On Sat 13/Jul/2019 21:06:00 +0200 Scott Kitterman wrote: > On Saturday, July 13, 2019 1:22:15 PM EDT Alessandro Vesely wrote: >> On Fri 12/Jul/2019 19:30:35 +0200 Scott Kitterman wrote: >>> On Thursday, July 11, 2019 6:07:50 AM EDT Alessandro Vesely wrote: >>>> >>>> Appendix B.1 lacks a criterion to establish enlisting. Couldn't we >>>> require an explicit statement about seizing DMARC reports in, say, the >>>> delegation report? Alternatively, that policy can be stated in a >>>> well-known place under the delegation services URL, so that >>>> registrants know what they do. >>> >>> It's in the appendix because we don't have a clear path forward. This is >>> part of the experiment. We need to be careful though since different >>> PSDs operate under different authorities and controls, so there is a >>> point beyond which it's not the IETF that decides. >> >> I hypothesized that all what is needed to gran enlistment to a >> PSO is that its policy to seize DMARC at PSD level be published, >> so that registrant can learn about is before registering. Is >> that correct? I mean does a public statement suffice?>> > > In my view the challenge around which PSDs receivers should check for a PSD > DMARC record needs to be external to the PSD (i.e. not a self-assertion).
Agreed. However, even if it were written in the delegation record at IANA, it would still have to have been initiated by the PSO. So the requirement is a sort of validated/ agreed upon self-assertion. > Some options are presented in Appendix A. If, as a result of the experiment, > it's concluded that self-assertion is acceptable, then all that's needed is > to > publish the record. I don't think we need a second place to look up to tell > receivers to do the record lookup. >From an implementer's POV, having a short list to complement the PSL, to be updated not very often, sounds convenient. For the algorithm, a few extra string comparisons are still quicker than one more DNS lookup. In addition, the organization who publishes that list qualifies as an authority for monitoring those self-assertions. It can tell when a PSO first published its policy, and hence which registrants could have operated their 2nd or 3rd level domain without being aware of that. If it's important to preserve mail site operators' rights, that is. Best Ale -- _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
