[dmarc-ietf] Can we consider some process changes to speed attainment of conclusions?

2020-09-25 Thread Kurt Andersen (IETF)
It seems like the chairs have been relatively _laissez faire_ to an
extreme degree in this group. As a result the group seems to be a bit
adrift and not reaching any particular conclusions.

I'd like to call on the chairs to consider bringing a bit more focus to the
discussions so that they could achieve closure more quickly. Ideally we
could come to these changes without having to wait for IETF109.

--Kurt Andersen
___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc


[dmarc-ietf] Academic research on phish cues

2020-09-17 Thread Kurt Andersen (IETF)
https://academic.oup.com/cybersecurity/article/6/1/tyaa009/5905453 was just
published by NIST, proposing a difficulty rating scale for detecting (and
hence avoiding) phishing messages.

Interestingly, the domain aspects are relatively minor cues amongst their
extensive list. They do not score the efficacy of individual cues, but
rather generate an aggregated potential score for the phish campaign to
rank the difficulty of spotting it.

I don't see this as directly relevant to the WG's effort, but there has
been some discussion regarding research into user behaviour...

--Kurt
___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc


[dmarc-ietf] Response to a claim in draft-crocker-dmarc-author-00 security considerations

2020-07-17 Thread Kurt Andersen (IETF)
Dave writes:

However, for all of the real and serious demonstration of users' being
tricked by deceptive or false content in a message, there is no
evidence that problematic content in a field providing information
about message's author directly contributes to differential and
problematic behavior by the end user.

I'd counter by personal anecdote that we have had to undertake security
remediations because of messages which were forwarded by our CEO to other
employees for responses which happened to contain malware and/or bad links.
Presumably, the cachet which was carried along with "important person says
look into this" overcame whatever native caution or skepticism might have
prevented them from falling prey otherwise.

--Kurt
___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc


Re: [dmarc-ietf] New Version Notification for draft-ietf-dmarc-arc-protocol-23.txt

2018-12-18 Thread Kurt Andersen (IETF)
Meant to send this to the list...

On Tue, Dec 18, 2018 at 1:16 PM Kurt Andersen  wrote:

> This version incorporates some slightly clarified wording in response to
> Eric Rescorla's last call comments (section 9) and updates the
> Implementation Status (section 12) with the latest information as of the
> October 2018 interop.
>
> --Kurt
>
> On Tue, Dec 18, 2018 at 1:12 PM  wrote:
>
>>
>> A new version of I-D, draft-ietf-dmarc-arc-protocol-23.txt
>> has been successfully submitted by Kurt Andersen and posted to the
>> IETF repository.
>>
>> Name:   draft-ietf-dmarc-arc-protocol
>> Revision:   23
>> Title:  Authenticated Received Chain (ARC) Protocol
>> Document date:  2018-12-18
>> URL:
>> https://www.ietf.org/internet-drafts/draft-ietf-dmarc-arc-protocol-23.txt
>> Status:
>> https://datatracker.ietf.org/doc/draft-ietf-dmarc-arc-protocol/
>> Htmlized:
>> https://tools.ietf.org/html/draft-ietf-dmarc-arc-protocol-23
>> Htmlized:
>> https://datatracker.ietf.org/doc/html/draft-ietf-dmarc-arc-protocol
>> Diff:
>> https://www.ietf.org/rfcdiff?url2=draft-ietf-dmarc-arc-protocol-23
>>
>
___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc


[dmarc-ietf] Final nits fixes after IESG review for ARC protocol

2018-12-12 Thread Kurt Andersen (IETF)
This new version fixes a handful of minor points raised in the IESG
reviews. It should be good to hand off to the editors...

Name:   draft-ietf-dmarc-arc-protocol
Revision:   22
Title:  Authenticated Received Chain (ARC) Protocol
Document date:  2018-12-12
Group:  dmarc
Pages:  39
URL:
https://www.ietf.org/internet-drafts/draft-ietf-dmarc-arc-protocol-22.txt
Status:
https://datatracker.ietf.org/doc/draft-ietf-dmarc-arc-protocol/
Htmlized:   https://tools.ietf.org/html/draft-ietf-dmarc-arc-protocol-22
Htmlized:
https://datatracker.ietf.org/doc/html/draft-ietf-dmarc-arc-protocol
Diff:
https://www.ietf.org/rfcdiff?url2=draft-ietf-dmarc-arc-protocol-22

--Kurt
___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc