On Sat, Apr 12, 2014 at 9:23 AM, Miles Fidelman <[email protected]>wrote:
> > Well, let's see: > - DMARC.org defines the "DMARC Base Specification" with a link to > https://datatracker.ietf.org/doc/draft-kucherawy-dmarc-base/ - an IETF > document > - they published an information Internet draft, that expires in October of > this year, that starts with "This memo presents a proposal for a scalable > mechanism by which a mail sending organization can express,....." > https://datatracker.ietf.org/doc/draft-kucherawy-dmarc-base/ > - by implication, they are representing DMARC as a standards-track IETF > specification > > That's your inference, not their implication. None of "base specification", "informational Internet draft" or "proposal for a scalable mechanism" automatically mean "standard". In fact, the document is not on a path for the standards track. Publication of a "proposal" as an information Internet draft, is barely the > first step toward an operational specification standardized by the IETF - > yet DEMARC proponents are representing it as an IETF standard (or at least > as going through the process). > See above; this is incorrect. > So, it seems to me that it is entirely legitimate for IETF to officially > be on the record that: > 1. DMARC is NOT even close to an IETF standard > ...nor is it currently seeking that status. > 2. It has not been subject to any of the technical and operational vetting > associated with the progression of a specification through the IETF > standardization process > Correct, at least formally in IETF terms, which is why it is on track to be Informational. Informally, there has been open community dialog about it for quite some time now, not limited to this mailing list. > 3. The means by which Yahoo has deployed DMARC, and the choice of several > other large ISPs to honor the p=reject policy, is not in keeping with the > practice of measured testing and incremental deployment of IETF standards, > as they progress from proposal, to experimental, to optional, to > recommended, to mandatory > DMARC includes mechanisms to be incremental and do live testing and reporting as key components, and has since its inception since gradual rollout capabilities were established as a requirement early on. That one operator may have chosen to do something in a way people found disruptive is not, to me, a valid cause through which the specification should be invalidated. DNSBLs can be just as or even more disruptive (and have been), yet they are also described in Informational RFCs. There are likely many other examples. -MSK
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
