Re: [dmarc-ietf] Charter improvements
"MH Michael Hammer (5304)" <MHammer@ag.com> Tue, 16 July 2013 16:22 UTC
Return-Path: <MHammer@ag.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35A0321E8086 for <dmarc@ietfa.amsl.com>; Tue, 16 Jul 2013 09:22:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qnk5VOvSFK+5 for <dmarc@ietfa.amsl.com>; Tue, 16 Jul 2013 09:22:12 -0700 (PDT)
Received: from agwhqht.amgreetings.com (agwhqht.amgreetings.com [207.58.192.4]) by ietfa.amsl.com (Postfix) with ESMTP id 6CD8521F9BAB for <dmarc@ietf.org>; Tue, 16 Jul 2013 09:22:11 -0700 (PDT)
Received: from USCLES544.agna.amgreetings.com ([fe80::f5de:4c30:bc26:d70a]) by USCLES532.agna.amgreetings.com ([::1]) with mapi id 14.02.0328.009; Tue, 16 Jul 2013 12:22:10 -0400
From: "MH Michael Hammer (5304)" <MHammer@ag.com>
To: "dmarc@ietf.org" <dmarc@ietf.org>
Thread-Topic: [dmarc-ietf] Charter improvements
Thread-Index: AQHOgjqje5HXAqhl50KbbIvPVtUdmJlneh9w
Date: Tue, 16 Jul 2013 16:22:09 +0000
Message-ID: <CE39F90A45FF0C49A1EA229FC9899B05705787@USCLES544.agna.amgreetings.com>
References: <20130702052746.15876.qmail@joyce.lan> <51D3464D.2060502@sonnection.nl> <0A91244B-1CAE-491A-865B-E2BA64AFB366@tnpi.net> <51E56928.4020207@gmail.com>
In-Reply-To: <51E56928.4020207@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.144.15.228]
x-kse-antivirus-interceptor-info: scan successful
x-kse-antivirus-info: Clean
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [dmarc-ietf] Charter improvements
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dmarc>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jul 2013 16:22:21 -0000
> -----Original Message----- > From: dmarc-bounces@ietf.org [mailto:dmarc-bounces@ietf.org] On Behalf > Of J. Trent Adams > Sent: Tuesday, July 16, 2013 11:39 AM > To: dmarc@ietf.org > Subject: Re: [dmarc-ietf] Charter improvements > > > Thanks, everyone, for their input on this thread (and to John for the pointer > how to get back to land when I blundered into the wrong stream). > Editing the proposed charter is a lot easier with this feedback. > > From what I can tell, the most important question needing to be answered is > whether or not revising the base DMARC specification is within scope of the > proposed work group. Following Russ's guidance, it seems that we should > start from the assumption that it's not in scope for now given the fact that it's > being sponsored by an AD as an Individual Submission. > +1 > Regardless of whether that's the right path, or not, let's explore it as an > option and see how the rest of the items identified in the proposed charter > play out. Then we can leverage the outcome of the conversation to > potentially revisit the fate of the base specification itself. > > Given that guidance, here're the most obvious (and noncontroversial?) items > needing to be done to shore up the proposed charter: > > * Correct the text regarding the current path of the specification. > * Tone down the "marketing puffery". > * Clarify how to address "backward compatibility" with the installed base. > These items make sense to me. +1 > I've already updated the description of the current path of the base > specification from "Independent Submission" to "Individual Submission", so > that's one down. I'll pull out my red pen on the other two topics and see if I > can make them more reasonable. > > Skipping ahead. . . here're the items that have previously been proposed as > worth exploring in the setting of an IETF work group: > > ----- > * a mechanism for determining the organizational domain name based on an > arbitrary fully-qualified hostname > ----- > > If I'm not mistaken, the Apps Area WG has already expressed an interest in > this work. In that case, I believe that this WG would only need to track that > effort and ensure that its work addresses the use cases required to support > DMARC. > > QUESTION: Given that it's an important topic, and there's no guarantee that > the other effort will result in an applicable solution, would it still be > reasonable to include a mention of this as worth exploration? > If so, it'd probably make sense to reference the other work as a starting point > to clarify we're not planning to spin up a competing solution. > I personally think this is beyond the scope of the proposed working group even though the issue impacts DMARC. I suppose a mention might make sense but only in the sense of recognizing reality. > ----- > * a mechanism for detecting abuse involving the <display-name> portion of > the RFC5322.From field > ----- > > This is an interesting item in that there have been some proposals from > contributors to the base DMARC specification to address this. The proposals, > as you can see, didn't make it through to a consensus and it was suggested > that they be brought to the broader community for consideration. It's highly > likely that through the WG process we're able to identify a means by which > this issue can be addressed. > > QUESTION: Does it make sense for this proposed WG to explore how the > base specification can be extended to apply the same level of "identifier > alignment" to the <display-name> as is helping defend the <address-spec>? > I think this is beyond the scope of the working group and probably stands on its own as a candidate for a separate working group. This is a much more intractable problem in that the display-name is free form. > ----- > * a mechanism for mitigating the effect of failures of DMARC policy when a > message transits a mailing list > ----- > > I recognize that there's definitely a counter-pressure against including this > topic as it seems to be a potentially quixotic quest. That being said, even if > we don't find the perfect solution, it does seem reasonable to believe there > is a way to provide something more than nothing that does help in some > meaningful way. I'm not presupposing a solution, just that there have been a > few possible options discussed at the edges which are likely to be worth > more rigorous exploration. > > QUESTION: Is there value in a WG such as this exploring possible solutions to > this issue and developing guidance that would potentially help improve the > utility of the base DMARC specification? > I don't mind this topic being included but I'm not optimistic that a reasonable solution can be found other than "Dr., it hurts when I do that. Dr: Then don't do that!". > ----- > * support for the notion of transitive trust (i.e., "host X trusted the sender of > this message, and I trust X, so you should too") > ----- > Definitely have an issue with this approach. It would significantly and negatively impact DMARC and almost introduce opportunities for abuse. > I see this as similar to the above, but potentially more broadly applicable. > One tweak I'd offer would be to replace ", so you should too" with > something like ", so you could choose to as well". > > QUESTION: Is there value in a WG such as this exploring possible solutions to > this issue and developing guidance that would potentially help improve the > utility of the base DMARC specification? > > ----- > * more robust transport of reports > ----- > > After over a year of deployment, and the rise in support services handling > reports, many folks have suggested that it would be worth exploring how to > offer additional optional means of transport for reports. The base DMARC > specification provides for this, but it is an area that was left to be extended > by a group such as this. Definitely worth exploring. > > QUESTION: Is this an area of exploration that is of enough interest to include > in the charter for this proposed work group? > > Beyond those, the topics in the proposed "Using DMARC" document have > already proven useful in clarifying some options that aren't typically included > in a base specification. For example, here a few items that may benefit from > being specifically called out in the charter as worth > exploring: > > * Identifier alignment configuration options > * Implementation decisions regarding "pct" > * Determining effective RUA sending frequency > * Leveraging policy caching > * Various options for integrating within an existing flow > * Defining a useful, common set of RUA reporting options > * When and how to use local policy override options > > QUESTION: Do any items on this list seem to be worth specifically adding to > the proposed charter as examples of the type of work that would be useful? > +1 for the Using DMARC document. > Finally, this list of potential work items was developed a while ago, and it's > likely additional possible areas of exploration have surfaced since then. Are > there any other substantive items that would be worth adding to the list? > Keeping in mind, of course, that our first cut will be to assume that the base > specification isn't in scope for now. > > Once the dust settles a bit around these items, I'll take another whack at the > charter text to at least get it stable for now. Then we can bubble up the > bigger question and see if we can tackle that given the input I've seen > recently on other threads. > > Thanks again, > Trent > > Mike
- Re: [dmarc-ietf] DMARC BoF at IETF 87, Berlin Dave Crocker
- [dmarc-ietf] DMARC BoF at IETF 87, Berlin Barry Leiba
- Re: [dmarc-ietf] DMARC BoF at IETF 87, Berlin Russ Housley
- Re: [dmarc-ietf] DMARC BoF at IETF 87, Berlin J. Trent Adams
- Re: [dmarc-ietf] DMARC BoF at IETF 87, Berlin John Levine
- Re: [dmarc-ietf] DMARC BoF at IETF 87, Berlin Dave Crocker
- Re: [dmarc-ietf] DMARC BoF at IETF 87, Berlin Russ Housley
- Re: [dmarc-ietf] DMARC BoF at IETF 87, Berlin Scott Kitterman
- Re: [dmarc-ietf] DMARC BoF at IETF 87, Berlin Barry Leiba
- Re: [dmarc-ietf] DMARC BoF at IETF 87, Berlin Franck Martin
- Re: [dmarc-ietf] DMARC BoF at IETF 87, Berlin Scott Kitterman
- Re: [dmarc-ietf] DMARC BoF at IETF 87, Berlin John Levine
- Re: [dmarc-ietf] DMARC BoF at IETF 87, Berlin Scott Kitterman
- Re: [dmarc-ietf] DMARC BoF at IETF 87, Berlin Franck Martin
- Re: [dmarc-ietf] DMARC BoF at IETF 87, Berlin John Levine
- Re: [dmarc-ietf] DMARC BoF at IETF 87, Berlin Franck Martin
- Re: [dmarc-ietf] DMARC BoF at IETF 87, Berlin John R Levine
- Re: [dmarc-ietf] DMARC BoF at IETF 87, Berlin Dave Crocker
- Re: [dmarc-ietf] DMARC BoF at IETF 87, Berlin John Levine
- Re: [dmarc-ietf] DMARC BoF at IETF 87, Berlin Dave Crocker
- Re: [dmarc-ietf] DMARC BoF at IETF 87, Berlin John R Levine
- Re: [dmarc-ietf] DMARC BoF at IETF 87, Berlin Scott Kitterman
- Re: [dmarc-ietf] DMARC BoF at IETF 87, Berlin Dave Crocker
- Re: [dmarc-ietf] DMARC BoF at IETF 87, Berlin Dave Crocker
- Re: [dmarc-ietf] DMARC BoF at IETF 87, Berlin John R Levine
- Re: [dmarc-ietf] DMARC BoF at IETF 87, Berlin Scott Kitterman
- Re: [dmarc-ietf] DMARC BoF at IETF 87, Berlin Scott Kitterman
- Re: [dmarc-ietf] DMARC BoF at IETF 87, Berlin Dave Crocker
- Re: [dmarc-ietf] DMARC BoF at IETF 87, Berlin Scott Kitterman
- Re: [dmarc-ietf] DMARC BoF at IETF 87, Berlin Dave Crocker
- Re: [dmarc-ietf] DMARC BoF at IETF 87, Berlin Dave Crocker
- Re: [dmarc-ietf] DMARC BoF at IETF 87, Berlin Murray S. Kucherawy
- Re: [dmarc-ietf] DMARC BoF at IETF 87, Berlin Scott Kitterman
- Re: [dmarc-ietf] Charter improvements John Levine
- Re: [dmarc-ietf] DMARC BoF at IETF 87, Berlin Murray S. Kucherawy
- Re: [dmarc-ietf] DMARC BoF at IETF 87, Berlin Scott Kitterman
- Re: [dmarc-ietf] DMARC BoF at IETF 87, Berlin Dave Crocker
- Re: [dmarc-ietf] Charter improvements Dave Crocker
- Re: [dmarc-ietf] DMARC BoF at IETF 87, Berlin Barry Leiba
- Re: [dmarc-ietf] Charter improvements John Levine
- Re: [dmarc-ietf] Charter improvements Dave Crocker
- Re: [dmarc-ietf] Charter improvements John Levine
- Re: [dmarc-ietf] Charter improvements Dave Crocker
- Re: [dmarc-ietf] Charter improvements Rolf E. Sonneveld
- Re: [dmarc-ietf] Charter improvements Dave Crocker
- Re: [dmarc-ietf] Charter improvements Matt Simerson
- Re: [dmarc-ietf] Charter improvements SM
- Re: [dmarc-ietf] Charter improvements J. Trent Adams
- Re: [dmarc-ietf] Charter improvements Dave Crocker
- Re: [dmarc-ietf] Charter improvements MH Michael Hammer (5304)
- Re: [dmarc-ietf] Charter improvements Scott Kitterman
- Re: [dmarc-ietf] Charter improvements Kurt Andersen
- Re: [dmarc-ietf] Charter improvements Kelley, John
- Re: [dmarc-ietf] Charter improvements Dave Crocker
- Re: [dmarc-ietf] Charter improvements Mike Jones
- Re: [dmarc-ietf] Charter improvements Franck Martin
- Re: [dmarc-ietf] Charter improvements Barry Leiba
- Re: [dmarc-ietf] Charter improvements Dave Crocker
- Re: [dmarc-ietf] Charter improvements Roland Turner
- Re: [dmarc-ietf] Charter improvements Dave Crocker
- Re: [dmarc-ietf] Charter improvements Murray S. Kucherawy
- Re: [dmarc-ietf] Charter improvements Murray S. Kucherawy
- Re: [dmarc-ietf] Charter improvements Dave Crocker
- Re: [dmarc-ietf] Charter improvements Murray S. Kucherawy
- Re: [dmarc-ietf] Charter improvements Greg Colburn