Michael (and FB crew), I acknowledge that due diligence was done for the proof of concept 6 months ago, and a more open version of due diligence is being done now with the draft and an open internet community.
I'm an outsider so I'll ask these simple questions: - Are 3rd parties (aka those not privy to your backdoors white board sessions) aware of what you have "high confidence" in, and the areas you seek assistance? - Are these needs made clear in a place other than "the archives" - Is it unexpected that a ADMDs will go through the same fear, uncertainty, and doubt that (according to your message) took "months" to hash out? Michael, what you see as an insult is just someone who is frustrated by a lack of transparency, and needs more information. If that information isn't in the draft, and isn't appropriate for such a document, perhaps a Wiki page should be created to address these historical concerns. What are your (FB.com et al) thoughts on creating a wiki page for historical and upcoming edits to the draft? (note I don't want to interfere with the ietf notes well process) Sent via BlackBerry from T-Mobile -----Original Message----- From: Michael Adkins <[email protected]> Sender: [email protected]: Sun, 8 Jul 2012 01:55:18 To: Alan Maitland<[email protected]>; [email protected]<[email protected]> Subject: Re: [dmarc-discuss] Clarification needed; Does p=none override -all and ADSP in all cases? > > > >"We are part of bigger infrastructures than you ever will be and have >also thought long and hard about all this over a Kirk burger" is just >probably not going to provide many folks with the warm fuzzies they want >to have in their justifying making a choice to move forward with DMARC. > I feel kind of insulted by this. There's a big difference between the areas of the spec that we know need broader consensus and the areas of the spec that we feel like we flushed out thoroughly. Identifying whether a given topic falls into one of those categories or the other goes a long way in terms of setting expectations around how open the working group will be to discussing it. We involved several very large financial institutions and a technical financial industry organization in our work to make sure their concerns were addressed. Speculating about concerns they may or may not have is not a constructive use of time as we already devoted several months to it. If you don't see the value of large scale data and experimentation, or the several years we devoted to it, or more than a year's experience running in it production at large scale, fine. The reporting component exists so that you can collect the data and make an educated decision for yourself as to whether you should use it or not. If you don't actually have a spoofing problem, and you don't see any value in the reports, then DMARC has nothing to offer you. No one is interested in trying to convince anyone to use DMARC who doesn't actually have the problem it tries to solve. Either you justify it yourself with the data provided, or you don't. > _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html) _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
