On Thursday, December 13, 2018 08:24:38 AM Dave Crocker wrote: > On 12/13/2018 8:20 AM, Kurt Andersen (b) wrote: > > A link to inscrutable legalese, potentially in a non-interpretable > > format (consider, for example, a PDF consisting of images of a foreign > > alphabet - perhaps Klingon) doesn't seem to really achieve the intent. > > And neither does the bald assertion - "trust me, I require people to do > > the right thing" :-) > > And yet the current draft relies on a single 'expert' to be able to > achieve a productive outcome with exactly the same material. And it > produces only a single review at the time of registration. > > The benefit of the approach I'm suggesting is that it surfaces these > documents much more openly and makes it likely they will be reviewed > much more widely and on a continuing basis.
It suffers from what is, in my opinion, a fatal flaw: it relies entirely on assertions that any PSO can publish with no external review. Without some kind of third-party check on this, I don't believe there's any privacy mitigation at all. In previous examples, this has been analogized to the Verisign sitefinder debacle. Personally, I think it's worse. Without an external check, this is a tool for enhancing the surveillance capacity of authoritarian regimes. I don't find making the documents public so people can complain at all useful. The entities that will most want to use this will tend to be the ones that care least about complaints. I'm not claiming an IANA registry is an essential part of the solution, I'm sure their are better ideas, it's just the one I thought of. What we need is some location of information about domains that is neutrally managed in accordance with open processes. That sounded like IANA to me, but I'm open to suggestions. Scott K _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
