On Saturday, December 15, 2018 01:23:32 AM Scott Kitterman wrote: > On December 14, 2018 4:34:35 AM UTC, Dave Crocker <[email protected]> wrote: > >On 12/13/2018 4:25 PM, Scott Kitterman wrote: > >> It suffers from what is, in my opinion, a fatal flaw: it relies > > > >entirely on > > > >> assertions that any PSO can publish with no external review. Without > > > >some > > > >> kind of third-party check on this, I don't believe there's any > > > >privacy > > > >> mitigation at all. > > > >I think that assessment is misses an essential point. > > > >Let me back up and say that my suggested alternative is intended to > >take > >the basic concern you are raising seriously. (I'm not stating a > >personal opinion about the seriousness of this as a threat vector, but > >merely looking for a simpler way to satisfy the concern.) > > > >The alternative requires that the registry's dmarc record be > >accompanied > >by a record that points to the terms and conditions the registry > >publishes to indicate why their record is acceptable. (Your draft's > >specification of those conditions looked to me like a reasonable > >starting point; there should be a separate wg discussion for the > >precise > >details and wording; I don't have a personal opinion about those > >words.) > > > >As for the benefits I see in the alternative I've proposed, I'll class > >them as simplification and robustness. > > > >First, a new, query-able registry is expensive to run; and difficult to > > > >ensure quality control for, over the long run. > > > >Second, the vetting method your draft proposes for the registry relies > >on a technical expert to make what is frankly a legal assessment of the > > > >terms and conditions that the registry publishes. And that assessment > >is made only one time, when the registry entry is first created. The > >registry might change its T&C text and we'd be unaware of it. > > > >So while you are technically correct that the alternative means that > >the > >registry gets to /publish/ with no external review, it is not true that > >their dmarc record will automatically be used without review. > > > >In fact what I'm proposing will make widespread and ongoing review > >likely, IMO, probably in the spirit of ongoing reputation assessment > >that the email industry already does, although for dmarc default record > >rather than spam. > > I see your point. In addition to complexity, tohe issue that there is no > mechanism for removing bad actors from the registry does present a problem. > > Let me think it over and see if I can come up with text that both addresses > your concerns and also provides guidance that I'd be comfortable with in > lieu of the registry.
I thought about it over the weekend, and I didn't come up with anything I was really happy with that also addresses your concerns. Still thinking about it. It is clear though, based on this discussion, that the privacy concerns section needs to be beefed up. My plan is to focus first on that. It has two advantages: One; I think I know what to write and two; I don't think it will be very controversial. In any case, having agreed text in the draft that describes what privacy issues we want to mitigate seems like a good next step towards figuring out how best to do that. Scott K _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
