Steven M Jones writes: > That said, one small point to consider: > > > The task of defining a standard mechanism for identifying > > organizational domain is out of scope for this working > > group. However the working group can consider extending the base > > DMARC specification to accommodate such a standard, should it be > > developed during the life of this working group. > > By limiting this consideration to "during the life of this working > group," do we preclude the possibility of defining (in whole or in > part) how such work completed outside and after this WG could be > plugged in?
I think "precluding" is advisable. Identifying organizational domains is a very big issue affecting security of essentially all applications on the Internet, and trying to specify an interface in advance seems useless -- either it will be obvious how to do so, or central elements of DMARC/DKIM/SPF will need to be revised/replaced anyway. By "obvious", I mean the following. For DMARC, we know that we're aiming at identity alignment of the mailbox in the From field with either the SMTP connection's remote host (SPF) or a specified domain in the DKIM-Signature field (DKIM). AFAIK in those cases the DNS record to retrieve keys to *authenticate* the sender's identity is well-defined and not affected by the issue of "organizational domain". DMARC policy (ie, author-domain-based *authorization* of senders) is specified by a DNS record. The core of DMARC is the algorithm to find the appropriate DNS record. If a later definition of "organizational domain" invalidates that algorithm, DMARC (v1) is dead, and needs to be resurrected with a new algorithm (v2) to find that record compatibly with "organizational domain". I don't see how we can really "define" a plug-in beyond "new algorithm", while that algorithm is a well-defined component of DMARC (ie, could be considered to be the "socket"). If changes beyond that are needed, I guess the Grinch stole Christmas. Steve _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
