Re: [dmarc-ietf] Fwd: I-D Action: draft-ietf-dmarc-psd-10.txt

["Chudow, Eric B CIV NSA DSAW (USA)" <eric.b.chudow.civ@mail.mil>]

I think it's getting better, but I wouldn't call them Internet Naming Authorities. Should we just call them higher-level entities? Also, while the biggest help that PSD DMARC would make is for non-existent organizational domains, it can also help with other domains that haven't expressed a DMARC policy, so the abstract shouldn't only discuss unregistered domains.

How about this:
--
DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a scalable mechanism by which a mail-originating organization can express policy preferences for validation and disposition of messages which purport to come from owned domains, as well as requesting feedback reporting about those message validation and disposition actions. These features allow the Domain Owner to detect and inhibit domain name abuse.

DMARC is designed for use by individual Domain Owners or organizational Domain Owners for their domains and sub-domains. Consequently, DMARC preferences by higher-level entities that have Organizational Domains below them in the DNS hierarchy cannot be specified for sub-domains in their purview. Those higher-level entities have an interest in detecting and inhibiting domain name abuse for domain names within their section of the DNS tree, and message recipients have an interest in preventing deception by entities using those domain names as well. Since its deployment in 2015, use of DMARC has shown a clear need for the ability to express policy preferences for these domains.

Domains at which higher-level entities accept registrations by multiple organizations or other separate entities are referred to as Public Suffix Domains (PSDs).  This document describes an extension to DMARC to enable DMARC functionality for PSDs. It also addresses implementations that consider a domain on a Public Suffix List to be ineligible for DMARC enforcement.

This document also describes an extension to DMARC to specify separate, often stricter, policy preferences for non-existent sub-domains.
--

Thanks,
-Eric

___________________________________
Eric Chudow
DoD Cybersecurity Mitigations
410-854-5735, eric.b.chudow.civ@mail.mil

From: Douglas Foster <dougfoster.emailstandards@gmail.com> 
Sent: Saturday, February 20, 2021 9:01 AM
To: Dave Crocker <dcrocker@gmail.com>
Cc: Murray S. Kucherawy <superuser@gmail.com>; IETF DMARC WG <dmarc@ietf.org>
Subject: Re: [dmarc-ietf] Fwd: I-D Action: draft-ietf-dmarc-psd-10.txt

This wording attempts to address the objections by giving
"registration" a specific context.    I also rewrote some of it for readability.

- -

DMARC (Domain-based Message Authentication, Reporting, and
Conformance) is a scalable mechanism by which a mail-originating
organization can policies and preferences for validation and 
disposition of messages which purport to come from owned domains, 
as well as requesting feedback reporting about those message 
validation and disposition actions.  These features allow the domain 
owner to detect and inhibit domain name abuse.

DMARC is designed for use by domain owners.  Consequently it has no 
applicability for domains that have no owner because the domain has 
never been registered with an Internet Naming Authority.  Those 
authorities have an interest in detecting and inhibiting abuse of the 
name registration process, and message recipients have an interest
in preventing deception by entities using unregistered organization 
domain names.

Domains at which Internet Naming Authorities perform registration are 
referred to as Public  Suffix Domains (PSDs).  This document describes 
an extension to DMARC to enable DMARC functionality for PSDs.

 This document also seeks to address implementations that consider a
 domain on a public Suffix list to be ineligible for DMARC
 enforcement.