IETF Logo Mail Archive

Re: [dmarc-ietf] DMARC BoF at IETF 87, Berlin

Barry Leiba <barryleiba@computer.org> Tue, 02 July 2013 15:11 UTC

Return-Path: <barryleiba.mailing.lists@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 07AA721F9DCF for <dmarc@ietfa.amsl.com>; Tue, 2 Jul 2013 08:11:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.651
X-Spam-Level:
X-Spam-Status: No, score=-101.651 tagged_above=-999 required=5 tests=[AWL=-0.273, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, J_CHICKENPOX_14=0.6, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xnmBV19zhv8U for <dmarc@ietfa.amsl.com>; Tue, 2 Jul 2013 08:11:48 -0700 (PDT)
Received: from mail-ve0-x234.google.com (mail-ve0-x234.google.com [IPv6:2607:f8b0:400c:c01::234]) by ietfa.amsl.com (Postfix) with ESMTP id 1511721F9D7E for <dmarc@ietf.org>; Tue, 2 Jul 2013 08:11:43 -0700 (PDT)
Received: by mail-ve0-f180.google.com with SMTP id pa12so4926532veb.39 for <dmarc@ietf.org>; Tue, 02 Jul 2013 08:11:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=zLzsf6rh8DfrGT24D/BbqJDUXlSNOm9dfZAxTaGCiPg=; b=vWDvDHYwSQ3Yg5deEjLhT+fPeV2IjnXlOnod2om+UJ5I4vKYd1zXLrL26lOyVdskHf J3odPRgUz4dLCniUVO5Efzh+EALVe7Nd+Tyw3UIQDXxtNdAkG3iflXOSKXx2Rew5kMaY NqJ3JJX1I8mPne07+MBiQMPAtDyAG0luUAVL2/LsuYH+Ktl992A2HIU2y+cPKaoceHyN Ho5gzp5QSqdtpPB5hhJnesg1rwqGJMDIVfBaWcT5ft3iZLq6b/n+WclYi0CzkF/kAkis 5yUrGMVzVG38ZtKnA3WkmnUQOSVfBP+MXF1llbjo0g5v8cUvoV942+Cc6WCk1VxW/biU MZ0w==
MIME-Version: 1.0
X-Received: by 10.58.34.69 with SMTP id x5mr11514579vei.11.1372777896315; Tue, 02 Jul 2013 08:11:36 -0700 (PDT)
Sender: barryleiba.mailing.lists@gmail.com
Received: by 10.58.137.227 with HTTP; Tue, 2 Jul 2013 08:11:36 -0700 (PDT)
In-Reply-To: <6186322.YWEmVzIH41@scott-latitude-e6320>
References: <20130630221443.71098.qmail@joyce.lan> <3702901.qqViAzZfBM@scott-latitude-e6320> <CAL0qLwYaRgnNjqQ_r9VpMK77cQSDnrTjeq6TDu==8Zc7zMx+CA@mail.gmail.com> <6186322.YWEmVzIH41@scott-latitude-e6320>
Date: Tue, 02 Jul 2013 11:11:36 -0400
X-Google-Sender-Auth: MEGigKPOR7AMjjhVO0mTHylSJqk
Message-ID: <CAC4RtVD=zcSmaxTb0fTQjZqdmcp1d3UAceFO2159eg1XkOHRhg@mail.gmail.com>
From: Barry Leiba <barryleiba@computer.org>
To: Scott Kitterman <sklist@kitterman.com>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: "dmarc@ietf.org" <dmarc@ietf.org>
Subject: Re: [dmarc-ietf] DMARC BoF at IETF 87, Berlin
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dmarc>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jul 2013 15:11:49 -0000

Scott, I'm clumping bits from a few of your messages in this thread
into one reply; I think it'll make it easier.

>> An initial version of the draft was posted as an I-D.  The sponsoring AD
>> has pressed for a number of reviews to be done.  An initial set were
>> done and came back calling for some significant editorial changes, but
>> no technical changes, essentially to make the document better to read.
>>
>> Let me repeat:  better writing; no technical changes.
>
> I disagree.  I've been saying repeatedly that I think that the policy
> overrides are a layering violation that should be removed.  They are bad
> design.

Repeatedly?  I've just re-read every message you've posted to this
mailing list, and I see none in which you've said this, none in which
you've done a review of the dmarc base spec document, and several in
which you've said that you're using dmarc and are supportive of it.

I'm sure you think there are things that should be changed.  The best
way to suggest that is to do a review of the document, to post it
here, and to be specific about what you want to see changed.

> I'll add to that that having watched senders try to interpret XML reports they
> receive from different providers and understand the subtleties between them
> that while the mechanics of the XML schema are there, the semantics are not
> clear enough to provide for interoperable implementations.  Even among
> implementers who have worked together in dmarc.org to develop the schema,
> there are inconsistencies.
>
> I don't think there is anything in the two issues about that would force
> existing implementers to make changes, but I think that they are not purely
> editorial either.

Excellent; put an expansion of that into a review, making sure that
it's clear about what the problem is and what, specifically, you want
to change.

> Personally, I'm getting tired of investing time in it.  It seems like the only
> response to comments amounts to "La La La La, I can't hear you".

This and statements like it don't seem to be fair: I see no evidence
that anyone is unwilling to listen to comments (from you or anyone
else).  Responses might disagree with you, and people might think that
changes you want made should not happen... but that's technical
disagreement, not refusal to listen.

In any case, I haven't see any real opportunity to discuss what issues
you might have with the dmarc protocol, because I haven't seen you lay
those issues out clearly so they can be discussed.  Please do that.

Really: please do that.  Please don't get tired; get specific.

> I agree that it seems the needed changes are unlikely to affect the installed
> base.  My concern is that the plan appears to be an AD sponsored base
> specification with maybe a working group to address the BCP and potentially
> other things.

Whether the base spec is AD-sponsored or handled by a working group
isn't going to affect the quality or depth of review that I'm going to
insist on.  The dmarc spec will not become an IETF Standards Track
document without a good deal of thorough review, discussion and
changes where that's necessary, and significant support for putting it
on the Standards Track.

The path of AD sponsorship is happening because there was difficulty
in converging on a charter that included the base spec (see the
discussion on the apps-discuss list about that).  Such a working group
is still not out of the question, but the level of technical work that
appears to be needed for the base spec is very low -- that's what
makes it reasonable to AD-sponsor it if the community gets behind it
with review and discussion.

In this post: http://www.ietf.org/mail-archive/web/dmarc/current/msg00184.html
...you say this:

> I'm not certain what the best answer is, but I think that at least getting the
> spec to say you can publish p=none and not affect existing behavior is very
> important.  Unfortunately, there's no venue to discuss updating the base spec.

*This* is the venue to discuss updating the base spec.  Clearly, those
who have deployments of dmarc don't want to see changes that will
affect their deployments.  That said, there's no restriction on what
aspects of dmarc can be discussed on this list.  You want to propose
changes, do as I said above: post a review of the document and be
specific about what you want to see changed and why.  And then
participate in the discussion that ensues.  Scattered comments in
other threads that give very brief mention to issues you have are hard
to follow, hard to get into real discussion of, and hard for editors
to track.

Barry, Applications AD

v2.23.0 | Report a Bug | By Email