On Thu, Nov 23, 2023 at 9:19 AM Douglas Foster < dougfoster.emailstanda...@gmail.com> wrote:
> The gap between what is being attempted and what is needed is a huge > personal disappointment. > You have made your disappointment plain more times than I can remember. It's on the record each of those times that the working group has noted and considered that position. There's no need to continue repeating yourself. In fact, I would submit that this repetition is beginning to look a lot like a denial of service attack on the working group. Please desist. I would prefer that the chairs not be forced into the position of having to invoke BCP 94 just to complete its chartered work. At this point, I'd have to say that I would support such an action without them even asking. The DMARC goal should be to block malicious impersonation without blocking > wanted messages, where "wanted" is in the eyes of the evaluator and his end > user. That puts the onus on the evaluator. RFC 7960 said that > evaluators need to be aware of problems, but gave no solutions. DMARCbis > replaces the evaluator with a mindless automaton, repeating all the worst > mistakes of RFC 7489. > DMARC aims to solve a problem at least one layer lower than where you seem to be fixed in your thinking. I don't know how to resolve such a stalemate. DMARC is not going to up-level itself (it was specifically chartered to deal with the layer where it lives only, and nothing more, for very good reasons) and you appear steadfast about the layer where you want solutions to appear. You and the WG are talking past each other, consuming precious resources. I would like to see this corrected. There is at least one other person monitoring this WG that would like to see a broader email authentication effort started. You might try finding that person and adding your energy to his to see if something comes of it. > This is from a real-world conversation with a product support tech: > Me: I cannot use your DMARC implementation because it does not have an > exception mechanism. > Him: Why would you need exceptions? > I blame his ignorance, and his product's inadequacies, on RFC 7489, which > defined no exceptions. > How likely do you believe it is that the support tech you spoke to has an understanding of the protocol intricacies involved here? Or has read RFC 7489 in its entirety? Or is aware of its status? Or knows what an RFC is? I suspect that person's source (if there is one) is elsewhere. We need a document that is targeted at evaluators, to help them make > correct disposition decisions for their organizations. The current > document blames the charter as the reason that it does not even try. > ...which is the right thing for it to do. If this working group were to put forward a DMARCbis that either exceeds or falls short of its charter, it is unlikely to get approval for publication. You have already made it abundantly clear that you feel the charter cripples the working group from producing what you think the community needs. You have generated two drafts that appear to advance practices or information you feel are more appropriate. It does not appear that the working group concurs with these positions. Adding continued sound and fury seems to me to be unlikely to change this result and has the semblance of being non-constructive. -MSK, ART Area Director
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
