On Tue, May 17, 2016 at 8:08 AM, Alessandro Vesely <[email protected]> wrote:
> > Does anyone object to having the DMARC working group take on this work? > I agree with Alessandro, but for procedural reasons: I'm not sure it fits within our present charter. The charter enumerates three tracks, the first of which appears to allow discussion of new protocols; in particular, one might argue that ARC is a "form of DKIM signature that is better able to survive transit through intermediaries". However, in the second track, it says "The working group will not develop additional mail authentication technologies, but may document authentication requirements that are desirable", and there are chunks of ARC that are clearly new. (Having now implemented ARC, I can attest that there was enough new code needed that I would call it "new".) Absent a desire to form a distinct working group to develop ARC, I think we need to discuss rechartering before we can entertain this motion. > Does anyone object to using the two documents above as starting points > > for that work? > Modulo the first question, no. > ARC, as currently documented and conceived, aims at "a more nuanced > interpretation to guide any local policies related to messages that arrive > with > broken domain authentication (DMARC)." It does not propose any DMARC > improvement, let alone phase 2 milestone. > It proposes to provide a new authentication method that can more accurately reflect the "true" (for some value thereof) authenticity of a message, allowing DMARC to behave more accurately. How is that not an improvement? DMARC was meant to be extensible to better authentication methods as they appear, and this is an instance of such. > Unless ARC commits to a purpose congenial with DMARC's charter, I'd find it > objectionable for this WG to take on its work. > > > Does anyone have an alternative proposal? > > The "least broken" proposal for phase 2 seems to be dkim-conditional. It > emerged as an originator protocol, so it can develop without muddying ARC. > I have an unreleased implementation of that. It also more easily qualifies under our charter, IMHO. I think we should at least allow discussion of that one. -MSK
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
