Re: [dmarc-ietf] Fwd: I-D Action: draft-ietf-dmarc-psd-10.txt

["Murray S. Kucherawy" <superuser@gmail.com>]

On Fri, Feb 19, 2021 at 3:02 PM Barry Leiba <barryleiba@computer.org> wrote:

> I agree that the abstract is unclear.  This makes no sense to me:
>
>    domain names represent either nodes in the tree below
>    which registrations occur, or nodes where registrations have
>    occurred; it does not permit a domain name to have both of these
>    properties simultaneously.
>
> I don't understand the distinction that it's trying to make between
> the two possibilities.
> I also don't see the antecedent to "these domains" in the final
> sentence of that paragraph.
>
> Beyond that:
> > I'm at a loss to understand what's confusing.  I'm not convinced that
> "registrations" in the
> > context of domain names is unclear to a reader familiar with this space.
>
> I am absolutely convinced that it is.  Think of people in M3AAWG, for
> whom this is very relevant.  Many of them don't know much about
> registries, registrars, and such, and in general, the average reader
> won't understand the difference, from a "registration" standpoint,
> between facebook.com (which is registered) and "www.facebook.com"
> (which is not).  To the average reader, "facebook.com" is registered
> under com, and "www.facebook.com" is registered under facebook.  And
> the ones who don't think that will likely not understand why we can't
> just talk about second-level domains and be done with it.
>

Actually that's a community that I would expect to know exactly what all
those terms mean and how they are all related.

I think the use of "registered" seems to be the source of some of this
confusion.  To work with the example you gave here, I agree that "
facebook.com" is registered (under "com"), but disagree that "
www.facebook.com" is registered at all; "facebook.com" was delegated to
some company that now "owns" that piece of the namespace tree and can
create whatever it wants under there without any external arrangement.  To
my mind, "register" involves a specific transaction, sometimes involving
money, with whoever gates access to make those delegations.

All that needs to be explained in the Introduction, not the Abstract.
> But the Abstract has to explain enough for a reader to understand why
> she might or might not be interested in getting the document and
> reading it.  So it's going to be tough to word it carefully and to
> keep it concise.  But we have to.
>
> Stressing a point:
> We very clearly do NOT want to explain this stuff in the Abstract.  In
> fact, we don't have to explain much at all in the Abstract.  What we
> have to do is make sure that the Abstract doesn't say stuff that's
> *wrong* or confusing.  So let's try to find some fifth-grade language
> that can suffice, and then make sure the Introduction has the right
> words to make it clear to people who know how to do email, but who
> don't already understand the issues involved here.
>

How's this?:

   DMARC (Domain-based Message Authentication, Reporting, and
   Conformance) is a scalable mechanism by which a mail-originating
   organization can express domain-level policies and preferences for
   message validation, disposition, and reporting, that a mail-receiving
   organization can use to improve mail handling.

   Within the Domain Name System (DNS) on the public Internet, which is

   organized as a tree, some nodes of that tree are reserved for use by

   registrars, who delegate sub-trees to other operators on request.
DMARC currently
   permits expression of policy only for such sub-trees.  There is a
marked desire to

   be able to express policy for the reserved nodes as well.  This document

   describes an experimental extension to DMARC to add that capability.

If we like that as a replacement Abstract, I'll carry on and propose a
revision to the Introduction.

-MSK