Murray,
Thanks for the diligent reply.
(As a matter of etiquette, I will again apologize for not having
submitted my concerns earlier. Partially, this was because my
assessment of the work did not gel until recently.)
Some responses:
On 9/3/2019 8:57 AM, Murray S. Kucherawy wrote:
From a higher level view, the experiment can be seen as the
temporary construction of an augmented PSL (i.e., the actual PSL
coupled with the queryable registry described in Appendix B), which
DMARC then can consume to resolve the use cases that have appeared
which now need to be addressed. The portion of the experiment
comprising an augmentation to DMARC’s algorithm would therefore not
be part of DMARC permanently. Then, if the experiment proves
effective, that would become prima facie evidence that the PSL,
augmented with this additional information, would enable DMARC to
resolve those use cases. Such an augmented PSL would still conform
to the desirable separation of functions to which you alluded.
This model of iterative design does not match my own sense of IETF
work, experimental or otherwise.
Simply put, 'temporary' is an appealing but highly misleading
construct, in the form and scale of a standards body.[*] The closest
reality comes to matching that term is when the 'experiment' fails
utterly and the effort must completely restart. When work like this
operates over a period of years and at Internet scale, nothing is
temporary.
If an experiment succeeds, the specified work will have become
entrenched and there will be significant resistance to making major
changes.
With respect to the use of this work as a model for changes to the
PSL, unfortunately the spec is not written in a fashion to support
that. This really is a core concern, in my view: the work needs to
have a basic model that really is expected to be appropriate for the
long term; hence my suggestion to highly limit any changes to DMARC
and, instead, cast the bulk of the work as augmenting the PSL.
That said, and as for getting changes to the PSL, based on my
interactions with that community, I think it unlikely. There does not
seem to be the interest or resources for such work. Strategically,
that's the biggest hurdle to overcome, IMO.
In addition, there are a few very large players in the space who are
unfortunately reticent to declare publicly that they are interested
in seeing this evolutionary experiment proceed. These include large
email providers and operators of sizable TLDs in need of the
capabilities pursued here. This provides some weight to the idea
that this will not be simply a niche experiment.
Good to hear.
Lastly, we note that the idea of “walk up one node” came from an
email thread in December[1] wherein you suggested that approach, and
which the PSD draft now follows. We are thus a little surprised by
the assertion that it should not proceed at all. Was there some
content of that thread that was not taken into account that would
make it palatable?
..
[1]
https://mailarchive.ietf.org/arch/msg/dmarc/pQpKag3acqIISxb-SOrJ3mHFayI
Sigh. Yeah. Still again, sorry. Mostly this is a case of letting an
idea simmer for a while, to think about it more. My feeling is that
the idea does not adequately attend to the items 1 and 2 I listed in
that note.
Hence my current view that:
1. The change to DMARC should be limited to permitting the query for
the organization domain to be anywhere in the DNS tree, including a
TLD. Within DMARC this would not look like 'extra' mechanism.
2. The mechanism that processes that query should be cast strictly as
a PSL enhancement, independent of DMARC.
d/
[*] Note the 'obsolete' construct in RFC 5322. It was introduced in
RFC 2822, as a revision to RFC 822, 20 years ago. As is obvious, it's
intent was to eliminate use of the portions of RFC 822 deemed
obsolete. Yet these portions still haven't been eliminated from the
specification. Twenty years later.
