Re: [dmarc-ietf] "Email architecture is single author"
Doug Foster <fosterd@bayviewphysicians.com> Thu, 13 August 2020 14:14 UTC
Return-Path: <btv1==494b8ec823c==fosterd@bayviewphysicians.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A13A03A0C7F for <dmarc@ietfa.amsl.com>; Thu, 13 Aug 2020 07:14:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bayviewphysicians.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7jjpAVisWlbN for <dmarc@ietfa.amsl.com>; Thu, 13 Aug 2020 07:14:01 -0700 (PDT)
Received: from mail.bayviewphysicians.com (mail.bayviewphysicians.com [216.54.111.133]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B87293A0C81 for <dmarc@ietf.org>; Thu, 13 Aug 2020 07:14:01 -0700 (PDT)
X-ASG-Debug-ID: 1597328039-11fa311da6a42a0001-K2EkT1
Received: from webmail.bayviewphysicians.com (smartermail4.bayviewphysicians.com [192.168.1.49]) by mail.bayviewphysicians.com with ESMTP id tvpsJ0Fr8427fEgV (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NO); Thu, 13 Aug 2020 10:13:59 -0400 (EDT)
X-Barracuda-Envelope-From: fosterd@bayviewphysicians.com
X-Barracuda-RBL-Trusted-Forwarder: 192.168.1.49
X-SmarterMail-Authenticated-As: fosterd@bayviewphysicians.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bayviewphysicians.com; s=s1025; h=message-id:subject:to:from; bh=36EnbyqXZak+JZLgacCP0Z+U7Zm3AOXXcm8kbJbySjo=; b=dee51zlw8bqvWw+eChIJUCiSvTiSqBdj+2eKmt4vODB0Z9enjnx9mvQyf22seFeIL aLUFSKW/ejTOhyzvcwMaeaYJ5siePbkK/NQ7Oo+f5yk/t/6eNRR1l5pDUv9QyqwNY MW9SRiuxopNtHzNKh2mqw14OIq8hnYWWzr9/rasZk=
Received: from MSA189 (UnknownHost [192.168.2.194]) by webmail.bayviewphysicians.com with SMTP (version=TLS\Tls12 cipher=Aes256 bits=256); Thu, 13 Aug 2020 10:13:50 -0400
From: Doug Foster <fosterd@bayviewphysicians.com>
X-Barracuda-RBL-IP: 192.168.2.194
To: 'Alessandro Vesely' <vesely@tana.it>, dmarc@ietf.org
Date: Thu, 13 Aug 2020 10:13:50 -0400
X-ASG-Orig-Subj: RE: [dmarc-ietf] "Email architecture is single author"
Message-ID: <000f01d6717b$f7ae7510$e70b5f30$@bayviewphysicians.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AdZxeSrYIqYE/lTdTSeNzcAkkfEVEQ==
Content-Language: en-us
X-Exim-Id: 000f01d6717b$f7ae7510$e70b5f30$
X-Barracuda-Connect: smartermail4.bayviewphysicians.com[192.168.1.49]
X-Barracuda-Start-Time: 1597328039
X-Barracuda-Encrypted: ECDHE-RSA-AES256-SHA384
X-Barracuda-URL: https://mail.bayviewphysicians.com:443/cgi-mod/mark.cgi
X-Virus-Scanned: by bsmtpd at bayviewphysicians.com
X-Barracuda-Scan-Msg-Size: 2073
X-Barracuda-BRTS-Status: 1
X-Barracuda-Spam-Score: 0.00
X-Barracuda-Spam-Status: No, SCORE=0.00 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=9.0 tests=
X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.83878 Rule breakdown below pts rule name description ---- ---------------------- --------------------------------------------------
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/RjUizLlOwWieCQ50_1ZWZGyfyEY>
Subject: Re: [dmarc-ietf] "Email architecture is single author"
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Aug 2020 14:14:07 -0000
In brief: My thinking is based on these foundations: - the incoming email gateway is an AAA server which conditionally allows anonymous logins - The NIST framework for digital identity. https://pages.nist.gov/800-63-3/ In that regard, digital identity is the focus, not human headcount. "Customerservice@example.com" can be an author, even though different individuals are responsible for different messages. My definition of a multiple-author architecture would be one where: - General: The different section of the message must be tagged with the identity of the author for that section. - Specific: Since the email infrastructure is an untrusted environment, the identities must be verifiable by some mechanism. The chairs would probably consider this off-topic at this time, but I would be willing to pursue a theoretical discussion at an appropriate time or forum. On the larger point: You can launch an experiment with or without the paperwork blessing of IETF Experimental status, and you may get IETF blessing despite my objections. You can begin recruiting domain owners immediately. So I am not your problem. What you need is a really good sales pitch to convince many thousands of domain owners, and the trade press, that this is something that they should implement. The pitch needs to include: - The mailing list problem is important to the email security manager. - The mailing list behavior which creates the problem is legitimate. (Abandon the argument that DMARC creates the problem.) - This proposal is a sufficient solution to the problem. - This proposal is the best solution to the problem. - This proposal is a secure solution to the problem. You should view me as the practice session for the sales pitch that really matters. You will not get far with the sales pitch my telling your audience that they are wrong. My warning is that you do not have a convincing sales pitch at this time. I believe the sales pitch has problems in every one of these categories. DF