On Sat, Apr 12, 2014 at 4:30 PM, Dave Crocker <dhc@xxxxxxxxxxxx> wrote: > On 4/12/2014 12:56 PM, Miles Fidelman wrote: >> >> - DMARC.org defines the "DMARC Base Specification" with a link to >> https://datatracker.ietf.org/doc/draft-kucherawy-dmarc-base/ - an IETF >> document > > > While the Internet-Draft mechanism is operated by the IETF, it is an open > mechanism and issuance through it carries no automatic status, particularly > with respect to the IETF. It seems that folk often miss this particular point (see the recent drama about draft-loreto-httpbis-trusted-proxy20). Pointing at the boilerplate, explaining the fact that anyone (with an Internet connection and an XML editor) can submit an ID, etc doesn't seem to work. I considered pointing at, well, anything by Terrell, but instead decided to publish a draft :-P http://tools.ietf.org/html/draft-wkumari-not-a-draft-00 Comments welcome. W > > The DMARC specification is not 'an IETF document'. The current plan is to > publish it as an RFC, through the 'Independent' stream, which also is /not/ > an IETF activity. > > > >> - the referenced document is an informational Internet draft, that > > > Drafts do not have status. So the qualifier 'informational' here is not > meaningful. > > > >> In essence, DMARC is being represented as a mature, standards-track IETF >> specification - with the implication that it's been widely vetted, and >> is marching through the traditional experimental -> optional -> >> recommended -> mandatory steps that IETF standards go through. >> >> In reality: >> - DMARC was developed by a tiny number of people, all of whom work for >> very large ISPs > > > Well, a few of us who participated don't... > > > >> - as far as I can tell, all input from the broader community - notably >> mailing list developers and operators was roundly ignored or dismissed >> (the transcript is really clear on this) > > > What transcript? I'm not aware of its being 'ignored or dismissed'. > > > >> - while DMARC is at least partially tested, deploying and honoring >> "p=reject" messages is brand new, and has wreaked tremendous damage >> across the net > > > It's not new at all, though of course Yahoo's use is distinctive. > > > >> - as far as I can tell, those who are behind DMARC are taking the >> position "it's not our problem" (see discussions on >> dmarc-discuss@xxxxxxxxx and dmarc@xxxxxxxx) - and there is nary a Yahoo >> representative to be seen anywhere > > > I've no idea what specifics you are referring to. > > > >> The situation strikes me as incredibly perverse and broken - the more so >> that the perpetrators are presenting this as blessed by the IETF >> standards process. > > > I haven't seen anyone present such a claim of blessing. Please point to the > specifics. > > I fear you are confusing the difference between a desire for standards > status with a claim of its having been granted. > > d/ > > -- > Dave Crocker > Brandenburg InternetWorking > bbiw.net >