[dmarc-ietf] Can we consider some process changes to speed attainment of conclusions?
It seems like the chairs have been relatively _laissez faire_ to an extreme degree in this group. As a result the group seems to be a bit adrift and not reaching any particular conclusions. I'd like to call on the chairs to consider bringing a bit more focus to the discussions so that they could achieve closure more quickly. Ideally we could come to these changes without having to wait for IETF109. --Kurt Andersen ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
[dmarc-ietf] Academic research on phish cues
https://academic.oup.com/cybersecurity/article/6/1/tyaa009/5905453 was just published by NIST, proposing a difficulty rating scale for detecting (and hence avoiding) phishing messages. Interestingly, the domain aspects are relatively minor cues amongst their extensive list. They do not score the efficacy of individual cues, but rather generate an aggregated potential score for the phish campaign to rank the difficulty of spotting it. I don't see this as directly relevant to the WG's effort, but there has been some discussion regarding research into user behaviour... --Kurt ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
[dmarc-ietf] Response to a claim in draft-crocker-dmarc-author-00 security considerations
Dave writes: However, for all of the real and serious demonstration of users' being tricked by deceptive or false content in a message, there is no evidence that problematic content in a field providing information about message's author directly contributes to differential and problematic behavior by the end user. I'd counter by personal anecdote that we have had to undertake security remediations because of messages which were forwarded by our CEO to other employees for responses which happened to contain malware and/or bad links. Presumably, the cachet which was carried along with "important person says look into this" overcame whatever native caution or skepticism might have prevented them from falling prey otherwise. --Kurt ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
Re: [dmarc-ietf] New Version Notification for draft-ietf-dmarc-arc-protocol-23.txt
Meant to send this to the list... On Tue, Dec 18, 2018 at 1:16 PM Kurt Andersen wrote: > This version incorporates some slightly clarified wording in response to > Eric Rescorla's last call comments (section 9) and updates the > Implementation Status (section 12) with the latest information as of the > October 2018 interop. > > --Kurt > > On Tue, Dec 18, 2018 at 1:12 PM wrote: > >> >> A new version of I-D, draft-ietf-dmarc-arc-protocol-23.txt >> has been successfully submitted by Kurt Andersen and posted to the >> IETF repository. >> >> Name: draft-ietf-dmarc-arc-protocol >> Revision: 23 >> Title: Authenticated Received Chain (ARC) Protocol >> Document date: 2018-12-18 >> URL: >> https://www.ietf.org/internet-drafts/draft-ietf-dmarc-arc-protocol-23.txt >> Status: >> https://datatracker.ietf.org/doc/draft-ietf-dmarc-arc-protocol/ >> Htmlized: >> https://tools.ietf.org/html/draft-ietf-dmarc-arc-protocol-23 >> Htmlized: >> https://datatracker.ietf.org/doc/html/draft-ietf-dmarc-arc-protocol >> Diff: >> https://www.ietf.org/rfcdiff?url2=draft-ietf-dmarc-arc-protocol-23 >> > ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
[dmarc-ietf] Final nits fixes after IESG review for ARC protocol
This new version fixes a handful of minor points raised in the IESG reviews. It should be good to hand off to the editors... Name: draft-ietf-dmarc-arc-protocol Revision: 22 Title: Authenticated Received Chain (ARC) Protocol Document date: 2018-12-12 Group: dmarc Pages: 39 URL: https://www.ietf.org/internet-drafts/draft-ietf-dmarc-arc-protocol-22.txt Status: https://datatracker.ietf.org/doc/draft-ietf-dmarc-arc-protocol/ Htmlized: https://tools.ietf.org/html/draft-ietf-dmarc-arc-protocol-22 Htmlized: https://datatracker.ietf.org/doc/html/draft-ietf-dmarc-arc-protocol Diff: https://www.ietf.org/rfcdiff?url2=draft-ietf-dmarc-arc-protocol-22 --Kurt ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc