Re: WG Review: Domain-based Message Authentication, Reporting & Conformance (dmarc)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> On Tue, Jul 15, 2014 at 9:35 AM, Scott Kitterman <scott@xxxxxxxxxxxxx>
> wrote:

> > That's possibly true, but given the goal of the working group, it may turn
> > out
> > to be the best we can do.  In my limited IETF experience, I've seen several
> > variants of "we aren't U/I experts, so we should stay away from it".  That
> > may
> > be true, but we may not get out of this one without having to give some
> > strong
> > guidance.
> >
> > For the large fraction of email users today that are doing it via webmail
> > where the service provider controls the MUA experience directly, the
> > timeline
> > for improvement can be relatively short compared to traditional software
> > deployment cycles.
> >

> Do we have any reason to believe that such advice would be read by anyone
> in a position to bring about its implementation?  How much do MUAs apply,
> as Ned cited, RFC2049?

In my experience compliance to what's there has been quite good. I've seen some
issues with multipart/digest handling, and there has been a general reluctance
to make it easy to get at raw data for unrecognized types - quite
understandable given the security implications. And of course there have been
plenty of outright bugs and the usual range of responsiveness to getting them
fixed.

The pernicious problems have been with stuff we didn't think to write down. The
big one there would be the tension between media types and file extensions. It
didn't occur to us to write anything about that, and there have been ongoing
issues in that area. And the handling of more complex MIME structure has been
problematic in some cases - we should have said something concrete about that.

Another issue with RFC 2049 is that some of the conformance guidelines are
obsolete. The stuff about charsets is the obvious example: It's completely
dated. In fact looking at it now makes me wonder why we didn't think to update
it and talk about utf-8 at some point. Who knows? Maybe that would have helped.

> Whatever each of us thinks of our collective UI expertise is unimportant if
> MUA developers will end up disregarding our advice and following their own
> anyway.

I really have to question the validity of this line of thinking. Let's suppose
for a moment that there had been major and ongoing conformance issues with RFC
2049. Would that really constitute grounds for not doing our job properly now?

> As I've said before, perhaps we should try to encourage major MUA
> developers to participate.  That would allay all such concerns.  We might
> even get Sender to matter again.

That sounds like a fine idea. But I don't see it as any sort of requirement.

				Ned





[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]