On 7/4/2014 2:23 AM, Stephen J. Turnbull wrote: > Dave Crocker writes: > > > On 7/2/2014 11:03 PM, Stephen J. Turnbull wrote: > > > > So perhaps the most useful thing we can do is try to get the wg to > > > > formulate 'needs' > > > > > > I don't see that we have "needs" here. We know how to do this stuff > > Let me clarify that by "this stuff" I mean authenticating *some* > domain as taking responsibility for injecting the mail. This domain > is not necessarily the "organizational domain".
Time to be pedantic, to get ducks lined up properly: The sub-thread is about discerning the organizational domain (OD). It's not about authentication and it's not about 'responsibility'. Those are separate, higher-level topics. As of now, there is no community history of delivering an acceptable solution to identify OD and there is no community convergence on what to even try, for doing it. So with respect to OD, we have no community agreement that we know how to do /that/. Finding the OD is, of course, extremely important to DMARC. No debate about that. However this sub-thread about the charter concerns what, if any, activities should take place in the working group with respect to organizational domain. Besides DMARC, a mechanism for finding the OD is important to other activities, too, and it is a discrete, DNS-related topic. And there is already an initiative in that space. I think the DMARC wg can and should play a role in that other activity, but we need to be careful that we don't confuse 'play a role' with 'work on the solution', nevermind 'try to deliver a solution'. Hence, my suggestion is that our chartered 'task' be one of providing input to the other effort. Hmmm... I suppose we should also cite adding the mechanism into the DMARC spec, if there is a standard developed in time? > The problem I understand you to be excluding is that of mapping from > the information in the mail to an organizational domain which *should* > be taking responsibility, and which is the source for authoritative > information about authentication and authorization. It's probably worth some redundancy: Finding the OD in a domain name is a mechanical process that has nothing to do with email, responsibility or the like. Those are layered on top. Finding the OD is a component mechanism, like finding the top-level domain, but harder. The only thing that might be interesting here, in terms of DMARC 'needs', is to make sure we properly characterize how we are going to use the OD, so that the other folk developing the OD mechanism can make sure that what they produce is usable to us. (Given the range of functionality suggestions already made for finding the OD, the question of how it will get used seems to be more complicated than one might naturally have guessed.) d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
