Dave Crocker writes:
> The sub-thread is about discerning the organizational domain (OD).
> It's not about authentication and it's not about 'responsibility'.
> Those are separate, higher-level topics.
I thought the subthread was about why *we* aren't going to talk about
discerning an OD beyond saying that once you've done that, you use it
in the relaxed alignment algorithm. That's our use case, and ISTM
that's all we really have to offer to the DBOUND debate.
> the DMARC wg can and should play a role in that other activity, but
> we need to be careful that we don't confuse 'play a role' with
> 'work on the solution', nevermind 'try to deliver a solution'.
I strongly agree both with playing a role and with your caveats. I
think that's a consensus (at least from the posts so far).
> Hmmm... I suppose we should also cite adding the mechanism into the
> DMARC spec, if there is a standard developed in time?
Doesn't the sentence from the proposed charter:
However the working group can consider extending the base DMARC
specification to accommodate such a standard, should it be
developed during the life of this working group.
which is referring to OD, express that well enough? You could move it
to a bullet point, I guess.
> It's probably worth some redundancy: Finding the OD in a domain name is
> a mechanical process that has nothing to do with email, responsibility
> or the like.
We probably "must" define it in terms of a mechanical process, but we
should recognize that we're probably screwing some users when we do.
It forces some domains into using adkim=s and/or aspf=s when they'd
rather not (IIUC, the customers of com.uk are an example for some
definitions of OD). It is not clear to me that we will be able to
serve all such needs simultaneously.
> (Given the range of functionality suggestions already made for
> finding the OD, the question of how it will get used seems to be
> more complicated than one might naturally have guessed.)
My profession is economics: it's very natural for me to think in terms
of the variety of human ends being addressed rather than a collection
of technical proposals, and to therefore expect complexity.
What surprises me is how often a rather simple technical proposal
generates consensus because cooperation offers sufficient advantages
to all the individuals to offset the costs of overcoming human and
organizational inertia.
Unfortunately, I don't think "organizational domain" is susceptible to
that kind of solution ... but I'll keep hoping.
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
