Murray, Notwithstanding the extensive commentary on this list in the last 24 hours, you wrote the following so let me share some thoughts.
<<<To be clear, however: I think the working group mailing list archive has enough of a record that participants think the experiment will be useful or even critical to the evolution of DMARC, though people are of course welcome to affirm that support for the record. The question being put, however, goes to the form of the experiment and the current form of DMARC as a protocol with respect to determining Organizational Domains, and whether there are indeed risks to the deployed infrastructure that the experiment could become permanent. That's the meaty stuff that would really help to move this along.>>> First, while I know you've said the needs of external actors won't weigh on your decision about moving forward, I would like to mention that having a stable reference for PSD DMARC will help us with working towards policy changes that would allow us to participate in this experiment. It may not be important to the WG Chairs' decision on the draft, but there are stakeholders for whom it is important. Second, I have consulted with my technical advisors and our conclusion is that the risks to deployed infrastructure if this experiment becomes permanent are negligible. Currently the PSL has 8,818 non-comment entries. For PSD DMARC, we have 4. We don't believe adding a list that's ..04% as long as the one that is currently being used successfully for DMARC is an issue at all. Additionally, we believe that the use of this list to constrain when PSD DMARC lookups will need to occur provides a very useful limit on the impacts to DNS (not that we would expect them to be significant regardless). Finally, if the DMARC working group is successful in updating DMARC not to use the PSL, then PSD DMARC would naturally evolve to use that solution (PSD is currently defined relative to org domain, so if the method for finding org domain changes, PSD DMARC will use it without any change needed). As a result, to the extent the use of lists like the PSL is a problem, PSD DMARC is already ready to take advantage of whatever solution the IETF develops. In short, we've reviewed this and see many advantages to proceeding and none for not. Craig *--* Craig Schwartz Managing Director fTLD Registry Services | .BANK & .INSURANCE Office: +1 202 589 2532 Mobile: +1 202 236 1154 Skype: craig-schwartz www.fTLD.com On Mon, Feb 3, 2020 at 10:08 PM Murray S. Kucherawy <superu...@gmail.com> wrote: > On Mon, Feb 3, 2020 at 4:24 PM Craig Schwartz <cr...@ftld.com> wrote: > >> Hi Murray, >> >> <<<The chairs will not accept hearsay replies or opinions, or expressions >> of needing this work but not knowing how to engage; you either give your >> feedback on the list or privately to the chairs or Area Directors, or you >> are along for whatever ride results. Please indicate, as soon as possible, >> where your support lies given the above.>>> >> >> In my capacity as managing director of fTLD Registry Services (fTLD), >> registry operator of the .BANK and .INSURANCE TLDs, I believe PSD would >> provide invaluable threat intelligence to domain registrants and to TLD >> administrators like ourselves for NXDOMAINs. PSD has tremendous value to >> specialized TLDs including, but not limited to, .BRANDS, community-based >> domains, high-security domains, governments, etc. and as such I believe PSD >> should proceed. I’ve previously posted to this list expressing this view >> and while fTLD cannot participate in experimentation due to a prohibition >> by ICANN, we remain committed to supporting and seeing this work continue. >> > > Craig, > > Thanks for this, and for one other person that sent to the chairs > privately (it was a list non-member caught in moderation, nothing secret).. > > To be clear, however: I think the working group mailing list archive has > enough of a record that participants think the experiment will be useful or > even critical to the evolution of DMARC, though people are of course > welcome to affirm that support for the record. The question being put, > however, goes to the form of the experiment and the current form of DMARC > as a protocol with respect to determining Organizational Domains, and > whether there are indeed risks to the deployed infrastructure that the > experiment could become permanent. That's the meaty stuff that would > really help to move this along. > > -MSK >
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc