I changed the subject as I think that a discussion of architecture that starts off with an assertion of fault on the part of one party is probably wrong and bad faith, certainly so. On Sun, Oct 25, 2015 at 6:09 PM, Brian E Carpenter <brian.e.carpenter@xxxxxxxxx> wrote: >> My proposal was not to eject them but to mark them as second class citizens. > > Indeed. And if it came to that, speaking for myself, I would switch to an address > not contaminated by dmarc p=reject, unless a good solution for mailing > lists was found first. What we lack here is a viable concept of Internet architecture that is free of the clutter from history. Most computer systems have historical clutter, it is somewhat inevitable. For example, why do printer drivers have to be installed with system privilege in Windows etc? I am a user connecting to a machine via the network. I don't need system privs to talk to the network, why do I need them to install a 'driver'? When it would cost $3500 to replace a 36" plotter which works fine except for the lack of a signed driver, this is not an abstract question. When you get into the reasons, it turns out that back when VMS was designed, the computer was responsible for tracking number of pages printed and enforcing quotas. An approach that obviously worked a lot better in the old days when the printer connected to the computer and not the network. In the old days people belonged to an institution that issued their users 'email addresses' and people got to assume that being alice@xxxxxxxxxxx meant that Alice was the owner of the email address and could decide how it was used. Which was a fairly odd assumption to make since it obviously only ever extended to outbound email. Inbound email was always going to arrive at example.com But people could send their mail without any reference to the domain name owner and so it was assumed that this should be the way the Internet works. Let us imagine for the sake of argument that we were designing a whole new Internet from scratch applying lessons learned. How would we set about describing a domain name? I think that we would arrive at a set of rules that include the following: * Domain names are unique, each name has a single owner. * Domain names may be subdivided to accommodate an unbounded number of Internet services and account holders. * The owner of a domain name has exclusive control over the use of the name and all subdivisions thereof. * To ensure the goal of accessibility is met, domain names must be easy and cheap to obtain and maintain. We might quibble over the wording but I think that is pretty much where we would arrive at and that is pretty much where the Internet is today. If you want to be a first class citizen on the Internet you need to have your own domain name. Otherwise you are at the mercy of someone else. I read all my IETF mail through Gmail but I don't own that domain and so I don't get to make the rules governing it. Instead I use phill@xxxxxxxxxxxxxxx which is a domain I own. One of the reasons I have that domain is so that I have control of my mail and not Google. The architectural description above is reasonably concise and can be consistently applied. Now consider what sort of architectural statement would be required to support the folk who allege that DMARC is somehow broken. Instead of saying the domain name owner gets to decide how it is used we would have to make separate statements about the domain name owner and the users who have accounts in that domain. And to do that we would have to start talking about specific applications and specific circumstances. I think architecture should read like a theory in physics. The simpler the statement, the more generally it is seen to apply in practice, the fewer corner cases, the better. If you have an architectural statement that resorts to special pleading, it is a pretty good sign that it is wrong. As a rule, I don't think there is anything wrong in the IETF taking decisions to make things easy for ourselves. But what is the biggest problem we face? Is it really our personal ability to exchange email on mailing lists? I thought there were rather more important objectives at stake.