Re: [dmarc-ietf] Fwd: I-D Action: draft-ietf-dmarc-psd-10.txt

Ken O'Driscoll <ken@wemonitoremail.com> Mon, 22 February 2021 14:36 UTC

Return-Path: <ken@wemonitoremail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E7DDF3A07DA for <dmarc@ietfa.amsl.com>; Mon, 22 Feb 2021 06:36:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=wemonitoremail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d5q1sa66OVQ7 for <dmarc@ietfa.amsl.com>; Mon, 22 Feb 2021 06:36:06 -0800 (PST)
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10095.outbound.protection.outlook.com [40.107.1.95]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9DD633A0657 for <dmarc@ietf.org>; Mon, 22 Feb 2021 06:36:05 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eTPbq8u08WXOzYwttp44qwfsYXzL/6F67B51nd+gXLqaKMjC43H9tfPUEHQXvnlQXve/lOp7vTKgjrcToDbeWN+XpGl+J8kczUZAMynfOwpxBIHcpCFg4xDGSV0Txp7UHT8PMkgF2Xj/n4rWUjGjOrCZXC5Nxf9TM11dfxaASPAXWFz2Mn9/yMMCgsOSsSyL1umtcjSvq4vnnGtgeqOr9IE9SeWEzb6sN84Lekt2Edf9VdZg2OVjKIntRxT9AS/tFme7I8pzeZm5i//SC0/cuIXfVuir7EAYf0DWqmnUo/5sOkp1Ltss+IykQUXYzEGfbwt/XHKGubH70TVEnvJlqA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=428zxZpRe5H6sfw8HySo7elnFULY2knggwEt8/CcsPs=; b=aRsMnH0VOYRg3e6Op1qXr63Ue7HbeLVB8uJF5kz0IjgludiGDwmyIMrFsrkgs8DddDmHQeB+BL+CY6yi02gJZJ2LKdMKYW+nraMfC9otbZO2YyhYsLBoqOQuxM2N6UFSwPBVxKr69YLGdmfHifT7M5OmGlhvAgrCkJbINn8tBT1AXHJb6Yps4TOdk/31V9GPJdevuL8Mm/2u194qb4OqBtaOj9askxQ0IWuwUQpYoCw+cINRAkzm0EFvlrCi+a/LQjb25Xm9Y1OtARSU7biRcHOTzsQ3ORvuE6CPM2iVG/cd+Jw/vPljgfVaA/3GTHpnS0mrSHSKfQZARj7nzVT9hQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=wemonitoremail.com; dmarc=pass action=none header.from=wemonitoremail.com; dkim=pass header.d=wemonitoremail.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wemonitoremail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=428zxZpRe5H6sfw8HySo7elnFULY2knggwEt8/CcsPs=; b=TMdBOC87iGD79D5VQPYiqQ+R6n6hQB9uUb1cW2qM+3Rg88iPJdWmdJgAq59IyX08O4QaQNIKI6H196VKvCWH4BCvNi3ryYnwVb2297gbOPVxcYtYMbb6dtX/BHRh733eescpPGzlYU2xTQFjQvnMKx/ehkiSoZOxvdHJtR/3X452LqZZgA4DJefPRnFQJ3UQzlBUUzw+rkd0lIryNha8F/l+bn5M62lxX//pT2PEI5/nR66OxPuPRN942TYrODN0woqt+P72bamZZK/nMVvSqA6CthqtlQg32Frz/r9WAtK5dyGTw+OuwSba59MsC0Q3KQjrLiD4ZbXrouoh3ZlXpw==
Received: from VI1PR01MB7053.eurprd01.prod.exchangelabs.com (2603:10a6:800:19a::9) by VI1PR0102MB2847.eurprd01.prod.exchangelabs.com (2603:10a6:802:6::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3868.29; Mon, 22 Feb 2021 14:36:00 +0000
Received: from VI1PR01MB7053.eurprd01.prod.exchangelabs.com ([fe80::9c69:59f:c073:bd9f]) by VI1PR01MB7053.eurprd01.prod.exchangelabs.com ([fe80::9c69:59f:c073:bd9f%7]) with mapi id 15.20.3846.045; Mon, 22 Feb 2021 14:36:00 +0000
From: Ken O'Driscoll <ken@wemonitoremail.com>
To: "dmarc@ietf.org" <dmarc@ietf.org>
CC: Dave Crocker <dcrocker@gmail.com>, "Murray S. Kucherawy" <superuser@gmail.com>, Barry Leiba <barryleiba@computer.org>
Thread-Topic: [dmarc-ietf] Fwd: I-D Action: draft-ietf-dmarc-psd-10.txt
Thread-Index: AQHW9lab2k+8FMVZi0mnpCcspdofhKo/CiwAgAALfYCAHy+dgIAB9HgAgAOsqYCAAHRfoA==
Date: Mon, 22 Feb 2021 14:36:00 +0000
Message-ID: <VI1PR01MB705365834B737AF46A2DF099C7819@VI1PR01MB7053.eurprd01.prod.exchangelabs.com>
References: <161144436332.13490.10651420808048876097@ietfa.amsl.com> <CADyWQ+EhD0nz71dLtUFwb9V_6uuen-k6E5fpvrCg3ZYzfr2JSw@mail.gmail.com> <ba38a9e4-7f43-c747-2d90-f35de22a8399@gmail.com> <CAL0qLwZJaEBrXdE9JOZNOJAgR7iEzfMA86Csi2sNtE5JC7ROUQ@mail.gmail.com> <c5cd9239-b204-255a-48a3-1cdccf18464a@gmail.com> <CAL0qLwYrcg__sewPO+EWfJf-5uoHcnQpFqtw-QoXxngHTJvkAA@mail.gmail.com> <CAC4RtVDCeFQU9RTN6osPTrMpap-Djkx5+Czx=-nKqVeXnyEy1Q@mail.gmail.com> <CAL0qLwZXkRMLXS7mt28-vEKKk4HgWkP98P8kdYaS1XbcYQvSxQ@mail.gmail.com>
In-Reply-To: <CAL0qLwZXkRMLXS7mt28-vEKKk4HgWkP98P8kdYaS1XbcYQvSxQ@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=wemonitoremail.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 24dfa346-e454-402e-8223-08d8d73f2c9e
x-ms-traffictypediagnostic: VI1PR0102MB2847:
x-microsoft-antispam-prvs: <VI1PR0102MB28470BCA31ED5B3D160832B0C7819@VI1PR0102MB2847.eurprd01.prod.exchangelabs.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 5xFZgbD5pic/JiyQrWYrCXFLm5UqS0P/GaqWTNZAZHfNUnhMK0E6ae7jBkz65rmAzK2h+Toxl+nFGems1Zf3txWA3ftuLacUREjHxNrdCBZliiWn1VUC2R78v6hRwOIxv6eo+BlIjp8x/QA4SX1yfvk6BnhYb4u3bfNycDD50Z+1RFqb5yOkhjQdECou1lezrz4g3LKmH2i1Qpg4IFgBEnxZTyL2V4rU70cSErZ2VQQ0afllnwu/fFJCl9We5Ek7y0zRtezAVzmZlIPvq56RlgyQ9+EnrDSr1aNQQefEESyn+uhu+PIBMb3CK6KWUQytHNjaMJWA6NDoD7DlHnCDbFtI9hvQfYi4iwkPTKZEYdvv4aWbXXzPi8/NfoslL/jP58WXjZKTrF1vjbGUcsb61LsWLCyZPTUtSsf+HqL/EzeeRWzdjVt2n1oPW0YlQrar1TDmKBGh05Usb92HdbVESc6MpZTMgQ7LdELcdq6hVsK8hXtiwvwGhiBbSkEO2OPms2cPaXmP7fvSEOULwt7vXpeC6ckpVdH7Mx58rlI7MD7IRSSWrc8i/UuX3OumoHXGlQPZo5irVCKjDzLzFBhLQVbo2DGbK2nSEI8PTOtI8H8=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR01MB7053.eurprd01.prod.exchangelabs.com; PTR:; CAT:NONE; SFS:(136003)(376002)(346002)(396003)(39830400003)(366004)(52536014)(316002)(66574015)(166002)(66476007)(66556008)(66446008)(64756008)(478600001)(26005)(83380400001)(5660300002)(86362001)(66946007)(54906003)(6506007)(53546011)(8676002)(71200400001)(55016002)(4326008)(8936002)(9686003)(6916009)(33656002)(76116006)(7696005)(186003)(2906002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: =?utf-8?B?NFFWTnZ1alU4YldIcERBVnJJZjlVcnJpS3VYZUk1TkdTTVNZbnA2NVo5L0lj?= =?utf-8?B?TkJVdXFreDZWWXVUWDFIU1JMMDgwVGR5T0ttVjBJZnVpeFJaTVQvWEpwMSsw?= =?utf-8?B?djhoUm55Mjl6dHVpdDZBR2E4cWpzYVR5WHE0MVpyUTMxY0dxN1hTVTdkM1lP?= =?utf-8?B?ZHpBNFc0Nno3ODlGaVFSSFljU3g3d1BVOHRwcFdaTzBwUXJEd2JpT25qN0sv?= =?utf-8?B?ZVQxZGZmYUw4OElDSkVUc0VyYXZCbVZ0RElTczFKaWQyeW1ad29qeFdFK3Jz?= =?utf-8?B?RXZNNmo5blZDZDRHQWdoMTVzK0pEUGZydS9aUjBxTFpLa3ZhOXg3R05xL2tz?= =?utf-8?B?Y0hxVVJiQTZMTjdmZWNIQmJyeEcwazhwc004OHNvOVFaMXRJQzVLanlaN3Fv?= =?utf-8?B?Q0VJbU9SOW1yMVVnSThlNzN6Ti8yaUxCSStSNWpvenVrYVBVMi8yaTNOdTBl?= =?utf-8?B?MngremNPRDZKek5IdUFIcVlqNEFITU45L25Gbldmell5eUdicFVDZE1zR1N5?= =?utf-8?B?eTNrT2FITXNwVGMvb01UMXlGbFBJYno3aUdzMndGUG5Sd3d3YUNUOTluckRT?= =?utf-8?B?MVJFUm9rWFRsQzlBekE4ZkY1ZkZ5V2pDd2ppRFFZa0MvNW9SSHZ5SXlRMXFO?= =?utf-8?B?dkwyV0hNL1p3aTNQKzF0cnNKa1JzKy9ZNzZoaUNCeXFYelgycmRlMHdpTlN2?= =?utf-8?B?Q1Uwb0tjeFcrN2tTSFBXYUpyWjJ5V0l4ckNPcnBDUUV1R3U4Y0gyUE1PeTlj?= =?utf-8?B?cmhDVXBQQTl2SEwwVWloZUhQVERTV08xa2lRekJpS2kwbzl1NlVtTUdVZGNQ?= =?utf-8?B?QTdaakhmNzJvR1RmY0h2ZVUrMSs0MzB4WHk1c1cyTWljN3RyTFBBWGc3Si8r?= =?utf-8?B?WTdJVDFpd3laaDdIZzhlWllyWmJNR1piR2U5b09UWUNzM293OUdaZ2xXUlJE?= =?utf-8?B?L3Y0T1grZDVRZDA0NWJLaXN3N1V6T2RvRnJKUWxwNjQ5bHRhU09hbDA3VDMy?= =?utf-8?B?bTZzKys0ZHVVQy9iaFRtQmVMZjBOY0RTc3dVRHcwTXd2S00rSWFsUm5WYkRy?= =?utf-8?B?eEIwSElXKzhjRTZadXFFclV6MlIzNllpdyszY0ZNSmk5ZGVnekk2ZHppTzRP?= =?utf-8?B?VWRMZjVwWUFIUGNpTGc3NkEraXB4Y1dia0lQREZsdkRHZzlmVkpqRW5ncnZV?= =?utf-8?B?Z2cwcnpmak45Qk91bGR0djZHTEZVOXhRTDdDMTNtcWtvZEtNVHpFb3pQOVhT?= =?utf-8?B?QndTMnJ4QjdrazRQUTlyUm9jZWx5eGU0R3NnUEVCOFZwT1BBcWFVb0xWTkdz?= =?utf-8?B?UWNrd2RmU1RWd0xYaXZGZlBxR3dxRC9icy9EZWd4ZnZFbzR2Sk04QitJY0lt?= =?utf-8?B?NzdBN2R5WXRRcFhOQ0RyaWNlU1RETXBoVVRDM0QxOExUa1JUQnJ0Ky9BRmtB?= =?utf-8?B?cnJHWVZ0SXJOTlhJZUVOSkVHT0NFM1pLQldHYWFLTFkxdWZkbzVJOXFoRVoz?= =?utf-8?B?T3g3bFZCN09uZWY3U2pkTGlzMXZEaS84SEhCenQ3Nit4VWFsZk43SGZkd0Q1?= =?utf-8?B?VUNqMXlBUVVYMFA3cW1yYU0rQzdueXpRUS9sNGw0cyt3dmFpcTNNayt4TTdt?= =?utf-8?B?SDlQa0E2QkplTnlEVkgyYzBkQkpQRHFmejR2cGlINVlwOWJCTXBwWHR3QjJy?= =?utf-8?B?U00yZ0NOUkpDV2hYNFFxempmL05Ka3JKREtOdC9iVXZ5cXBsK3JxT0pJbGFO?= =?utf-8?Q?b31jb+Od0/yzjkezAE=3D?=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_VI1PR01MB705365834B737AF46A2DF099C7819VI1PR01MB7053eurp_"
MIME-Version: 1.0
X-OriginatorOrg: wemonitoremail.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: VI1PR01MB7053.eurprd01.prod.exchangelabs.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 24dfa346-e454-402e-8223-08d8d73f2c9e
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Feb 2021 14:36:00.2430 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: a2b1d6fe-fc8b-4b7c-b9f1-d7b1ab3d23b3
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: vSIrolIY5K+Udt/AgkqyZRxZ6wNg2xxnQHeviY7FhKy7vfcrMIIjvJOpnvB7QIctajl9nRl+RO4UlvRpy7DbHA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0102MB2847
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/-yaAy8osae1RnKgDw2olFdEkjAQ>
Subject: Re: [dmarc-ietf] Fwd: I-D Action: draft-ietf-dmarc-psd-10.txt
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Feb 2021 14:36:10 -0000

I would go even further and not even talk about the trees and nodes. Also, echoing elsewhere in this thread, making it really clear that this is not a case of DMARC is coming for your TLD. So, I’d propose something super basic like this for the second paragraph:

Domain name suffixes (for example .com, .eu, and .co.uk) are controlled by registries, who either directly or through accredited registrars, facilitate the registration and management of domain names below these suffixes. DMARC currently permits expression of policy only for domain names and not for domain suffixes. Since its deployment in 2015, specialist use cases have been identified where it may be desirable for a suffix to express a DMARC policy. This document describes an experimental extension to DMARC to add that capability.

Ken.

From: dmarc <dmarc-bounces@ietf.org> On Behalf Of Murray S. Kucherawy
Sent: Monday 22 February 2021 07:09
To: Barry Leiba <barryleiba@computer.org>
Cc: Dave Crocker <dcrocker@gmail.com>om>; IETF DMARC WG <dmarc@ietf.org>
Subject: Re: [dmarc-ietf] Fwd: I-D Action: draft-ietf-dmarc-psd-10.txt

On Fri, Feb 19, 2021 at 3:02 PM Barry Leiba <barryleiba@computer.org<mailto:barryleiba@computer.org>> wrote:
I agree that the abstract is unclear.  This makes no sense to me:

   domain names represent either nodes in the tree below
   which registrations occur, or nodes where registrations have
   occurred; it does not permit a domain name to have both of these
   properties simultaneously.

I don't understand the distinction that it's trying to make between
the two possibilities.
I also don't see the antecedent to "these domains" in the final
sentence of that paragraph.

Beyond that:
> I'm at a loss to understand what's confusing.  I'm not convinced that "registrations" in the
> context of domain names is unclear to a reader familiar with this space.

I am absolutely convinced that it is.  Think of people in M3AAWG, for
whom this is very relevant.  Many of them don't know much about
registries, registrars, and such, and in general, the average reader
won't understand the difference, from a "registration" standpoint,
between facebook.com<http://facebook.com> (which is registered) and "www.facebook.com<http://www.facebook.com>"
(which is not).  To the average reader, "facebook.com<http://facebook.com>" is registered
under com, and "www.facebook.com<http://www.facebook.com>" is registered under facebook.  And
the ones who don't think that will likely not understand why we can't
just talk about second-level domains and be done with it.

Actually that's a community that I would expect to know exactly what all those terms mean and how they are all related.

I think the use of "registered" seems to be the source of some of this confusion.  To work with the example you gave here, I agree that "facebook.com<http://facebook.com>" is registered (under "com"), but disagree that "www.facebook.com<http://www.facebook.com>" is registered at all; "facebook.com<http://facebook.com>" was delegated to some company that now "owns" that piece of the namespace tree and can create whatever it wants under there without any external arrangement.  To my mind, "register" involves a specific transaction, sometimes involving money, with whoever gates access to make those delegations.

All that needs to be explained in the Introduction, not the Abstract.
But the Abstract has to explain enough for a reader to understand why
she might or might not be interested in getting the document and
reading it.  So it's going to be tough to word it carefully and to
keep it concise.  But we have to.

Stressing a point:
We very clearly do NOT want to explain this stuff in the Abstract.  In
fact, we don't have to explain much at all in the Abstract.  What we
have to do is make sure that the Abstract doesn't say stuff that's
*wrong* or confusing.  So let's try to find some fifth-grade language
that can suffice, and then make sure the Introduction has the right
words to make it clear to people who know how to do email, but who
don't already understand the issues involved here.

How's this?:


   DMARC (Domain-based Message Authentication, Reporting, and

   Conformance) is a scalable mechanism by which a mail-originating

   organization can express domain-level policies and preferences for

   message validation, disposition, and reporting, that a mail-receiving

   organization can use to improve mail handling.

   Within the Domain Name System (DNS) on the public Internet, which is

   organized as a tree, some nodes of that tree are reserved for use by

   registrars, who delegate sub-trees to other operators on request.  DMARC currently
   permits expression of policy only for such sub-trees.  There is a marked desire to

   be able to express policy for the reserved nodes as well.  This document

   describes an experimental extension to DMARC to add that capability.


If we like that as a replacement Abstract, I'll carry on and propose a revision to the Introduction.

-MSK