IETF Logo Mail Archive

Re: [dmarc-ietf] Dmarcbis way forward

Matt V <ietfdmarc@emailkarma.net> Tue, 24 October 2023 17:14 UTC

Return-Path: <contact@emailkarma.net>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C0E7C14CE31 for <dmarc@ietfa.amsl.com>; Tue, 24 Oct 2023 10:14:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.904
X-Spam-Level:
X-Spam-Status: No, score=-6.904 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sYo50zqk3luy for <dmarc@ietfa.amsl.com>; Tue, 24 Oct 2023 10:14:03 -0700 (PDT)
Received: from mail-ej1-f45.google.com (mail-ej1-f45.google.com [209.85.218.45]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 79F14C151985 for <dmarc@ietf.org>; Tue, 24 Oct 2023 10:14:03 -0700 (PDT)
Received: by mail-ej1-f45.google.com with SMTP id a640c23a62f3a-99de884ad25so711293166b.3 for <dmarc@ietf.org>; Tue, 24 Oct 2023 10:14:03 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698167642; x=1698772442; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=H67ESKvhvb92W0LIS0Aq7NARAm1gBU/XTAizC7vV5JQ=; b=gEprj+sTbgoPiRqwOWn9ZXd19WLBauZNo/+bxn3hjZpF3yVjCA+95PPyXLZJwcyFc/ HZurCrgdE9D+dgGz4Q853KLts+JO/wDALi2pcd4TXOMCjbTEmp/gVRwPiUlX89H+Cwl9 cxNfoamF6Bm/DFOlidx7a1F6wkkZ1CD5p3eNQQ2J5u3bjUyle3Ofh5M1vnmoXprQkldR Csjd8sl6UX3oJpbo2Feu4S1y0tTl9lpFUBy0BRGCkvhwXmgVAUjnxR0I3DctDqheWHvf TMgLek30V0ULG+GL/IphWor2imUXdzoIhjsNB5zwZk++yvGQY1HhdRRFDuT70Vtnq2JX 4H2g==
X-Gm-Message-State: AOJu0YwLi9rLbOuMtWymg0oMJpjpwF3eKXUo9Hl+nPsU8TELqjBCNAAM G4QLLnpjeesoPyQRsUz0ntt8XYxAl+hSyDZ02dfMsQ==
X-Google-Smtp-Source: AGHT+IHYCGHVr6ipCpk5+1LX9ayyve4TAkNXcVeGM6msL3cLcj10uzZcr/UNnD4IRZcZiFZ7U1nsVlUOwLwfkgzecWg=
X-Received: by 2002:a17:907:86a2:b0:9c6:8190:359f with SMTP id qa34-20020a17090786a200b009c68190359fmr10265964ejc.33.1698167641476; Tue, 24 Oct 2023 10:14:01 -0700 (PDT)
MIME-Version: 1.0
References: <AS1PR07MB861698DF23A8C6CBCC93983B98D8A@AS1PR07MB8616.eurprd07.prod.outlook.com> <CAJ4XoYd=z7_-BQ6K45PjeYe_-JJPBgR=Xih1ensadQuLt_jbig@mail.gmail.com>
In-Reply-To: <CAJ4XoYd=z7_-BQ6K45PjeYe_-JJPBgR=Xih1ensadQuLt_jbig@mail.gmail.com>
From: Matt V <ietfdmarc@emailkarma.net>
Date: Tue, 24 Oct 2023 13:13:50 -0400
Message-ID: <CAPyMsDh0KRXMNyzB8b__wrpnP4vtDrW0sKMqob6DRu7P4QwsPg@mail.gmail.com>
To: "dmarc-chairs@ietf.org" <dmarc-chairs@ietf.org>
Cc: Francesca Palombini <francesca.palombini=40ericsson.com@dmarc.ietf.org>, "dmarc@ietf.org" <dmarc@ietf.org>, "art-ads@ietf.org" <art-ads@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000000a24a5060879772b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/nVpJSvD0KNLrpYhkBLa7bVZw62Q>
Subject: Re: [dmarc-ietf] Dmarcbis way forward
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Oct 2023 17:14:07 -0000

I also agree that "SHOULD NOT" would be my vote as the preferred language
going forward.

~
Matt

On Tue, Oct 24, 2023 at 12:41 PM Dotzero <dotzero@gmail.com> wrote:

> I'd like to first thank Francesca for taking the time to review where the
> working group is as far as consensus.
>
> I fall into the "SHOULD NOT" consensus group with additional non-normative
> language.
>
> The short version of the non-normative language should be in the document
> itself but I believe the issues resulting from deviating from the normative
> "SHOULD NOT" deserve a fuller discussion in a separate document.
>
> Much of the discussion has been focused on the impact to mailing lists but
> the impacts can involve a wider range of issues depending on the nature of
> the domain/organization and users involved. A discussion of those wider
> impacts in the context of a "SHOULD NOT" would be useful in educating
> domain owners, administrators and (even) users. There are differences in
> control and impacts between a corporate/organizational domain, government
> domains, domains which offer free or paid accounts to the public and
> personal domains for example. Advice to one of these groupings may not
> reasonably address the concerns and impacts for domains or constituencies
> in other groupings.
>
> Michael Hammer
>
>
> On Mon, Oct 23, 2023 at 4:04 AM Francesca Palombini <francesca.palombini=
> 40ericsson.com@dmarc.ietf.org> wrote:
>
>> I have been asked by Murray to assist with a consensus evaluation on the
>> discussion that has been going on for a while about the dmarcbis document
>> and how to move forward.
>>
>>
>>
>> I have made an attempt to evaluate consensus on the topic, trying to look
>> at it from a complete outsider’s point of view and trying not to let my
>> personal opinion bias my assessment. This is a summary of that evaluation.
>> It is based on several threads in the mailing list: [1], [2], [3] and
>> recordings of the IETF 117 wg meeting [4]. I also tried to pay attention to
>> chronology of comments, because some people have expressed different
>> support for different proposals, in which case I consider the latest
>> email I can find as the person’s latest opinion.
>>
>> Although that was mentioned, I believe there is no consensus to move the
>> document status to Informational. I believe there is a rough consensus that
>> a change needs to be made in the text to include stronger requirements
>> admonishing operators against deploying DMARC in a way that causes
>> disruption. The mails go in many directions, but the most contentious point
>> I could identify is if there ought to be some normative MUST NOT or SHOULD
>> NOT text. Many people have suggested text (thank you!). I believe the ones
>> with more tractions are Scott’s MUST NOT proposal [2] and Barry’s SHOULD
>> NOT proposal [3]. I believe most people who’d prefer just descriptive text
>> have stated that they can live with the SHOULD NOT text, but they have
>> stronger objections towards the MUST NOT text. There also a number of
>> people who strongly believe MUST NOT is the way to go, but these people
>> have not objected strongly to Barry’s latest proposed text in the mailing
>> list (although they have made their preference clear during the meeting
>> [4]). As a consequence, I believe there is a stronger (very rough)
>> consensus for going with Barry’s SHOULD NOT text. I also believe there is
>> consensus to add some non-normative explanatory text (be it in the
>> interoperability or security consideration sections, or both) around it.
>>
>> I suggest the authors and the working group start with Berry’s text and
>> fine-tune the details around it.
>>
>> In particular, as another AD that might have to ballot on this document,
>> I suggest that you pay particular attention to the text around the SHOULD
>> NOT, as also Murray suggested in [5]. I have often blocked documents with
>> the following text: “If SHOULD is used, then it must be accompanied by at
>> least one of: (1) A general description of the character of the exceptions
>> and/or in what areas exceptions are likely to arise.  Examples are fine
>> but, except in plausible and rare cases, not enumerated lists. (2) A
>> statement about what should be done, or what the considerations are, if the
>> "SHOULD" requirement is not met. (3) A statement about why it is not a
>> MUST.”.
>>
>> I appreciate everybody’s patience and constructive discussion.
>>
>> Francesca, ART AD
>>
>> [1]:
>> https://mailarchive.ietf.org/arch/msg/dmarc/Z2hoBQLfacWdxALzx4urhKv-Z-Y/
>>
>> [2]:
>> https://mailarchive.ietf.org/arch/msg/dmarc/wvuuggXnpT-8sMU49q3Xn9_BjHs/
>>
>> [3]:
>> https://mailarchive.ietf.org/arch/msg/dmarc/k6zxrKDepif26uWr0DeNdCK1xx4/
>>
>> [4]: https://www.youtube.com/watch?v=8O28ShKGRAU
>>
>> [5]:
>> https://mailarchive.ietf.org/arch/msg/dmarc/Ld-VObjtihm5uWd9liVzMouQ1sY/
>> _______________________________________________
>> dmarc mailing list
>> dmarc@ietf.org
>> https://www.ietf.org/mailman/listinfo/dmarc
>>
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>

v2.46.0 | Report a Bug | By Email | System Status