXHWB4Q0BSIu4bV/Ijy3B2BInq7HpO+aJr2yq7JEo41MCttxv8jGZdC5st3UzMtXqoisyrMAx9HgL6YL8SNBdbjwhof4kMe0TsoT80zE+z3zZZxmuXx3klf1e
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR14MB2186.namprd14.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(366004)(396003)(346002)(376002)(136003)(39850400004)(451199015)(66556008)(33656002)(4326008)(2906002)(64756008)(55016003)(83380400001)(38070700005)(66446008)(66946007)(99936003)(41300700001)(66476007)(76116006)(122000001)(86362001)(52536014)(166002)(38100700002)(5660300002)(9326002)(9686003)(478600001)(53546011)(26005)(7696005)(8676002)(6506007)(966005)(8936002)(110136005)(71200400001)(186003)(54906003)(45080400002)(316002)(199583001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: qWjPnzNfVnpekGbFXsnq/Yoi8fCLkUImZ/KlhCl3kikxjEx9Oas1SkaeNbXWy0bNHleNWQSyYKofATpG3XTy2wace/fQlGbm5VUanJk2z/xJoe9a7h6ybkFSkGE4ueDiFKxpekTzS/dWM+1sVUJt8CpgRIW7YITKXUrbVjpmuYvegQOt1dNzec1Mgsywh51B9miGjpbCUgxRalXN/7g9hsa8ur+MnUXNwyhbGGa5HbKyG4JBCwAtm9JOvYlX7Sj+1exi/VRxo+H7fiQx6HREgwRJHY1mNMRQLai22zrLL6+b2fqD94GubziiOIojOk8ZF53VKGY9t9AE7CCl2MCRodfnXR0ZftgVYeQEn7WxQbyqxdABqurjymu4gLsNRMiLhvC+8+JA9Qfq9OH2BiNRJhIkQf8FYlDL9UbidlVqUKxqH9Bgim5Fc9BCAIbCWNk4TEZTiRLyhqXlZeDV+BpNFqaYUAIxtMuWswiuOyoWPOFR1HdHwkZFIEnWlDxu983f84sw+R37Yls0fMvVLtCnqYFcgNki+HKUAJISfyvm6LUW957SNSqsh/gByxAhmv2nKnj5xY7ROuQDHgTiB7AakfEZLWb9o0LLrIwAefOcchs8M8CzSqiQwfEl7VqnzjptAnoXqTMDsSzCJ4GCQFCI5kI5iS+jrVIpm8RJRWSbHFEvl8/NMCnpur0CRjBQoFL6RYed58J6E/ckNnRkMcbdk/yUbFhhmKhAru9I6kwkmzIcqw2VEvSGZkN1IXd1vX0amXDLCVvdTkJWS03FrZ8PfccXz1CcpeSqDXXZsBmvXRCcMZMPeckQXPG8qfvMvLgkImSkqdwEVUjFIpal2kfqtsJiCaxEXkShz63Prw5QxXqyEtgNCTLwTOVaUt6PxUdjGnL/ARWGf3Xcl1meJ3RuZiWXuASejqh1pnThV4Ywp0RudnSlQ+aqURQ+R0XFltk7BsnoQ81SuEJ/VJjfHDTitjrSNUtnvDR8002Rhbr9WNfswd4NYN10kIx+zFinjHhzjyOudWcm04y1vthmqyd3f4z/IQ19BtIYuWLnv1Wpwsp3b30RwaSXhFmIW0cSucycfS1bBblhHQAK9MwVUta5Q12D312IsPGe1lMGGMAZzCkP8s91ZHfVg5f+R4kUkTG3rzHShfFl7msBk4KhSfcLpLkh/XKfSfJ5UczAWjlCigij5RvbRoxDfESe1/Mzu4/N2jH493NJNVWxgKAKiua+VYQw3eGT+YUfPWd6kGgp+wOK6avsr7u0ARalWjOLz+YW+OgllqjWu9nj3ZbbgUXXFNVYbgGuOzuZmMjrEVgx8DZHMotHb4LX85E2ZD5MtvxNE86Q4eftStQ3DeGYfnwNArx7sutu8fiNU2Lzde1DAOqnS++ss3ILI1kMxE+1fbaJCDe8yY6u68ouWjngHz9X/5xVajqpXv4pOEeL3rnHhNqD//8SPI1BSqAaAdJKhjYh9OFEJ3UNa5S8zDZVe3a1xxapXZH3cqny6UzDJyJ1sWvA9WUyobduX7gH/F6/0OC/jAUnf08Qg1OYhv+nNBK9iV1Uh/E2LyL2/+IEL9jvIq/U73DIKYNM31LzrGBAXWO+fGQciGWwmX5pE8SRBBJ2Ew==
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="2.16.840.1.101.3.4.2.1"; boundary="----=_NextPart_000_00F7_01D90B40.73AC1450"
MIME-Version: 1.0
X-OriginatorOrg: digicert.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR14MB2186.namprd14.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 54feb637-9e93-4c29-6417-08dad981816a
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Dec 2022 01:05:47.1119 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf813fa1-bde5-4e75-9479-f6aaa8b1f284
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ur5nKPyP52mFzsMtr1yfrhB3okPAOIVbb2HheHi4i7jTES1I8SgimcgbGbAz3PJZkfenpdVsNmx+bnBr8r5e/MAHKkoBq9FWmxf7Chny+Fg=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR14MB4653
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/lzKhXFtWblwqHNf8scCSH6TRRgY>
Subject: Re: [lamps] [EXTERNAL] Re: CAA processing for email addresses
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Dec 2022 01:05:55 -0000

Hi Nicolas,

Thanks for raising this, reply inline.

 

*	Is there a reason the tags are not tied to the Key Usage of the certs? 

In particular for S/MIME, you may need to consider certificates only issued for digital signature and others only for encryption.

 

My current thinking on how CAA can be used to express more granular restrictions on issuance would be to define one or more parameters for the issuemail property tag to restrict the sub-types (signing, encryption, or dual use) of certificates that the single authorized CA can issue. I believe that such syntax would clearly delimit the semantics of different property tags and their associated parameters. Property tags are used to restrict the issuance of certificates that include particular names (in the S/MIME case, email addresses) to specific CAs. Parameters are then used to further restrict validation and issuance for those authorized CAs. For example:

 

CAA issuemail “ca.example.com” (restricts issuance to ca.example.com with no restrictions on key usage)

CAA issuemail “ca.example.com; key-usage=encryption” (restricts issuance to ca.example.com and further restricts issuance to encryption certs only)

 

I think it may be valuable to standardize such parameters to ensure that the parameter syntax for “S/MIME certificate type” is consistent across CAs as opposed to each CA defining their own bespoke syntax. One area that I’m mulling is whether we would want to define such parameter syntax in the current draft (which currently addresses the property tag) or spin up another draft to define the parameters for the new property tag. I can see pros and cons for both approaches (separation of concerns in different documents allows for more concise documents that facilitate easier reviews at the expense of more documents in flight). I’m rather new to the document authoring process so I’d appreciate any insights in this regard.

 

Thanks,

Corey

 

From: Spasm <spasm-bounces@ietf.org> On Behalf Of Nicolas Lidzborski
Sent: Monday, December 5, 2022 6:16 PM
To: Corey Bonnell <Corey.Bonnell=40digicert.com@dmarc.ietf.org>
Cc: Antonios Chariton <daknob.mac@gmail.com>; spasm@ietf.org
Subject: Re: [lamps] [EXTERNAL] Re: CAA processing for email addresses

 

 

 

On Sun, Dec 4, 2022 at 4:24 PM Corey Bonnell <Corey.Bonnell=40digicert.com@dmarc.ietf.org <mailto:40digicert.com@dmarc.ietf.org> > wrote:

Hi Antonios,

Thanks for your comments. Responses inline.

 

*	Perhaps “mailissue” or “mail” is better (explained in the thread) or even “smime”. This allows for “smimeentity” and “smimeserver” for example, if there’s a future need for that.

 

I follow your logic in your previous message and think we should settle on a common convention in our two drafts. I’m partial to including a verb in the property tag to disambiguate the tag from other property tags that may be relevant to the specific certificate type but not specify any restrictions on the set of CAs that can issue. Additionally, I think there’s value in retaining the “verb-object” tag-naming convention established by RFC 6844/8659 with “issuewild”. Otherwise, there will be inconsistency in naming depending on the certificate type.

 

Is there a reason the tags are not tied to the Key Usage of the certs? 

In particular for S/MIME, you may need to consider certificates only issued for digital signature and others only for encryption.

 

*	I don’t know if I would make this critical

 

I agree with you and Phillip that this tag shouldn’t be critical by default. I’ll clarify this point in an update to the draft in the next few days. 

*	In terms of adoption, I would like to see CAA for S/MIME, and this is a good and simple way to achieve it.

 

I also see CAA for IP addresses as valuable for the ecosystem as well. I plan to give your draft a fuller read shortly and will follow up with any comments.

 

Thanks,

Corey

 

From: Antonios Chariton <daknob.mac@gmail.com <mailto:daknob.mac@gmail.com> > 
Sent: Friday, December 2, 2022 10:51 AM
To: spasm@ietf.org <mailto:spasm@ietf.org> 
Cc: Corey Bonnell <Corey.Bonnell@digicert.com <mailto:Corey.Bonnell@digicert.com> >
Subject: Re: [lamps] [EXTERNAL] Re: CAA processing for email addresses

 

I think that CAA for S/MIME is useful, and can help enforce policies for an enterprise, and even for large e-mail providers (although probably not for their main domain gmail.com <http://gmail.com>  / hotmail.com <http://hotmail.com>  / etc.). I participate here on my personal capacity and won’t speak on behalf of Gmail.

 

Two things I’d maybe consider, one of which is described in my thread[1] too:

 

- Perhaps “mailissue” or “mail” is better (explained in the thread) or even “smime”. This allows for “smimeentity” and “smimeserver” for example, if there’s a future need for that.

 

- I don’t know if I would make this critical

 

Marking this as critical will require all CAs (at least) to build support for it, otherwise its presence will block issuance of TLS certificates. My suggestion is to make this non-critical (as it is not necessary to use CAA for this domain at all), and then require parsing of CAA “mail” (or whatever) properties in the requirements that include this doc. In this case, it can be the CA/B Forum BRs. If they specify that CAs MUST follow / understand / support / conform to … RFCXXXX then you achieve the criticality in the publicly trusted space, without breaking all CAA implementations in the meantime.

 

I would argue that this property is not critical for a CA that does not issue S/MIME certs, and in my view the critical flag is for things necessary for all CAA uses, not just one.

 

In terms of adoption, I would like to see CAA for S/MIME, and this is a good and simple way to achieve it. The lack of Certificate Transparency in the space will make it more difficult to detect misissuance / non-conformity, but when detected it would make it hopefully easier to prove. Without speaking on behalf of any Root Program, I imagine this would help many stakeholders in the S/MIME ecosystem.

 

Antonis

 

 

1: https://mailarchive.ietf.org/arch/msg/spasm/dQLF1fQQPNX9A59YV4imXRz9ABw/

 

On 1 Dec 2022, at 22:42, Phillip Hallam-Baker <phill@hallambaker.com <mailto:phill@hallambaker.com> > wrote:

 

But this is not a proposal that would be relevant to Mail Service Operators like Gmail or Hotmail.

 

It is only relevant to enterprises running mail services under their own DNS name. Outsourcing that to a mail service provider would not impact the use of CAA or S/MIMe in the slightest.

 

 

On Thu, Dec 1, 2022 at 3:02 PM Stephen Farrell <stephen.farrell@cs.tcd.ie <mailto:stephen.farrell@cs.tcd.ie> > wrote:



On 01/12/2022 18:46, Phillip Hallam-Baker wrote:
> I support adoption of this draft.

In the absence of mail service operators who say they want
this, I'm against adoption. (If this does originate in CAB
forum, I'm not aware folks like that are represented there.)

If some mail service operators wanted this, I'd consider what
they said.

S.

_______________________________________________
Spasm mailing list
Spasm@ietf.org <mailto:Spasm@ietf.org> 
https://www.ietf.org/mailman/listinfo/spasm

 

_______________________________________________
Spasm mailing list
Spasm@ietf.org <mailto:Spasm@ietf.org> 
https://www.ietf.org/mailman/listinfo/spasm

v2.23.0 | Report a Bug | By Email