Dave Crocker wrote:
On 4/12/2014 5:29 AM, Miles Fidelman wrote:
It does strike me that DMARC, which is currently an internet-draft, not
even an RFC, is causing incredible disruption by its adoption, by a few
very large players. Methinks this indicates a serious problem, and
raises some questions about what measures might be taken when a big
player breaks the Internet by not playing nice. It sure seems that IETF
should play a role in this.
1. DMARC was developed by an ad hoc industry consortium. It is
already deployed well enough to cover an estminated 60% of the world's
email traffic. As such, it's status with the IETF is obviously not a
gating factor. So the "not even an RFC" has some formal import, but
limited practical import.
So what happens to an infrastructure that is operated and governed by
consensus, when a few large players can make major changes to the
infrastructure while ignoring issues that don't directly effect their
interests?
2. The spec is clear about how it works and what the implications are.
The issue with mailing lists is well-documented.
Well documented, perhaps. But, see above.
3. A specification cannot be responsible for operators that choose to
deploy something in a way that creates problems documented in the spec.
No. But a standards process can. (E.g., not just anybody can be domain
registry, or enter records into the root nameservers).
4. You don't say what you feel the IETF should do, nor is it obvious
to me what role the IETF can reasonably have for this sort of
deployment issue.
As to the practicalities of what IETF can do - I kind of agree. Which
may point to a limit of Internet governance by consensus. (Consider the
comparable case of a radio transmitter going off frequency and causing
interference -- that will get a very rapid institutional response,
possibly by people who carry guns, if, for example, you jam a police band.)
As to what the IETF should do - well... at the very least the Internet
operates on a set of standardized protocols, developed by consensus -
and there is a formal process by which protocols develop from ideas, to
experimental standards, to recommended, to mandatory (not many of
those). At the very least, there is social pressure to conform to such
standards. In some cases there are mechanisms that have more teeth
(e.g., where registration of protocol numbers is required in a database
under IANA "jurisdiction") - not just anybody can put records into the
core nameservers, and those can always be removed (IETF sets the
policies for a lot of the databases IANA maintains - I guess in theory
IETF could establish a policy that says "if you don't follow these
protocols properly, your DNS records get yanked"). I'm not sure I'm
advocating such measures - but....
At the very least, it strikes me that the IETF should be visibly and
publicly chastising the "ad hoc industry consortium that developed
DMARC" and those who deployed it - as being exceptionally bad actors who:
- roundly ignored issues of major impact in developing the standard
- have deployed it in ways that are causing widespread havoc
- are rather pointedly ignoring that havoc (have you seen anybody from
Yahoo responding?)
Miles Fidelman
--
In theory, there is no difference between theory and practice.
In practice, there is. .... Yogi Berra
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
