Re: DMARC: perspectives from a listadmin of large open-source lists

Scott Kitterman <scott@kitterman.com> Tue, 15 April 2014 23:15 UTC

Return-Path: <scott@kitterman.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66EF51A0063 for <ietf@ietfa.amsl.com>; Tue, 15 Apr 2014 16:15:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.698
X-Spam-Level:
X-Spam-Status: No, score=0.698 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y-3o4hcEpFd0 for <ietf@ietfa.amsl.com>; Tue, 15 Apr 2014 16:15:22 -0700 (PDT)
Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [208.43.65.50]) by ietfa.amsl.com (Postfix) with ESMTP id 4B8181A0059 for <ietf@ietf.org>; Tue, 15 Apr 2014 16:15:22 -0700 (PDT)
Received: from mailout03.controlledmail.com (localhost [127.0.0.1]) by mailout03.controlledmail.com (Postfix) with ESMTP id 0A3BCD043F1; Tue, 15 Apr 2014 19:15:19 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=2014-01; t=1397603719; bh=SecHU6I4zdO38IIXAkn89QX7qTsN81AYkIL/vLDIC+0=; h=In-Reply-To:References:Subject:From:Date:To:From; b=V/YcHsKM/UqLVcJeAl6YEikj1MkCKKSf5FUgGMu6jRRfLRjv1uYI5gjFajm1ScW2q tNtWhYYjrOgI4VZIcJn8n68FUa32uBySU/bsA4LP6GmNSg3BlU3Brbp6+DwoelerrQ cetWLzkSe94Yz29+2NLR21X9MsZRMANJeDOmniZc=
Received: from [IPV6:2600:1003:b120:6c43:5810:e380:3212:8f9] (unknown [IPv6:2600:1003:b120:6c43:5810:e380:3212:8f9]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id 8A4B6D04326; Tue, 15 Apr 2014 19:15:18 -0400 (EDT)
User-Agent: K-9 Mail for Android
In-Reply-To: <534D5D84.2020307@dcrocker.net>
References: <20140414024956.26078.qmail@joyce.lan> <534BFA0D.7000404@meetinghouse.net> <CAL0qLwZdOORfasExjyc9BHDMYwR_gUk7NRiE7KFBWUC2Hae9jg@mail.gmail.com> <1485381.SfhK6qmW0I@scott-latitude-e6320> <534D5D84.2020307@dcrocker.net>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=UTF-8
Subject: Re: DMARC: perspectives from a listadmin of large open-source lists
From: Scott Kitterman <scott@kitterman.com>
Date: Tue, 15 Apr 2014 19:15:15 -0400
To: ietf@ietf.org
Message-ID: <09c2d02c-2595-4134-b55c-d71796228adc@email.android.com>
X-AV-Checked: ClamAV using ClamSMTP
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/Fkr97NWRNhncLam0xXhbSwtHyk4
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Apr 2014 23:15:28 -0000

On April 15, 2014 12:25:40 PM EDT, Dave Crocker <dhc@dcrocker.net> wrote:
>On 4/14/2014 8:35 PM, Scott Kitterman wrote:
>> On Monday, April 14, 2014 10:26:44 Murray S. Kucherawy wrote:
>>> I mentioned in another thread that the DMARC people did come to the
>IETF to
>>> ask for a working group to complete development of the work on the
>>> standards track.  This request was denied on the grounds that DMARC
>was
>>> essentially already done, and thus the IETF had nothing
>engineering-wise to
>>> contribute.  There were also too few people that were not already
>DMARC
>>> proponents that would commit to working on it.
>>>
>>> (And as I said on that other thread, I'm happy to stand corrected if
>I've
>>> mischaracterized any of that.)
>>
>> My perception (and it may also be wrong) is that anyone who claimed
>there was
>> work yet to be done was shouted down.
>
>Given that the exchanges were on an open mailing list, I'm not quite 
>sure what that means.
>
>What I am sure of is that I've pressed quite vigorously and repeatedly,
>
>first on the open dmarc.org mailing list and then on the IETF DMARC 
>mailing list, for folk to cite work that needed to be done and to 
>develop group support for that work.
>
>What I saw was some individuals suggesting some bits of work, but no 
>support developed around it.  (By 'support' I mean more than a few
>folk.)
>
>Perhaps you can point to specific examples of this 'shouting down' 
>happening?
>
>What I also saw was some folk insisting that the charter be vague and 
>unconstrained, with no concern for the installed base.
>
>
>> As I said in the other thread, I think the only reason it was
>perceived as
>> done is that the private group that developed the spec declared it
>done and
>> fought against any WG charter language that would have permitted
>changes to
>> the core protocol.    Based on that approach, no wonder it was
>declined.
>
>Changes to the core of a protocol is the essence of de-stabilizing its 
>installed base.
>
>Writing a charter that permits de-stabilizing a substantial installed 
>base only makes sense when there is a clear and compelling basis
>already 
>known for needing to make such changes.
>
>With respect to DMARC, none has been offered or has developed community
>
>support.
>
>Writing a charter that permits de-stablilizing an installed base 
>covering 60% of the world's email traffic, in the absence of a clear
>and 
>compelling understanding of the need would be irresponsible.
>
>Arguably, the mere existence of such a charter would be de-stabilizing,
>
>since it means that anyone considering adoption has an excuse to defer 
>it to the indefinite future, when the IETF might get around to
>releasing 
>a revision.
>
Considering we're just in the finishing stages of spfbis, which you participated in significantly, and none of those fears were realized despite a charter that permitted incompatible changes if really needed I have a hard time understanding how you would believe all that to be true. 

I think we entirely agree on the facts.  I fully concur you have been loud and vigorous.

I also think it's not at all surprising given the volume and vigor coming from the DMARC developers that not that many people jumped up and lept into the fray.

Scott K