On Sun 21/Mar/2021 23:03:47 +0100 Tim Wicinski wrote:
I have some suggested text I'd like to hear some feedback on.
---
In the Introduction, the suggested change is
OLD
To determine the organizational domain for a message under
evaluation, and thus where to look for a policy statement, DMARC
makes use of a Public Suffix List. The process for doing this can be
found in Section 3.2 of the DMARC specification.
NEW
To determine the organizational domain for a message under
evaluation, and thus where to look for a policy statement, DMARC
makes use of a public suffix list. The process for doing this can be
found in Section 3.2 of the DMARC specification. Currently the
public suffix list being used is the most common one that is
maintained by the Mozilla Foundation and made public at
http://publicsuffix.org [1].
I like this approach. However, it may conflict with a minor issue reported by
Dale last year, which I quote:
- It would be very helpful if the Introduction could state, in a few
sentences, the purpose and operation of DMARC, thus informing the
reader of the framework whose deficiencies this document attempts to
address. In particular, one shouldn't have to read the DMARC RFCs
to be able to read this document and understand its general import.
https://mailarchive.ietf.org/arch/msg/dmarc/0SG2-c3BnOakafKWnseuMKXBVIE
To help casual readers, PSL should be introduced after PSD is clarified. This
paragraph about the PSL could be moved downward (for example to Section 3), and
replaced by a new one introducing PSD instead. Such a paragraph could perhaps
be worded around something like this:
A public suffix domain (PSD) is a domain under which multiple parties
that are unaffiliated with the owner of the PSD may register subdomains. A
domain registered that way is an organizational domain, and its subdomains
can be assumed to be administratively affiliated with it (although in some
cases they represent independent entities.)
[...]
In section 1.2 "Discussion", this will change.
OLD
o Branded PSDs (e.g., ".google"): These domains are effectively
Organizational Domains as discussed in [RFC7489]. They control
all subdomains of the tree. These are effectively private
domains, but listed in the Public Suffix List. They are treated
as Public for DMARC purposes.
NEW
o Branded PSDs (e.g., ".google"): These domains are effectively
Organizational Domains as discussed in [RFC7489]. They control
all subdomains of the tree. These are effectively private
domains, but listed in the current public suffix list. They are
treated as Public for DMARC purposes.
I'd weaken a bit the statement about the policies of Charleston Road Registry
Inc. Then, semantically, .google is not treated as a PSD because it's listed
in the PSL, which could possibly happen because of a maintainer's passing
fancy, but because it is actually operated by a public registry, as required by
an ICANN contract[*].
o Branded PSDs (e.g., ".google"): These domains sound very much
like Organizational Domains as discussed in [RFC7489], since they
control all their subdomains. However, formally they are public suffix
domains, operated by a public registry. Therefore, they are currently
treated as PSDs for DMARC purposes.
Best
Ale
--
[*] https://archive.icann.org/en/tlds/application-process-03aug00.htm#1d
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
