IETF Logo Mail Archive

Re: [dmarc-ietf] Draft DMARC working group charter

Dave Crocker <dcrocker@gmail.com> Thu, 03 July 2014 14:13 UTC

Return-Path: <dcrocker@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3B731B2A1C for <dmarc@ietfa.amsl.com>; Thu, 3 Jul 2014 07:13:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2
X-Spam-Level: **
X-Spam-Status: No, score=2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001, URIBL_WS_SURBL=4] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y9Qe65LqxrXG for <dmarc@ietfa.amsl.com>; Thu, 3 Jul 2014 07:13:13 -0700 (PDT)
Received: from mail-yk0-x22a.google.com (mail-yk0-x22a.google.com [IPv6:2607:f8b0:4002:c07::22a]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 516FD1B29D3 for <dmarc@ietf.org>; Thu, 3 Jul 2014 07:13:13 -0700 (PDT)
Received: by mail-yk0-f170.google.com with SMTP id q9so108386ykb.1 for <dmarc@ietf.org>; Thu, 03 Jul 2014 07:13:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=xCNvvO9N8uUC0l6QSqltqXHxv4fUg+AlQjQ+Co5q7R0=; b=ihgZcN39Ik943WS5NhtNlxT0qrLkKArmlItRnBiBIug9QJj2HRy7I4AllLjaT2eAi6 D6i/qneLLIrGxCKjbDFvFeRWM7XcYudY/ffslwwNWcUbQ8y2pvblpvQviJASAfdhOicC ql8njDaeLbUpmExwDLD9rhzxbuFWqY2lF0ss9liL0sHOqxEf1lxtmD9fzL4b3wAcQIS6 w1Vds9dh5ZzVTRHJBmU6DOuwLqdei92X1LgTrb80+ofSXqjVSbs5q2vuJhEDV1VKZv0I JjjpxDd+MRFJl72IqPhQwsAS5bzFIP7N5+JJnj+WNccRNOYCt3ma2AYrV8SBBKlmUYge lxYg==
X-Received: by 10.236.221.162 with SMTP id r32mr7343697yhp.94.1404396791711; Thu, 03 Jul 2014 07:13:11 -0700 (PDT)
Received: from [192.168.1.66] (76-218-8-156.lightspeed.sntcca.sbcglobal.net. [76.218.8.156]) by mx.google.com with ESMTPSA id w36sm40393513yhn.4.2014.07.03.07.13.09 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 03 Jul 2014 07:13:10 -0700 (PDT)
Message-ID: <53B5649E.7050206@gmail.com>
Date: Thu, 03 Jul 2014 07:11:42 -0700
From: Dave Crocker <dcrocker@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Pete Resnick <presnick@qti.qualcomm.com>
References: <539AE0FB.1090909@bbiw.net> <CAL0qLwa03uEVxoS5oeHctAyTChLyQPQC7KL-pSYUQnLvFMMWMQ@mail.gmail.com> <53A098DB.4090801@bbiw.net> <1EFCC6B6-83CD-4D14-9E8E-B72769764E2B@eudev.net> <alpine.BSF.2.00.1406181126570.78397@medusa.blackops.org> <alpine.BSF.2.00.1406181135010.78397@medusa.blackops.org> <f74dd22a-9b7a-4f90-8031-3060b79092db.maildroid@localhost> <6DA6615A-B1B4-495D-BE7A-C5BA0770A6C8@eudev.net> <53A48DB1.9080706@gmail.com> <53B2DB2B.2090301@gmail.com> <53B4E02A.2080000@qti.qualcomm.com>
In-Reply-To: <53B4E02A.2080000@qti.qualcomm.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/dmarc/nMP0OBxIG01vM9wSXhq9n9CppOk
Cc: "dmarc@ietf.org" <dmarc@ietf.org>, Barry Leiba <barryleiba@computer.org>
Subject: Re: [dmarc-ietf] Draft DMARC working group charter
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Jul 2014 14:13:15 -0000

On 7/2/2014 9:46 PM, Pete Resnick wrote:
> On 7/1/14 11:00 AM, Dave Crocker wrote:
>> I've looked over the small amount of mail posted about the draft charter
>> and do not see any changes mandated.
>>    
> 
> Nothing mandated, but here are some changes that I think clarify and/or
> simplify. You can find a diff here:

I think Pete's changes mostly improve the text in terms of clarity
and/or conciseness.


Commenting on only a few items:


>> The working group will seek to preserve interoperability with the
>> installed base of DMARC systems, and will provide careful justification
>> for any non-interoperability.
> 
> I think we can strike the word "careful". It doesn't add anything.

I put that word in intentionally.

The requirement being imposed here is a bit unusual, since it is
intended to make the wg fully document its reasons for creating changes
that break backward compatibility.  The word 'careful' is meant to
elicit thoughtful and thorough language for the justification.

In other words, it is meant to bias things against something like text
that just says "the wg reached consensus" and instead solicit "here are
the reasons...".


> "     2. Reviewing and improving the base DMARC specification"
> 
>> The base specification relies on the ability of an email receiver to
>> determine the organizational domain responsible for sending mail. An
>> organizational domain is the basic domain name obtained through a public
>> registry, such as example.com or example.co.uk. While the common
>> practice is to use a "public suffix" list to determine organizational
>> domain, it is widely recognized that this solution will not scale, and
>> that the current list often is inaccurate. The task of defining a
>> standard mechanism for identifying organizational domain is out of scope
>> for this working group. However the working group can consider extending
>> the base DMARC specification to accommodate such a standard, should it
>> be developed during the life of this working group.
>>    
> 
> I think we can strike the second sentence. Other than reducing this
> being marked as spam ;-), I don't think it adds anything. I have no
> better understanding of what an organizational domain is from those two
> examples. (So is my organizational domain "qti.qualcomm.com" or
> "qualcomm.com"? Is it more like example.com or example.co.uk, or is it
> something different?) I think the most we're going to be able to say is
> that an organizational domain is the domain that represents the top
> level of the organization, which doesn't help much.

A sentence defining organizational domain is essential.

The term does not have wide, common use.  Yet it refers to a core
construct for DMARC.  So the charter should both use the term and
provide a basic definition for it.

Here's my (latest) suggestion for the paragraph, with each sentence
separated:

   The base specification relies on the ability of an email receiver to
   determine the organizational domain responsible for sending mail.

   An organizational domain is the 'base' name that is allocated from a
   public registry, such as ".com" or ".co.uk".

   Existing mechanisms for discerning the organizational domain have
   long-standing problems and there is community interest in a better
   solution.

   The task of developing that solution is out of scope for this
   working group.

   However the working group will provide input to any development
   effort for a standardized organizational domain mechanism.




>>     References
>>     ----------
>>
>> DMARC - http://dmarc.org
>> SPF - RFC7208
>> DKIM - RFC6376
>> Internet Message Format - RFC5322
>> OAR / Original Authentication Results - draft-kucherawy-original-authres
>> Using DMARC -  draft-crocker-dmarc-bcp-03

And we need to add:

   Delegating DKIM Signing Authority - draft-kucherawy-dkim-delegate-01

   Third-Party Authorization Label - draft-otis-tpa-label-04


d/
-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net

v2.23.0 | Report a Bug | By Email