Re: [dmarc-ietf] Binding Operational Directive 18-01 require agencies to implement STARTTLS, SPF and DMARC

[Seth Blank]

The directive site has a pretty comprehensive overview of email
authentication in general (cyber.dhs.gov/intro/) and actually has a section
on negative side effects of DMARC that also references this working group's
efforts on ARC:
https://cyber.dhs.gov/guide/#can-email-authentication-hinder-my-organizations-ability-to-deliver-email

On Fri, Oct 20, 2017 at 5:28 AM, Rose, Scott  wrote:

> We were consulted near the end (as in, the BOD was nearly final), but none
> of our comments changed the text as it is now.
>
> From conversations we had, DHS did not include DKIM because they could not
> figure out a way to fully test for compliance. They knew of it, and have in
> fact asked agencies to report on DKIM usage in previous years.  The authors
> of the BOD knew about DKIM’s interactions with mailing lists, so that might
> have been a reason to not include it.
>
> Our main concerns were the fairly quick deadlines (in gov’t terms). Many
> agencies have long term contracts with their email providers and may have
> issues meeting some of the deadlines.
>
> Scott
>
> On 18 Oct 2017, at 18:19, Rolf E. Sonneveld wrote:
>
> Hi,
>>
>> See https://na01.safelinks.protection.outlook.com/?url=https%3A%
>> 2F%2Fcyber.dhs.gov%2F=02%7C01%7Cscott.rose%40nist.gov%7
>> Cb5347aa561ac4463b2c108d516765afb%7C2ab5d82fd8fa4797a93e0546
>> 55c61dec%7C1%7C0%7C636439619945868015=pzPhmEpOJgCXqSOX
>> VLtK8OMwNaIkkdywSmCSHDzoAKM%3D=0
>>
>> DKIM is mentioned but not required, nor any negative side effects that
>> the use of DMARC can have. Has anyone from the IETF been consulted for this
>> directive?
>>
>> /rolf
>>
>> ___
>> dmarc mailing list
>> dmarc@ietf.org
>> https://na01.safelinks.protection.outlook.com/?url=https%3A%
>> 2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fdmarc=02%
>> 7C01%7Cscott.rose%40nist.gov%7Cb5347aa561ac4463b2c108d516765
>> afb%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C63643961994
>> 5868015=nK%2FlKruHCEWTNaF4flKnBy2aGeeFQu01%
>> 2BWsFRBLmzac%3D=0
>>
>
>
> ===
> Scott Rose
> NIST ITL
> scott.r...@nist.gov
> +1-301-975-8439
> GV: +1-571-249-3671
> ===
>
>
> ___
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>
___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

Re: [dmarc-ietf] Binding Operational Directive 18-01 require agencies to implement STARTTLS, SPF and DMARC

[Rose, Scott]

We were consulted near the end (as in, the BOD was nearly final), but 
none of our comments changed the text as it is now.


From conversations we had, DHS did not include DKIM because they could 
not figure out a way to fully test for compliance. They knew of it, and 
have in fact asked agencies to report on DKIM usage in previous years.  
The authors of the BOD knew about DKIM’s interactions with mailing 
lists, so that might have been a reason to not include it.


Our main concerns were the fairly quick deadlines (in gov’t terms). 
Many agencies have long term contracts with their email providers and 
may have issues meeting some of the deadlines.


Scott

On 18 Oct 2017, at 18:19, Rolf E. Sonneveld wrote:


Hi,

See 
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcyber.dhs.gov%2F=02%7C01%7Cscott.rose%40nist.gov%7Cb5347aa561ac4463b2c108d516765afb%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C636439619945868015=pzPhmEpOJgCXqSOXVLtK8OMwNaIkkdywSmCSHDzoAKM%3D=0


DKIM is mentioned but not required, nor any negative side effects that 
the use of DMARC can have. Has anyone from the IETF been consulted for 
this directive?


/rolf

___
dmarc mailing list
dmarc@ietf.org
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fdmarc=02%7C01%7Cscott.rose%40nist.gov%7Cb5347aa561ac4463b2c108d516765afb%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C636439619945868015=nK%2FlKruHCEWTNaF4flKnBy2aGeeFQu01%2BWsFRBLmzac%3D=0



===
Scott Rose
NIST ITL
scott.r...@nist.gov
+1-301-975-8439
GV: +1-571-249-3671
===

___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

Re: [dmarc-ietf] Binding Operational Directive 18-01 require agencies to implement STARTTLS, SPF and DMARC

[Henrik Schack]

I've notified GlobalCyberAlliance, they have contacts at DHS

/Henrik Schack

On Thu, Oct 19, 2017 at 12:19 AM, Rolf E. Sonneveld <
r.e.sonnev...@sonnection.nl> wrote:

> Hi,
>
> See https://cyber.dhs.gov/
>
> DKIM is mentioned but not required, nor any negative side effects that the
> use of DMARC can have. Has anyone from the IETF been consulted for this
> directive?
>
> /rolf
>
> ___
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>



-- 
Mvh/Best regards
Henrik Schack
ICQ: 889295
http://henrik.schack.dk/
http://links.schack.dk/
___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

[dmarc-ietf] Binding Operational Directive 18-01 require agencies to implement STARTTLS, SPF and DMARC

[Rolf E. Sonneveld]

Hi,

See https://cyber.dhs.gov/

DKIM is mentioned but not required, nor any negative side effects that 
the use of DMARC can have. Has anyone from the IETF been consulted for 
this directive?


/rolf

___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc