Re: DMARC from the perspective of the listadmin of a bunch of SMALL community lists

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Warren Kumari wrote:
On Sat, Apr 12, 2014 at 4:30 PM, Dave Crocker <dhc@xxxxxxxxxxxx> wrote:
On 4/12/2014 12:56 PM, Miles Fidelman wrote:
- DMARC.org defines the "DMARC Base Specification" with a link to
https://datatracker.ietf.org/doc/draft-kucherawy-dmarc-base/ - an IETF
document

While the Internet-Draft mechanism is operated by the IETF, it is an open
mechanism and issuance through it carries no automatic status, particularly
with respect to the IETF.
It seems that folk often miss this particular point (see the recent
drama about draft-loreto-httpbis-trusted-proxy20). Pointing at the
boilerplate, explaining the fact that anyone (with an Internet
connection and an XML editor) can submit an ID, etc doesn't seem to
work. I considered pointing at, well, anything by Terrell, but instead
decided to publish a draft :-P

http://tools.ietf.org/html/draft-wkumari-not-a-draft-00


Well yes, but that's the "fine print."

Who ever reads a 20-page shrink-wrap license - and he jury is still out as to when those apply or can be ignored. And then there's a "warrant of merchantability" that vendors can be held to despite all kinds of disclaimers buried in a license.

When the organization that coordinated and promulgated DMARC:
- describes their efforts as "their common goal was to develop an operational specification to be introduced to the IETF for standardization - refers to the only defining document as a "Base Specification" and links to a document, on the IETF's webserver, with an IETF document number

It's kind of easy for the uninitiated to draw the conclusion that it's a standards-track IETF standard.

Then, when Yahoo defends the havoc they've wrought with statements like (they) "designed and built something called DMARC <http://www.dmarc.org/>, or Domain-based Message Authentication, Reporting and Conformance. Today, 80% of US email user accounts and over 2B accounts globally can be protected by the DMARC standard." - with a pointer to dmarc.org - and from there to an IETF webserver and document -- it sure is easy for the general community to draw the conclusion "Yahoo implemented a vetted IETF standard - and it broke all the mailing lists I'm on." And it sure is easy for someone to draw the conclusion that the fault lies with the broken standard, not with Yahoo.

You have to look hard to figure out who really broke what. And (IMHO) one would not be wrong to draw the conclusion that IETF dropped the ball in its role as the Internet standards body - if only in it's relative silence (a disclaimer in the fine print does not constitute exercising one's professional or institutional responsibilities).

ISO, for example, has processes for complaining about mis-use of their standards, and about misrepresentation of being certified against a standard. Perhaps it's time for IETF to institute similar policies and proceedures - beyond:
"it's not actually a standard - we just provided space for the document"
"it's a voluntary standard, we're not responsible if it's not implemented properly, or not deployed properly"

We all claim that we don't want governments to run the Internet - but when our voluntary, cooperative mechanisms drop the ball - that's the end result. (Along with lots of litigation.)

Just one man's opinion, of course.

Miles Fidelman



--
In theory, there is no difference between theory and practice.
In practice, there is.   .... Yogi Berra





[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]