Re: [dmarc-ietf] Fwd: I-D Action: draft-ietf-dmarc-psd-10.txt

Dave Crocker <> Fri, 29 January 2021 20:56 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 7ECAC3A12DB for <>; Fri, 29 Jan 2021 12:56:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 8gRhZXzdmt9D for <>; Fri, 29 Jan 2021 12:56:12 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id ABE233A12D9 for <>; Fri, 29 Jan 2021 12:56:12 -0800 (PST)
Received: by with SMTP id j25so11402365oii.0 for <>; Fri, 29 Jan 2021 12:56:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language; bh=GExAg8smGhBmD/xc/IvC+P9DdhHcMjmwU8stKvZndNo=; b=V1Sx5XaDpsJoBOSHjM4ZEHFSSGp/ZL4PZP3z0eWMO84RaO3kQjTTx7mBccZPUqqQy6 HDcG28M2cQds7L0AjXpfjr9y/MUWXMdZUPbholhqWpReGzOlYUms1I2h9Tk1PhQ+5Oza k6dSEY7cJN0HmVIFMXcMyNr2XFD9YgbQgDhPt+LKGPoLyPiwbcLfHttJo2YAzPLaQJzt vO4d7/mIuw5vNkP1EIhJSx9jGjvNozGYhhTLM6y8h1+OGfM8tmRAQ2nrAlhewAEeCr90 wtlH7FCFxN4SayYwRTQ6CTQdDgwFRHuBjf4IdAkLw48TYXE+sx0kFecWGWt3h/kyxUeB dksQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=GExAg8smGhBmD/xc/IvC+P9DdhHcMjmwU8stKvZndNo=; b=Oq+PPYj54Kqu6Ydlwc+Nl8gejqxrMlJiuUtLAbZq1s0DDRh1PNoVyZnhwz2rBUvanm nGBEGr9ubFA7MtXxb8ZC0oWgOdsAgykRHAUCkEUlg0DzNOkX6Orh8f3FitOGPpVNHXEE 0aD7Yrq6NqYXfcPpfx7b5u2NjjjsIi6xCCkPr+20W6de26mIkMb+36xY9IPCBPkK3+Rf QIKoNpvVAEMIb+btnhDqA1x5NUxYDWV4Msu7SjDI/Fqo8usYPJpA8H+hsTX3AEF++BBp N58giIXDvHNywcS4/C8fs1ESMNfvaz3p7E42Gqu24IOTabncnlXOrI5Jc2SVcZ96dK68 iynA==
X-Gm-Message-State: AOAM532bkYYM9teiBMZglin6XfALe4rF0CvikqnVWw4Q+LSyKXqbXVbP u+/I0ZL5d6zJszHSv+rCrp5yERTs4ic=
X-Google-Smtp-Source: ABdhPJzToHtDxDw8Ke4Ru5mur2mwMkpYupNevyQ6gnVmRoorC5Lpi9Ux+0y/TwhH1Sl+Dp41SF+pBg==
X-Received: by 2002:aca:1211:: with SMTP id 17mr3797962ois.63.1611953771747; Fri, 29 Jan 2021 12:56:11 -0800 (PST)
Received: from [] ( []) by with ESMTPSA id a28sm2652382ook.24.2021. (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 29 Jan 2021 12:56:10 -0800 (PST)
To: "Murray S. Kucherawy" <>
Cc: Tim Wicinski <>, IETF DMARC WG <>
References: <> <> <> <>
From: Dave Crocker <>
Message-ID: <>
Date: Fri, 29 Jan 2021 12:56:09 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.7.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/alternative; boundary="------------316A07D9CBB049804459C49E"
Content-Language: en-US
Archived-At: <>
Subject: Re: [dmarc-ietf] Fwd: I-D Action: draft-ietf-dmarc-psd-10.txt
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 29 Jan 2021 20:56:15 -0000

On 1/29/2021 12:15 PM, Murray S. Kucherawy wrote:
> On Fri, Jan 29, 2021 at 7:51 AM Dave Crocker < 
> <>> wrote:
>>     Abstract
>>         DMARC (Domain-based Message Authentication, Reporting, and
>>         Conformance) is a scalable mechanism by which a mail-originating
>>         organization can express domain-level policies and preferences for
>>         message validation, disposition, and reporting, that a mail-receiving
>>         organization can use to improve mail handling.  The design of DMARC
>>         presumes that domain names represent either nodes in the tree below
>>         which registrations occur, or nodes where registrations have
>     DMARC does not have 'registrations'.
> It's referring to domain name registrations, not DMARC registrations.
>     Also the occur/occured contrast has no obvious meaning to me. 
>     Really, I have no idea what's intended by it.
> "exist"?
> "take place"?
> "are made"?
> "are done"?

The issue wasn't synonyms but semantics.  'registrations occurred' has 
no obvious DMARC meaning.

unless, perhaps, the meaning is 'domain names exist', but that still 
doesn't explain the contrast being drawn.

>>         occurred; it does not permit a domain name to have both of these
>     "both" of what?  registration?
> It's describing properties of nodes in the domain name tree. DMARC's 
> current design stipulates that every node is either (a) a node below 
> which registrations can occur, or (b) a node at which a registration 
> has occurred.  An example of the former is "org", and an example of 
> the latter is " <>" and its entire subtree.

DMARC does not have 'registrations'.

The word in used in the spec as:


    3 <>. Terminology and

Domain Owner:  An entity or organization that owns a DNS domain.  The
       term "owns" here indicates that the entity or organization being
       referenced holds the registration of that DNS domain."



      3.2 <>.
      Organizational Domain

    The Organizational Domain is determined using the following

    1.  Acquire a "public suffix" list, i.e., a list of DNS domain names
        reserved for registrations. "

(The later reference to the Tag Registry is presumably irrelevant here.)

>>         properties simultaneously.  Since its deployment in 2015, use of
>>         DMARC has shown a clear need for the ability to express policy for
>>         these domains as well.
>     Which domains?
> The intent is to augment DMARC's ability to describe the domain name 
> tree such that a node can be both (a) and (b) at the same time, for 
> the purposes of policy expression.  So those are the nodes (domains) 
> of interest.

My frustration is that a document that reaches wg Last Call should not 
have language that is this confusing, especially about its fundamentals 
and especially given how much revision it has already gotten.


Dave Crocker

Volunteer, Silicon Valley Chapter
American Red Cross