Re: [dmarc-ietf] [apps-discuss] Start of DMARC WG + proposed milestones
On 8/18/2014 8:31 AM, Tim Draegen wrote:
If you have comments on the milestones, please provide them by August 25th.
Have fun,
Mostly small, suggested wording tweaks, to improve clarity and possibly
avoid some unnecessary points of controversy.
There's one (???) with a change I think is correct. If it isn't the
reason needs to be made explicit.
[1] http://datatracker.ietf.org/wg/dmarc/charter/
Domain-based Message Authentication, Reporting Conformance (DMARC)
uses existing mail authentication technologies (SPF and DKIM) to
extend validation to the RFC5322.From field. DMARC uses DNS records
to extend - and extends
DKIM and SPF don't do the extending. DMARC does. DKIM and SPF are
merely underpinnings.
to add policy-related requests for receivers and defines a feedback
mechanism from receivers back to domain owners. This allows a domain
owner to advertise that mail can safely receive differential
handling, such as rejection, when the use of the domain name in the
From field is not authenticated. Existing deployment of DMARC has
demonstrated utility at internet scale, in dealing with significant
internet - Internet
email abuse, and has permitted simplifying some mail handling
processes. However, DMARC is problematic for mail that does not flow
for mail that does not flow - for indirect mail flows that are not
from operators having a relationship with the domain owner, directly
directly - and directl
('direct' vs. 'indirect' is an essential issue and the terminology needs
to be established here, to make the late use clear.)
to receivers operating the destination mailbox (for example, mailing
mailbox ( for mailing - mailbox. Examples include mailing
lists, publish-to-friend functionality, mailbox forwarding via
.forward, and third-party services that send on behalf of clients).
The working group will explore possible updates and extensions to the
specifications in order to address limitations and/or add
specifications - specifications
capabilities. It will also provide technical implementation guidance
and review possible enhancements elsewhere in the mail handling
sequence that could improve DMARC compatibility.
The existing DMARC base specification has been submitted as an
Independent Submission to become an Informational RFC.
Specifications produced by the working group will ensure preservation
of DMARC utility for detecting unauthorized use of domain names,
hmmm. on reflection, this works better as a positve:
utility for detecting authorized use of domain names
Use for detecting unauthorized use is far more complicated and
potentially controversial. Use for detecting authorized use is
straightforward.
while improving the identification of legitimate sources that do not
currently conform to DMARC requirements. Issues based on operational
experience and/or data aggregated from multiple sources will be given
priority.
The working group will seek to preserve interoperability with the
installed base of DMARC systems, and provide detailed justification
for any non-interoperability. As the working group develops solutions
to deal with indirect mail flows, it will seek to maintain the
end-to-end nature of existing identifier fields in mail, in
particular avoiding solutions that require rewriting of originator
fields.
Working group activities will pursue three tracks:
1. Addressing the issues with indirect mail flows
The working group will specify mechanisms for reducing or eliminating
the DMARC's effects on indirect mail flows, including deployed
delete [the]
behaviors of many different intermediaries, such as mailing list
managers, automated mailbox forwarding services, and MTAs that
perform enhanced message handling that results in message
handling that - handling, which
(if only to reduce the number of 'that's in the sentence...)
modification. Among the choices for addressing these issues are:
- A form of DKIM signature that is better able to survive transit
through intermediaries.
- Collaborative or passive transitive mechanisms that enable an
intermediary to participate in the trust sequence, propagating
authentication directly or reporting its results.
- Message modification by an intermediary, to avoid authentication
failures, such as by using specified conventions for changing
the aligned identity.
Consideration also will be given to survivable authentication through
sequences of multiple intermediaries.
2. Reviewing and improving the base DMARC specification
The working group will not develop additional mail authentication
technologies, but may document authentication requirements that are
document authentication - document additional authentication
(???)
desirable.
If they are 'desireable' they are not 'requirements'. If they are
requirements they are not merely desirable.
Perhaps:
but can consider additional authentication-related issues
Re: [dmarc-ietf] [apps-discuss] Start of DMARC WG + proposed milestones
On 8/24/2014 3:37 PM, Dave Crocker wrote: If you have comments on the milestones, please provide them by August 25th. Have fun, So, obviously I read the wrong text carefully. Sorry. Was so zoned into doing a series of reviews I forgot that the wg was already chartered, and no it doesn't get changed for editing improvements after that. Oh boy. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
Re: [dmarc-ietf] [apps-discuss] Start of DMARC WG + proposed milestones
The list of milestones and deliverables looks good to me. Having not participated in an IETF working group before, I have process oriented questions. Am I a part of the working group by being a member of the dmarc@ietf.org list? Yes. The IETF doesn't have a concept of membership; you either participate or you don't. How do I contribute to the working group, will the chairs ask for input at specific times or for volunteers to write specific pieces of documents? Both of those things will probably happen, but that's in addition to general list discussions on current topics relevant to the goals of the group. How does the working group decide that any given suggestion warrants inclusion in a deliverable or a base spec change or some other action? When there's a rough consensus among the participants to do so. Usually it's pretty obvious whether something is supported or not, but it's up to the WG chairs to make the close calls. Ned P.S. You might want to take a look at The Tao of IETF: A Novice's Guide to the Internet Engineering Task Force, available here: http://www.ietf.org/tao.html ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
Re: [dmarc-ietf] [apps-discuss] Start of DMARC WG + proposed milestones
Hi Tim, The list of milestones and deliverables looks good to me. Having not participated in an IETF working group before, I have process oriented questions. Am I a part of the working group by being a member of the dmarc@ietf.org list? How do I contribute to the working group, will the chairs ask for input at specific times or for volunteers to write specific pieces of documents? How does the working group decide that any given suggestion warrants inclusion in a deliverable or a base spec change or some other action? Thanks, Mike On Mon, Aug 18, 2014 at 8:31 AM, Tim Draegen t...@eudaemon.net wrote: Hello world of email, The DMARC WG is getting started [1]. This IETF working group's goal is to address interoperability issues with indirect email flows, to document operational practices, and to mature the existing DMARC base specification. If you would like to join please visit the DMARC WG [2]. The WG's Wiki page [3] documents the approach the WG will take to produce its deliverables. You can find the roadmap/milestones on the site [4]. For your convenience, the proposed milestones are: - 91st IETF: Document describing interoperability issues with DMARC and indirect mail flows. - EOY 2014: Deliverable #1 (above document + possible methods to address). - Feb 2015: draft DMARC Usage Guide - 92nd IETF: Deliverable #2 - Document describing DMARC improvements to better support indirect mail flows. - May 2015: Deliverable #3 - base spec changes + DMARC Usage Guide If you have comments on the milestones, please provide them by August 25th. Have fun, =- Tim [1] http://datatracker.ietf.org/wg/dmarc/charter/ [2] https://www.ietf.org/mailman/listinfo/dmarc [3] http://trac.tools.ietf.org/wg/dmarc/trac/wiki [4] http://trac.tools.ietf.org/wg/dmarc/trac/roadmap ___ apps-discuss mailing list apps-disc...@ietf.org https://www.ietf.org/mailman/listinfo/apps-discuss -- *Mike Jones, Director of Product Management* *mjo...@agari.com mjo...@agari.com l M: 703.728.3978 l www.agari.com http://www.google.com/url?q=http%3A%2F%2Fwww.agari.com%2Fsa=Dsntz=1usg=AFrqEzfeN6IEWk_XTZnvAI-p7poxyjlAkQChanging Email Security For Good* http://www.google.com/url?q=http%3A%2F%2Fwww.agari.comsa=Dsntz=1usg=AFrqEzd4mZ00_sT0PTWz6Ol1KrgLNpsu8w *l* http://www.google.com/url?q=http%3A%2F%2Fwww.facebook.com%2Fpages.agarisa=Dsntz=1usg=AFrqEzenk5sOQNv2kVpEwPOZa1rCMY7U1w http://www.google.com/url?q=http%3A%2F%2Fwww.twitter.com%2Fagariincsa=Dsntz=1usg=AFrqEzcauu14S4nXj_fNJqbceMWl8MuvfA http://www.google.com/url?q=http%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fagarisa=Dsntz=1usg=AFrqEzfp5UPxXBRo5sHX9u4uEwTalrUpEw https://plus.google.com/102166045743309741150/about ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
Re: [dmarc-ietf] [apps-discuss] Start of DMARC WG + proposed milestones
Is the DMARC Usage Guide the same as the BCP or is it a different document? If it is a different document, is the BCP going to be one of the milestones for the WG or is it off the table? Mike -Original Message- From: apps-discuss [mailto:apps-discuss-boun...@ietf.org] On Behalf Of Tim Draegen Sent: Monday, August 18, 2014 11:32 AM To: Apps Discuss; dmarc@ietf.org Subject: [apps-discuss] Start of DMARC WG + proposed milestones Hello world of email, The DMARC WG is getting started [1]. This IETF working group's goal is to address interoperability issues with indirect email flows, to document operational practices, and to mature the existing DMARC base specification. If you would like to join please visit the DMARC WG [2]. The WG's Wiki page [3] documents the approach the WG will take to produce its deliverables. You can find the roadmap/milestones on the site [4]. For your convenience, the proposed milestones are: - 91st IETF: Document describing interoperability issues with DMARC and indirect mail flows. - EOY 2014: Deliverable #1 (above document + possible methods to address). - Feb 2015: draft DMARC Usage Guide - 92nd IETF: Deliverable #2 - Document describing DMARC improvements to better support indirect mail flows. - May 2015: Deliverable #3 - base spec changes + DMARC Usage Guide If you have comments on the milestones, please provide them by August 25th. Have fun, =- Tim [1] http://datatracker.ietf.org/wg/dmarc/charter/ [2] https://www.ietf.org/mailman/listinfo/dmarc [3] http://trac.tools.ietf.org/wg/dmarc/trac/wiki [4] http://trac.tools.ietf.org/wg/dmarc/trac/roadmap ___ apps-discuss mailing list apps-disc...@ietf.org https://www.ietf.org/mailman/listinfo/apps-discuss ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
Re: [dmarc-ietf] [apps-discuss] Start of DMARC WG + proposed milestones
On Aug 18, 2014, at 11:50 AM, MH Michael Hammer (5304) mham...@ag.com wrote: Is the DMARC Usage Guide the same as the BCP or is it a different document? If it is a different document, is the BCP going to be one of the milestones for the WG or is it off the table? They are one and the same. ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
