Re: What I've been wondering about the DMARC problem

Miles Fidelman <mfidelman@meetinghouse.net> Tue, 15 April 2014 17:16 UTC

Return-Path: <mfidelman@meetinghouse.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9389D1A0657 for <ietf@ietfa.amsl.com>; Tue, 15 Apr 2014 10:16:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.881
X-Spam-Level:
X-Spam-Status: No, score=-0.881 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MISSING_HEADERS=1.021, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x_31AYhA_pDE for <ietf@ietfa.amsl.com>; Tue, 15 Apr 2014 10:16:47 -0700 (PDT)
Received: from server1.neighborhoods.net (server1.neighborhoods.net [207.154.13.48]) by ietfa.amsl.com (Postfix) with ESMTP id BE1F21A04C8 for <ietf@ietf.org>; Tue, 15 Apr 2014 10:16:47 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by server1.neighborhoods.net (Postfix) with ESMTP id 96F80CC08F for <ietf@ietf.org>; Tue, 15 Apr 2014 13:16:44 -0400 (EDT)
X-Virus-Scanned: by amavisd-new-2.6.2 (20081215) (Debian) at neighborhoods.net
Received: from server1.neighborhoods.net ([127.0.0.1]) by localhost (server1.neighborhoods.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id H1zPepzIqzB4 for <ietf@ietf.org>; Tue, 15 Apr 2014 13:16:36 -0400 (EDT)
Received: from new-host.home (pool-173-76-155-14.bstnma.fios.verizon.net [173.76.155.14]) by server1.neighborhoods.net (Postfix) with ESMTPSA id 2CD5CCC094 for <ietf@ietf.org>; Tue, 15 Apr 2014 13:16:31 -0400 (EDT)
Message-ID: <534D696E.2040202@meetinghouse.net>
Date: Tue, 15 Apr 2014 13:16:30 -0400
From: Miles Fidelman <mfidelman@meetinghouse.net>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:28.0) Gecko/20100101 Firefox/28.0 SeaMonkey/2.25
MIME-Version: 1.0
CC: IETF Discussion <ietf@ietf.org>
Subject: Re: What I've been wondering about the DMARC problem
References: <53499A5E.9020805@meetinghouse.net> <5349A261.9040500@dcrocker.net> <5349AE35.2000908@meetinghouse.net> <5349BCDA.7080701@gmail.com> <01P6L9JZF5SC00004W@mauve.mrochek.com> <CAKW6Ri5f5KZyJeL7RTG2T000Qd+t61KCofNmG2JZv+nKi94Uug@mail.gmail.com> <534C0078.3070808@meetinghouse.net> <CAKW6Ri6OUmxGaBOGR2hoWpDOGWsVQ9tQ2Q9ogkT5wzFhFJLBbQ@mail.gmail.com> <534C2262.1070507@meetinghouse.net> <CAL0qLwb5p_V3i-NGhKJZBeO0qKHm1xiAq1E3nYkBzVUAXkRPpQ@mail.gmail.com> <CAKW6Ri5HWMaGMa_oLKwq5fzSUzJG=jAL1qojY1i6_tibEAxq8w@mail.gmail.com> <CAL0qLwaik1ft+AcACoc+kvKtCRt_gGvM6ov7c2yj_Uwyy3drNw@mail.gmail.com> <CAKW6Ri5_=GyOQijZMM+mqAoaEQzePGysBy9WVjN9yHO1zf3d2w@mail.gmail.com> <534C8F2B.9060903@gmail.com> <534D5516.7060902@dcrocker.net> <534D5FD6.506@meetinghouse.net> <CAJkfFBzw4uKOvOdZKiymW6PX+iQ9CYQuMENOopx-32nEA7TGyg@mail.gmail.com> <534D63D1.3060202@meetinghouse.net> <534D65C2.2040209@people.ops-trust.net>
In-Reply-To: <534D65C2.2040209@people.ops-trust.net>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/gq37VgvJoBn7xLnV0GSf3-g8tLc
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Apr 2014 17:16:48 -0000

Paul Ferguson wrote:
> On 4/15/2014 9:52 AM, Miles Fidelman wrote:
>
>> Which does bring us back to the question of how to deal with "bad
>> actors" (or at least "irresponsible actors" or "uncooperative actors")
>> within a cooperative governance framework.  Sigh.... Miles
>>
> Welcome to the club. I've been wondering about that same issue with
> regards to getting adoption of BCP38 for over a decade. :-)
>
Well, seriously, though - people do respond to large-scale ddos attacks, 
as well as to things like propagation of corrupted routing BGP tables - 
both operationally, and sometimes legally.  What are the ways that 
people deal with those who are propagating such information, when they 
don't cooperate, and particularly when they don't cooperate 
intentionally?  What recourse comes into the picture?

CERT comes to mind.  So does the CFAA (Computer Fraud and Abuse Act).  
But what about general principles for institutional response?

Miles Fidelman

-- 
In theory, there is no difference between theory and practice.
In practice, there is.   .... Yogi Berra