ietf
[Top] [All Lists]

Re: DMARC from the perspective of the listadmin of a bunch of SMALL community lists

2014-04-14 13:44:13
On Sat, Apr 12, 2014 at 4:30 PM, Dave Crocker <dhc(_at_)dcrocker(_dot_)net> 
wrote:
On 4/12/2014 12:56 PM, Miles Fidelman wrote:

- DMARC.org defines the "DMARC Base Specification" with a link to
https://datatracker.ietf.org/doc/draft-kucherawy-dmarc-base/ - an IETF
document


While the Internet-Draft mechanism is operated by the IETF, it is an open
mechanism and issuance through it carries no automatic status, particularly
with respect to the IETF.

It seems that folk often miss this particular point (see the recent
drama about draft-loreto-httpbis-trusted-proxy20). Pointing at the
boilerplate, explaining the fact that anyone (with an Internet
connection and an XML editor) can submit an ID, etc doesn't seem to
work. I considered pointing at, well, anything by Terrell, but instead
decided to publish a draft :-P

http://tools.ietf.org/html/draft-wkumari-not-a-draft-00

Comments welcome.
W



The DMARC specification is not 'an IETF document'.  The current plan is to
publish it as an RFC, through the 'Independent' stream, which also is /not/
an IETF activity.



- the referenced document is an informational  Internet draft, that


Drafts do not have status.  So the qualifier 'informational' here is not
meaningful.



In essence, DMARC is being represented as a mature, standards-track IETF
specification - with the implication that it's been widely vetted, and
is marching through the traditional experimental -> optional ->
recommended -> mandatory steps that IETF standards go through.

In reality:
- DMARC was developed by a tiny number of people, all of whom work for
very large ISPs


Well, a few of us who participated don't...



- as far as I can tell, all input from the broader community - notably
mailing list developers and operators was roundly ignored or dismissed
(the transcript is really clear on this)


What transcript?  I'm not aware of its being 'ignored or dismissed'.



- while DMARC is at least partially tested, deploying and honoring
"p=reject" messages is brand new, and has wreaked tremendous damage
across the net


It's not new at all, though of course Yahoo's use is distinctive.



- as far as I can tell, those who are behind DMARC are taking the
position "it's not our problem" (see discussions on
dmarc-discuss(_at_)dmarc(_dot_)org and dmarc(_at_)ietf(_dot_)org) - and 
there is nary a Yahoo
representative to be seen anywhere


I've no idea what specifics you are referring to.



The situation strikes me as incredibly perverse and broken - the more so
that the perpetrators are presenting this as blessed by the IETF
standards process.


I haven't seen anyone present such a claim of blessing.  Please point to the
specifics.

I fear you are confusing the difference between a desire for standards
status with a claim of its having been granted.

 d/

--
Dave Crocker
Brandenburg InternetWorking
bbiw.net


<Prev in Thread] Current Thread [Next in Thread>