Re: DMARC: perspectives from a listadmin of large open-source lists

[Scott Kitterman <scott@kitterman.com>]

On April 15, 2014 12:25:40 PM EDT, Dave Crocker <dhc@dcrocker.net> wrote:
>On 4/14/2014 8:35 PM, Scott Kitterman wrote:
>> On Monday, April 14, 2014 10:26:44 Murray S. Kucherawy wrote:
>>> I mentioned in another thread that the DMARC people did come to the
>IETF to
>>> ask for a working group to complete development of the work on the
>>> standards track.  This request was denied on the grounds that DMARC
>was
>>> essentially already done, and thus the IETF had nothing
>engineering-wise to
>>> contribute.  There were also too few people that were not already
>DMARC
>>> proponents that would commit to working on it.
>>>
>>> (And as I said on that other thread, I'm happy to stand corrected if
>I've
>>> mischaracterized any of that.)
>>
>> My perception (and it may also be wrong) is that anyone who claimed
>there was
>> work yet to be done was shouted down.
>
>Given that the exchanges were on an open mailing list, I'm not quite 
>sure what that means.
>
>What I am sure of is that I've pressed quite vigorously and repeatedly,
>
>first on the open dmarc.org mailing list and then on the IETF DMARC 
>mailing list, for folk to cite work that needed to be done and to 
>develop group support for that work.
>
>What I saw was some individuals suggesting some bits of work, but no 
>support developed around it.  (By 'support' I mean more than a few
>folk.)
>
>Perhaps you can point to specific examples of this 'shouting down' 
>happening?
>
>What I also saw was some folk insisting that the charter be vague and 
>unconstrained, with no concern for the installed base.
>
>
>> As I said in the other thread, I think the only reason it was
>perceived as
>> done is that the private group that developed the spec declared it
>done and
>> fought against any WG charter language that would have permitted
>changes to
>> the core protocol.    Based on that approach, no wonder it was
>declined.
>
>Changes to the core of a protocol is the essence of de-stabilizing its 
>installed base.
>
>Writing a charter that permits de-stabilizing a substantial installed 
>base only makes sense when there is a clear and compelling basis
>already 
>known for needing to make such changes.
>
>With respect to DMARC, none has been offered or has developed community
>
>support.
>
>Writing a charter that permits de-stablilizing an installed base 
>covering 60% of the world's email traffic, in the absence of a clear
>and 
>compelling understanding of the need would be irresponsible.
>
>Arguably, the mere existence of such a charter would be de-stabilizing,
>
>since it means that anyone considering adoption has an excuse to defer 
>it to the indefinite future, when the IETF might get around to
>releasing 
>a revision.
>
Considering we're just in the finishing stages of spfbis, which you participated in significantly, and none of those fears were realized despite a charter that permitted incompatible changes if really needed I have a hard time understanding how you would believe all that to be true. 

I think we entirely agree on the facts.  I fully concur you have been loud and vigorous.

I also think it's not at all surprising given the volume and vigor coming from the DMARC developers that not that many people jumped up and lept into the fray.

Scott K