Re: [dmarc-ietf] Binding Operational Directive 18-01 require agencies to implement STARTTLS, SPF and DMARC
The directive site has a pretty comprehensive overview of email authentication in general (cyber.dhs.gov/intro/) and actually has a section on negative side effects of DMARC that also references this working group's efforts on ARC: https://cyber.dhs.gov/guide/#can-email-authentication-hinder-my-organizations-ability-to-deliver-email On Fri, Oct 20, 2017 at 5:28 AM, Rose, Scottwrote: > We were consulted near the end (as in, the BOD was nearly final), but none > of our comments changed the text as it is now. > > From conversations we had, DHS did not include DKIM because they could not > figure out a way to fully test for compliance. They knew of it, and have in > fact asked agencies to report on DKIM usage in previous years. The authors > of the BOD knew about DKIM’s interactions with mailing lists, so that might > have been a reason to not include it. > > Our main concerns were the fairly quick deadlines (in gov’t terms). Many > agencies have long term contracts with their email providers and may have > issues meeting some of the deadlines. > > Scott > > On 18 Oct 2017, at 18:19, Rolf E. Sonneveld wrote: > > Hi, >> >> See https://na01.safelinks.protection.outlook.com/?url=https%3A% >> 2F%2Fcyber.dhs.gov%2F=02%7C01%7Cscott.rose%40nist.gov%7 >> Cb5347aa561ac4463b2c108d516765afb%7C2ab5d82fd8fa4797a93e0546 >> 55c61dec%7C1%7C0%7C636439619945868015=pzPhmEpOJgCXqSOX >> VLtK8OMwNaIkkdywSmCSHDzoAKM%3D=0 >> >> DKIM is mentioned but not required, nor any negative side effects that >> the use of DMARC can have. Has anyone from the IETF been consulted for this >> directive? >> >> /rolf >> >> ___ >> dmarc mailing list >> dmarc@ietf.org >> https://na01.safelinks.protection.outlook.com/?url=https%3A% >> 2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fdmarc=02% >> 7C01%7Cscott.rose%40nist.gov%7Cb5347aa561ac4463b2c108d516765 >> afb%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C63643961994 >> 5868015=nK%2FlKruHCEWTNaF4flKnBy2aGeeFQu01% >> 2BWsFRBLmzac%3D=0 >> > > > === > Scott Rose > NIST ITL > scott.r...@nist.gov > +1-301-975-8439 > GV: +1-571-249-3671 > === > > > ___ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc > ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
Re: [dmarc-ietf] Binding Operational Directive 18-01 require agencies to implement STARTTLS, SPF and DMARC
We were consulted near the end (as in, the BOD was nearly final), but none of our comments changed the text as it is now. From conversations we had, DHS did not include DKIM because they could not figure out a way to fully test for compliance. They knew of it, and have in fact asked agencies to report on DKIM usage in previous years. The authors of the BOD knew about DKIM’s interactions with mailing lists, so that might have been a reason to not include it. Our main concerns were the fairly quick deadlines (in gov’t terms). Many agencies have long term contracts with their email providers and may have issues meeting some of the deadlines. Scott On 18 Oct 2017, at 18:19, Rolf E. Sonneveld wrote: Hi, See https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcyber.dhs.gov%2F=02%7C01%7Cscott.rose%40nist.gov%7Cb5347aa561ac4463b2c108d516765afb%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C636439619945868015=pzPhmEpOJgCXqSOXVLtK8OMwNaIkkdywSmCSHDzoAKM%3D=0 DKIM is mentioned but not required, nor any negative side effects that the use of DMARC can have. Has anyone from the IETF been consulted for this directive? /rolf ___ dmarc mailing list dmarc@ietf.org https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fdmarc=02%7C01%7Cscott.rose%40nist.gov%7Cb5347aa561ac4463b2c108d516765afb%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C636439619945868015=nK%2FlKruHCEWTNaF4flKnBy2aGeeFQu01%2BWsFRBLmzac%3D=0 === Scott Rose NIST ITL scott.r...@nist.gov +1-301-975-8439 GV: +1-571-249-3671 === ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
Re: [dmarc-ietf] Binding Operational Directive 18-01 require agencies to implement STARTTLS, SPF and DMARC
I've notified GlobalCyberAlliance, they have contacts at DHS /Henrik Schack On Thu, Oct 19, 2017 at 12:19 AM, Rolf E. Sonneveld < r.e.sonnev...@sonnection.nl> wrote: > Hi, > > See https://cyber.dhs.gov/ > > DKIM is mentioned but not required, nor any negative side effects that the > use of DMARC can have. Has anyone from the IETF been consulted for this > directive? > > /rolf > > ___ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc > -- Mvh/Best regards Henrik Schack ICQ: 889295 http://henrik.schack.dk/ http://links.schack.dk/ ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
[dmarc-ietf] Binding Operational Directive 18-01 require agencies to implement STARTTLS, SPF and DMARC
Hi, See https://cyber.dhs.gov/ DKIM is mentioned but not required, nor any negative side effects that the use of DMARC can have. Has anyone from the IETF been consulted for this directive? /rolf ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc