On Thu, Nov 23, 2023 at 9:19 AM Douglas Foster <
dougfoster.emailstanda...@gmail.com> wrote:

> The gap between what is being attempted and what is needed is a huge
> personal disappointment.
>

You have made your disappointment plain more times than I can remember.
It's on the record each of those times that the working group has noted and
considered that position.  There's no need to continue repeating yourself.
In fact, I would submit that this repetition is beginning to look a lot
like a denial of service attack on the working group.

Please desist.  I would prefer that the chairs not be forced into the
position of having to invoke BCP 94 just to complete its chartered work.
At this point, I'd have to say that I would support such an action without
them even asking.

The DMARC goal should be to block malicious impersonation without blocking
> wanted messages, where "wanted" is in the eyes of the evaluator and his end
> user.    That puts the onus on the evaluator.   RFC 7960 said that
> evaluators need to be aware of problems, but gave no solutions.   DMARCbis
> replaces the evaluator with a mindless automaton, repeating all the worst
> mistakes of RFC 7489.
>

DMARC aims to solve a problem at least one layer lower than where you seem
to be fixed in your thinking.  I don't know how to resolve such a
stalemate.  DMARC is not going to up-level itself (it was specifically
chartered to deal with the layer where it lives only, and nothing more, for
very good reasons) and you appear steadfast about the layer where you want
solutions to appear.   You and the WG are talking past each other,
consuming precious resources.  I would like to see this corrected.

There is at least one other person monitoring this WG that would like to
see a broader email authentication effort started.  You might try finding
that person and adding your energy to his to see if something comes of it.


> This is from a real-world conversation with a product support tech:
>    Me:  I cannot use your DMARC implementation because it does not have an
> exception mechanism.
>    Him:   Why would you need exceptions?
> I blame his ignorance, and his product's inadequacies, on RFC 7489, which
> defined no exceptions.
>

How likely do you believe it is that the support tech you spoke to has an
understanding of the protocol intricacies involved here?  Or has read RFC
7489 in its entirety?  Or is aware of its status?  Or knows what an RFC
is?  I suspect that person's source (if there is one) is elsewhere.

We need a document that is targeted at evaluators, to help them make
> correct disposition decisions for their organizations.   The current
> document blames the charter as the reason that it does not even try.
>

...which is the right thing for it to do.  If this working group were to
put forward a DMARCbis that either exceeds or falls short of its charter,
it is unlikely to get approval for publication.

You have already made it abundantly clear that you feel the charter
cripples the working group from producing what you think the community
needs.  You have generated two drafts that appear to advance practices or
information you feel are more appropriate.  It does not appear that the
working group concurs with these positions.  Adding continued sound and
fury seems to me to be unlikely to change this result and has the semblance
of being non-constructive.

-MSK, ART Area Director
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

Reply via email to