On Tuesday, February 05, 2019 08:59:17 PM John Levine wrote: > In article <6596039.Rh8MxG5e5K@kitterma-e6430> you write: > >The current PSL is over 12K lines long. What we're talking about here is > >probably .1% to 1% that size. > > Indeed, but since everyone has the PSL anyway to find organizational > domains, who cares about the size? The point of asking the PSL people > to do it is to find a credible third party to evaluate "all your > domains belong to us" assertions.
So my understanding is that the answer was no, they didn't think the PSL was appropriate. Personally, I agree they would be great, but I guess not. If we come to a strong conclusion that this is the right way to go, then I guess I could make another run at it. In the mean time, in order to at least have something, we now have psddmarc.org with a way to query for PSD DMARC participants. My plan is to take some of the text from the (now removed) IANA section of -00 and make a non-normative appendix that describes why we want some kind of external mechanism to constrain which PSDs we use this for in order to mitigate the associate privacy considerations. > > Leaving aside for a moment the mechanism, would > > > >people review the latest draft and see if they think the privacy issues are > >adequately described and if they require some kind of mitigation? > > I think it's fine. At the end where you talk about failure reports, > you might note that since they contain actual messages, any domain > where the admistrator does not normally read its users' mail already > has the same issues. I'll add something about that as well as some off list comments I've gotten. I know this isn't the ideal time for people to be reviewing stuff, so I'll work on the draft and publish something during the week for discussion after people get back from the meeting. Scott K _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
