Hi Miles,
At 09:23 12-04-2014, Miles Fidelman wrote:
Well, let's see:
- DMARC is an ad-hoc group that assembled with a "common goal was to
develop an operational specification to be introduced to the IETF
for standardization"
(http://dmarc.org/about.html)
- DMARC.org defines the "DMARC Base Specification" with a link to
https://datatracker.ietf.org/doc/draft-kucherawy-dmarc-base/ - an IETF document
- they published an information Internet draft, that expires in
October of this year, that starts with "This memo presents a
proposal for a scalable mechanism by which a mail sending
organization can express,....."
https://datatracker.ietf.org/doc/draft-kucherawy-dmarc-base/
- by implication, they are representing DMARC as a standards-track
IETF specification
According to an article in the IETF Journal:
"The amazing show of support changed the anticipated trajectory of
the standardization plan. Rather than request the formation of an
IETF working group (WG) to rework the specification, the authors
discussed possible options with the IETF Applications Area WG and its
Area Directors. Through conversation it became clear that there were
some paths worth considering that would more closely follow the
accelerated adoption curve associated with the draft DMARC specification.
The end result was to ask an Applications Area Director to sponsor
the specification as a candidate for the Standards Track, at the same
time convening a Birds of a Feather (BoF) at IETF 87 in Berlin to
discuss DMARC extensions and supporting materials. At the BoF, a
charter for a proposed DMARC WG was presented, which drove a
discussion about potential work items for the WG. Barry Leiba, one of
the Application Area Directors, agreed to sponsor the specification
with the caveat that messages sent to the IETF DMARC discussion list
clearly said that community experts validated that the specification
was ready to move to the Standards Track.
Within a month of the BoF in Berlin, a handful of supportive comments
by industry experts were sent to the discussion list. A few items
were called out for further work on the DMARC specification, but many
could be disposed of during the final-call phase of the Standards
Track. While the DMARC specification could be tuned up, it's clearly
functional for its intended purpose and the community supports the
process for standardizing it."
A message was posted to this mailing list this year. It was stated that:
"We have chosen to submit the DMARC specification via the Independent
Submission Editor (ISE). This will have three primary effects: (1) it
will be published with a permanent reference location; (2) it will be
classified as Informational rather than as a Proposed Standard; (3) the
ISE process is a much more direct path to publication."
Publication of a "proposal" as an information Internet draft, is
barely the first step toward an operational specification
standardized by the IETF - yet DEMARC proponents are representing it
as an IETF standard (or at least as going through the process).
I think that the web page mentioned above is out-of-date. As for the
memo (I reviewed an old version last year) it represents the views of
the authors.
Beyond that, let me note that the draft includes this line: "The
enclosed proposal is not intended to introduce mechanisms that
provide elevated delivery privilege of authenticated email." --
which, of course is exactly what has been done by Yahoo by
publishing "p=reject" in its DMARC policy, and by those who've
chosen to honor it.
Noted.
So, it seems to me that it is entirely legitimate for IETF to
officially be on the record that:
1. DMARC is NOT even close to an IETF standard
2. It has not been subject to any of the technical and operational
vetting associated with the progression of a specification through
the IETF standardization process
3. The means by which Yahoo has deployed DMARC, and the choice of
several other large ISPs to honor the p=reject policy, is not in
keeping with the practice of measured testing and incremental
deployment of IETF standards, as they progress from proposal, to
experimental, to optional, to recommended, to mandatory
For reasons of technical and professional integrity, IETF should be
distancing itself from this debacle, very loudly and very clearly.
If nothing else, IETF should be defending its legitimacy as the
Internet's standards body - in the same way that Xerox and Kleenex
defend their trademarks.
Beyond that - perhaps a strong position by IETF might have an impact
on Yahoo's decision making.
The IETF would have to publish a RFC to be officially on record. A
person would have to write a draft and get it through the process for
such a RFC to be published. The above points looks like issues for
the [email protected] mailing list as they are about IETF standardization
and trademarks.
Regards,
-sm
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
