[dmarc-ietf] "next steps?" (was: Re: Agenda for IETF 101 DMARC session)

Tue, 13 Mar 2018 06:43:19 -0700 

On 3/12/2018 6:57 PM, Barry Leiba wrote:

Not all 25 minutes are for that; that is included in the time slot,
along with anything else we put into "next steps".

...

I do expect that we'll discuss "path toward a Proposed Standard
version of DMARC," and I'll put that into the "next steps" section on
the next update to the agenda.



I suggest broaching this topic here and now, so the agenda entry can 
show something other than an off-charter draft.



To prime that pump...



   Phase II:

      Specification of DMARC improvements to support indirect
mail flows



1.  Besides ARC, are there other wg efforts that should be pursued to 
satisfy this?



   ARC targets intermediary action in mail that originated with a 
DMARC-satisfying configuration.  ARC does not attend to mail that starts 
without that.  That is, mail starting from an independent third party 
source, such as a kiosk.




      Draft Guide on DMARC Usage


Current version is -04, so this charter item appears to be satisfied.



   Phase III:

      Review and refinement of the DMARC specification


Is there technical work on the base specification that would improve it?


     One would be a spec revision to deal with ARC.  Does DMARC still 
'fail'?  Yet the whole point of ARC is to create the possibility of 
still getting delivered, in spite of this.



    And from a note I posted last August:  "BTW, the DMARC spec uses 
the terms 'pass' and 'fail' with respect to the underlying 
authentication mechanisms of DKIM and SPF. It also uses it within the 
context of DMARC processing, itself, but it does not define what those 
terms mean, in that context.  Beyond reference to DMARC 'policy' 
records, text in the specs that talk about processing DMARC policy is 
similarly implicit, rather than explicit. The only clear, explicit 
directive about DMARC outcomes seems to be Section 6.6.2 #6, Apply policy."




      Completion of Guide on DMARC Usage


What will it take to complete this doc?


     One example would be a spec revision effort that targets 
clarification, based on experience coding and deploying DMARC.




     I'll also suggest that it would help allay public concerns about 
DMARC to be able to have this document include experience-based text 
about ARC usage; both discussing how to use it and how effective it is.


d/


--
Dave Crocker
Brandenburg InternetWorking
bbiw.net

_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc






















					Reply via email to