Re: [dmarc-ietf] Response to a claim in draft-crocker-dmarc-author-00 security considerations

[Benny Lyne Amorsen <benny+usenet@amorsen.dk>]

"Douglas E. Foster" <fosterd@bayviewphysicians.com> writes:

> Ultimately, this becomes a question of power.  Do domain owners have
> the right, with the help of their correspondents, to prohibit spoofing
> (unauthorized use) of their digital identity?

Domain owners are free to use the court system to assert trademark
rights and copyright. They are also free to apply whichever seals of
digital identity that they want, of course.

> Or since they are technically leaseholders, not owners, are their
> rights conditional?

You seem to be laboring under the impression that domain owners have a
right to compel mail recipients to respect a DRM scheme. This is not the
case. You can try to sue Google to force them to reject incoming email
with your domain in the From: field and no valid DKIM (or whatever)
signature, of course, but I have a hard time imagining which right you
would assert to make the suit successful.

> Specificslly, do Internet insiders have the right to declare their
> spoofing control efforts to be based on foolish premises, both
> unnecessary and inconvenient, and therefore not allowed?

No one, certainly not "Internet insiders" of which I am certainly not
one, is stopping you from doing whichever spoofing control efforts you
want on your systems.

Feel free to keep p=reject on your domains. Many mail servers will keep
using that as a signal among many others, rather than as a blanket
reject.

If you want recipient mail servers to change that policy you can either
do it by convincing their administrators or by getting a law passed. So
far you appear to favour the latter approach, with your focus on
"prohibit" "unauthorized use" and "rights". The IETF is not a lawmaking
body, so it appears there are better venues for you.