Replacing the PSL was an interesting line of investigation, but it was not part of the charter, so it can only be part of DMARCbis if it works well, which it does not.
For non-PSL to work, all private registries (which are currently and correctly listed in the PSL) must tag themselves in the DNS. - How long will this take? A long time, maybe forever. - If it happens, will evaluators know that they can trust that it happened? No, never. At best, we have an idea for an experimental algorithm, not a proposed standard, and our group is so small that we lack a quorum of willing participants in the experiment. The PSL replacement idea, and all of the supporting language, needs to be abandoned. It is time to roll back. Instead of discarding the PSL, we need to fix its weaknesses. The PSL may contain errors, and RFC7489 does not provide a way for DNS administrators to document and correct those errors (or confirm correct results.) We could define that error correction mechanism. Possible PSL results: Lands too high errors: PSL+1 is another PSL, not the organization domain PSL+1 skips over a private registration, and returns the registrar domain instead of the client domain. PSL+1 skips over a private registration, and returns a subdomain of the registrar domain instead of the client domain. Lands too low errors: PSL+1 returns a subdomain of the organizational domain Lands just right but is still an error: PSL+1 is non-existent because it is not registered with the parent domain. Correct results: PSL+1 is an organization domain of the correct organization, and is confirmed with a DNS indicator PSL+1 is not explicitly confirmed or explicitly rejected, so it is presumed to be the correct organizational domain. Doug Foster
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
