* The working group should, in the short term, focus on development and completion of draft-ietf-dmarc-psd. Among the questions to be answered is its urgency
I’m certainly keen to see that progressed. As we’ve rolled out DMARC across gov.uk subdomains, we’ve seen criminal behaviours change in response. Some of you may recall we asked for help a while ago for ideas in generating SPF/DMARC records for non-existent subdomains. Well, that’s running and we answered 430,000 queries for them between August and November last year (more current data coming). We do know that the effect of synthesising these records means that some receivers don’t honour them, so getting a more acceptable way of controlling subdomains of a PSD would be good. As we push for wider DMARC adoption and other authentication measures, we’ll need to do this much more widely so it needs to be easy. I’ll also offer gov.uk as an experimental ground (within reason!). Ta. I. -- Dr Ian Levy Technical Director National Cyber Security Centre [email protected]<mailto:[email protected]> Staff Officer : Kate Atkins, [email protected]<mailto:[email protected]> (I work stupid hours and weird times – that doesn’t mean you have to. If this arrives outside your normal working hours, don’t feel compelled to respond immediately!) From: dmarc <[email protected]> On Behalf Of Murray S. Kucherawy Sent: 26 March 2019 16:58 To: IETF DMARC WG <[email protected]> Subject: [dmarc-ietf] Working group next steps DMARC colleagues, Tim and I met in Prague to get things rolling in terms of getting us progressing again toward our remaining deliverables. Producing a DMARC on the standards track is the endgame for us. We're keen to identify and focus on work that is in direct service of that goal; anything else can be parked for now and we can return to it once the main work is done, assuming we still have the energy to do it. Accordingly, we propose to formally park draft-ietf-dmarc-arc-multi and draft-ietf-dmarc-arc-usage. Augu The working group should, in the short term, focus on development and completion of draft-ietf-dmarc-psd. Among the questions to be answered is its urgency: If there is pressure to get this finished and published in some form, we suggest the WG consider moving this to Experimental status, aligning it with the ARC base work, and come back around to merge it into DMARC when it goes to the Standards Track. Toward the goal of getting to the work on the standards track base specification, we should start collecting issues, from nits on up to things that need overhaul, in the WG's tracker. We would like this list to be as exhaustive as possible. When we do finally get to the work of standards track DMARC, we can run it like a checklist. Please take some time to go over the list that's already in the tracker, and add anything you think is missing: https://trac.ietf..org/trac/dmarc/report<https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftrac.ietf.org%2Ftrac%2Fdmarc%2Freport&data=02%7C01%7Cian.levy%40ncsc.gov.uk%7C062a4b0ea11b44be6b4f08d6b20c5478%7C14aa5744ece1474ea2d734f46dda64a1%7C0%7C0%7C636892163368482447&sdata=5s9qVmp3DTBTZnZaKftSGOd6En%2FSTPnp9Rjeo58fHPo%3D&reserved=0> You may need a login credential if you haven't already established one. This can be done via the IETF datatracker: https://datatracker.ietf.org/<https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2F&data=02%7C01%7Cian.levy%40ncsc.gov.uk%7C062a4b0ea11b44be6b4f08d6b20c5478%7C14aa5744ece1474ea2d734f46dda64a1%7C0%7C0%7C636892163368482447&sdata=JAscZ7qbZcoTHqq2rlKy8k0AQ7RkGNNdbUcdkcn4xTk%3D&reserved=0> Previously (at IETF 99), the WG has discussed an augmentation of DMARC's reporting capabilities to include attributes of ARC evaluation of a message. It's been suggested that this is a critical thing to include in the ARC experiment and thus input to standards track DMARC work; it was left out of ARC's base document to keep ARC decoupled from DMARC for now. If consensus concurs with this position, we're looking for document editor(s) to spin up that effort. The chairs are, however, cognizant that each new work item we take up has the effect of pushing standards track DMARC further down the road, so we would like to keep this sort of thing to a minimum. Finally, there have been some hallway inquiries here at IETF 104 about canonicalizations that can survive mailing list transit. I thought it worth checking with the WG to see if there's any energy or interest in revisiting this kind of work; it does fit within our charter, but previously attempts at this kind of work have waned. We look forward to hearing your views on any or all of the above. We can start by having everyone begin logging their open DMARC specification issues into the tracker, and ask that everyone please review and comment on the PSD draft and provide comments. In particular, anyone that has implemented it is particularly requested to comment (including Scott, since we imagine he's tried this by now). -MSK This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to [email protected]
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
