> Let me pinpoint that the hack you talk about is the use of wildcards, which > Scott's draft tries to fix with the np= tag. That's a protocol issue.
Fair point. I was only trying to make sure that people don’t take wildcards as a long term solution to this problem. In our experience, they're not. > At a PSO level, someone decided that gov.uk can publish TXT records which may > affect all of the downward tree --solved. That was me. Still don't agree that the problem is 'solved', but I may just be being a pedant :-). > The bank PSO cannot do that, and we (the WG) look forward to ICANN allowing > it --not yet solved. Agreed. > I hope I've now clarified what I mean by "ICANN problem". Yes, thanks. I think we can, as the WG, do something - and that's to make known to ICANN the problem we believe exists and how their current policy could be amended (safely) to help fix it. We'll certainly do that, but I know our voice is not strong. Consistent messaging from people on this group would help, I believe. Ta. I. -- Dr Ian Levy Technical Director National Cyber Security Centre i...@ncsc.gov.uk Staff Officer : Kate Atkins, kat...@ncsc.gov.uk (I work stupid hours and weird times – that doesn’t mean you have to. If this arrives outside your normal working hours, don’t feel compelled to respond immediately!) -----Original Message----- From: dmarc <dmarc-boun...@ietf.org> On Behalf Of Alessandro Vesely Sent: 12 November 2019 08:17 To: dmarc@ietf.org Subject: Re: [dmarc-ietf] Comment on draft-ietf-dmarc-psd On Tue 12/Nov/2019 07:59:09 +0100 Ian Levy wrote: >> while _dmarc.gov.uk returns a valid record. The latter is a Nominet, >> already solved problem, AFAICS.> > I can speak authoritatively about this. What we’ve got is an evil, > hacky kludge that has some weird side effects (since we respond to > *any* non existent sub domain, not just DMARC and SPF related ones). > It’s just about passable as an interim, but we believe we need a > better, targeted solution along the lines of Scott’s draft. Thank you for chiming in. Let me pinpoint that the hack you talk about is the use of wildcards, which Scott's draft tries to fix with the np= tag. That's a protocol issue. At a PSO level, someone decided that gov.uk can publish TXT records which may affect all of the downward tree --solved. The bank PSO cannot do that, and we (the WG) look forward to ICANN allowing it --not yet solved. The com PSO cannot do it either, but I'd guess lots of people trust that ICANN will never allow it. I hope I've now clarified what I mean by "ICANN problem". Scott's draft cannot solve it, albeit it nearly touches on the point at the end of the intro. It is not a protocol problem. It involves PSO-registrants agreements, and ICANN managing that stuff. There is not much we (the WG) can do, except hoping that ICANN may consider protocol factors when making decisions. As an Internet user, I'd welcome diversity among TLDs, as numerousness without diversity becomes just annoying. Best Ale -- _______________________________________________ dmarc mailing list dmarc@ietf.org https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fdmarc&data=02%7C01%7Cian.levy%40ncsc.gov.uk%7Cf21cf2f2ad5f40c6740208d76748ae44%7C14aa5744ece1474ea2d734f46dda64a1%7C0%7C0%7C637091434175522175&sdata=EZCj0S7gpioXC1UWsJ%2B8wsU8D1%2FPdtA2FZGBn84vj%2BQ%3D&reserved=0 This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfo...@ncsc.gov.uk. All material is UK Crown Copyright © _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc