[dmarc-ietf] New DMARC WG, was Re: DKIM through mailing lists (rebutting MLs won't change)

2014-05-30 Thread Steven M Jones
On 05/30/2014 11:28 AM, Stephen J. Turnbull wrote:
> Murray S. Kucherawy writes:
>
>  > > DMARC change is even more off the table than MLM software change
>  > > (which does, as you suggest, evolve over time).
>  > 
>  > Are there changes people want to make?
>
> I am of the opinion that the technical DMARC protocols (including
> "p=reject") are fine.  ... I'm sure that the
> probability of technical bugs in the protocols remaining is not zero,
> but I imagine they'll be fixed as discovered.

Yes, technical bug probability aside, it works well and at scale, and
has for more than two years.

Speaking strictly for myself, I expected DMARC and/or other specs and
practices to evolve such that together they would support more use cases
overall. The need to address those areas was well understood and was
commented on publicly for quite a while, even if it wasn't adequately
documented in the spec.

Unfortunately previous activity to establish an IETF working group -
where I had thought that evolution would happen - failed. The upshot was
that the expected development didn't happen, and DMARC has been
effectively static. In the meantime the large scale abuse of email
continued to morph, to the point where DMARC was seen as the least
harmful option to address a pernicious trend.

I would like to see an IETF working group formed, so that we maintain
the use cases where DMARC is currently effective and support additional
use cases where it currently isn't.


> I would like the logical consequences of
> unilateral publication of "p=reject" without prior arrangement with
> *all* possible relays spelled out.

I agree that a solid list of known consequences would be good. And I'm
sure it will grow beyond what any of us expect...

--Steve.


___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc


[dmarc-ietf] New DMARC WG, was Re: DKIM through mailing lists (rebutting MLs won't change)

2014-05-30 Thread Steven M Jones
On 05/30/2014 10:20 AM, Scott Kitterman wrote:
> On Friday, May 30, 2014 17:07:30 Elizabeth Zwicky wrote:
>> On 5/29/14, 8:44 PM, "Scott Kitterman"  wrote:
>>> DMARC change is even more off the table than MLM software change 
>> DMARC changes are not off the table for Yahoo. ...
> Great.  Then instead of submitting DMARC as is via a non-IETF process, let's 
> have a working group chartered to do that work.

The Independent Submissions stream is an IETF process. However it does
not involve a working group.

Whether due to too much concern over potentially incompatible changes,
or too much alarm at the language used to try to avoid it, past attempts
to form a working group failed. More than one attempt was made. The
Independent Submission stream was not the first choice.

I have wanted to see DMARC - and any other necessary protocols - become
the subject of a working group for two years. I hope we can find a way
to make that happen.

--S.

___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc


Re: [dmarc-ietf] New DMARC WG, was Re: DKIM through mailing lists (rebutting MLs won't change)

2014-05-30 Thread Douglas Otis

On May 30, 2014, at 6:46 PM, Steven M Jones  wrote:

> On 05/30/2014 10:20 AM, Scott Kitterman wrote:
>> On Friday, May 30, 2014 17:07:30 Elizabeth Zwicky wrote:
>>> On 5/29/14, 8:44 PM, "Scott Kitterman"  wrote:
 DMARC change is even more off the table than MLM software change 
>>> DMARC changes are not off the table for Yahoo. ...
>> Great.  Then instead of submitting DMARC as is via a non-IETF process, let's 
>> have a working group chartered to do that work.
> 
> The Independent Submissions stream is an IETF process. However it does
> not involve a working group.
> 
> Whether due to too much concern over potentially incompatible changes,
> or too much alarm at the language used to try to avoid it, past attempts
> to form a working group failed. More than one attempt was made. The
> Independent Submission stream was not the first choice.
> 
> I have wanted to see DMARC - and any other necessary protocols - become
> the subject of a working group for two years. I hope we can find a way
> to make that happen.

Dear Steven,

I agree with this view.  I am confident a fairly effective protocol can allow a 
DMARC domain to communicate whether another domain forwards their messages. 
This could be seen as a type of federation similar to how single-sign-on works. 
 Once such abilities have been instantiated between the domain asserting DMARC 
and the domain enforcing DMARC, nothing else really needs to change. There 
would be less concern about the negative impact DMARC could have on other email 
uses.

Since this communication would serve a very small faction of overall email 
traffic from a DNS perspective, DNS should be fine. Results could be cached for 
300 seconds or more to improve scaling and at the same time reduce latency.  
Even then, DMARC feedback would be a minor fraction of email related DNS 
traffic.   

Not offering feedback would be analogous to a parent denying the existence of 
their own children then having them fend for themselves.  This attitude burdens 
receivers lacking knowledge about which exceptions are valid.

No other domain should offer these answers.  With that said, DNAME would also 
allow several DMARC domains to select a common feedback zone.  It seems this 
would be close to what John Levine described, except each DMARC domain would be 
their own trust anchor for all their related email traffic.

Regards,
Douglas Otis
___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc


Re: [dmarc-ietf] New DMARC WG, was Re: DKIM through mailing lists (rebutting MLs won't change)

2014-05-31 Thread Scott Kitterman
On Friday, May 30, 2014 18:46:45 Steven M Jones wrote:
> On 05/30/2014 10:20 AM, Scott Kitterman wrote:
> > On Friday, May 30, 2014 17:07:30 Elizabeth Zwicky wrote:
> >> On 5/29/14, 8:44 PM, "Scott Kitterman"  wrote:
> >>> DMARC change is even more off the table than MLM software change
> >> 
> >> DMARC changes are not off the table for Yahoo. ...
> > 
> > Great.  Then instead of submitting DMARC as is via a non-IETF process,
> > let's have a working group chartered to do that work.
> 
> The Independent Submissions stream is an IETF process. However it does
> not involve a working group.

No.  It's not.  That's why it's independent.  There's no IETF consensus for 
Independent Submissions, only a very (by design) limited role for the IESG to 
do conflict reviews.

This may seem like nit picking, but for doing work @ietf.org, it's a quite 
important one, IMO.

Scott K

___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc