In brief: My thinking is based on these foundations: - the incoming email gateway is an AAA server which conditionally allows anonymous logins - The NIST framework for digital identity. https://pages.nist.gov/800-63-3/
In that regard, digital identity is the focus, not human headcount. "customerserv...@example.com" can be an author, even though different individuals are responsible for different messages. My definition of a multiple-author architecture would be one where: - General: The different section of the message must be tagged with the identity of the author for that section. - Specific: Since the email infrastructure is an untrusted environment, the identities must be verifiable by some mechanism. The chairs would probably consider this off-topic at this time, but I would be willing to pursue a theoretical discussion at an appropriate time or forum. On the larger point: You can launch an experiment with or without the paperwork blessing of IETF Experimental status, and you may get IETF blessing despite my objections. You can begin recruiting domain owners immediately. So I am not your problem. What you need is a really good sales pitch to convince many thousands of domain owners, and the trade press, that this is something that they should implement. The pitch needs to include: - The mailing list problem is important to the email security manager. - The mailing list behavior which creates the problem is legitimate. (Abandon the argument that DMARC creates the problem.) - This proposal is a sufficient solution to the problem. - This proposal is the best solution to the problem. - This proposal is a secure solution to the problem. You should view me as the practice session for the sales pitch that really matters. You will not get far with the sales pitch my telling your audience that they are wrong. My warning is that you do not have a convincing sales pitch at this time. I believe the sales pitch has problems in every one of these categories. DF _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
