On 27/10/2015 04:26, Phillip Hallam-Baker wrote:
...
> I read all my IETF mail through Gmail but I don't own that domain and
> so I don't get to make the rules governing it. Instead I use
> phill@xxxxxxxxxxxxxxx which is a domain I own. One of the reasons I
> have that domain is so that I have control of my mail and not Google.
Oh, right, so that's why your mail arrives with Google's dkim signature:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20120113;
h=mime-version:sender:date:message-id:subject:from:to:cc:content-type;
bh=IBh5MMCj7Oi9anz1BnRTjSN9rwt0xryWllXeoFm/33w=;
b=ot71/Et+dU2GgseolztwUgGc8Iv3yAZAIjVvvBb7dRxuLc+1QBRdOIEpVrJehRZ+lP
/B+2nHxixfQHTtuJttus1RjNTlDtwaHnFeon4NlU5HK8odyO4sFUXY4qy3POv3RRgowu
pxFe6zuWJNqnXErIWW0zeZf8QVfpDjKiTz0RTiK1BSLecjPIdBnPr7mdip0xDmab4XPC
SoaV0jX3VlpsNVqX4+i0tpCKBXQ/TnzuU1/wXlkM0abfp0VThi+xb7YmNJHp1eahYVa/
/LEg7ho/I4gy4S92E6cYJAsM+E05h8uBQULFiObWfjRLrFsKt3pxmSloOvroBoKF7iuo
Mkig==
I suspect that when they start generating DMARC you will get that too.
> The architectural description above is reasonably concise and can be
> consistently applied. Now consider what sort of architectural
> statement would be required to support the folk who allege that DMARC
> is somehow broken. Instead of saying the domain name owner gets to
> decide how it is used we would have to make separate statements about
> the domain name owner and the users who have accounts in that domain.
> And to do that we would have to start talking about specific
> applications and specific circumstances.
>
>
> I think architecture should read like a theory in physics. The simpler
> the statement, the more generally it is seen to apply in practice, the
> fewer corner cases, the better. If you have an architectural statement
> that resorts to special pleading, it is a pretty good sign that it is
> wrong.
>
> As a rule, I don't think there is anything wrong in the IETF taking
> decisions to make things easy for ourselves. But what is the biggest
> problem we face? Is it really our personal ability to exchange email
> on mailing lists? I thought there were rather more important
> objectives at stake.
Actually, yes, the mailing list model and the fact that we contribute
as individuals are both pretty important objectives, not incidentals,
in the way the IETF works, distinctly different from the model in some
other SDOs. And please, I wasn't finger-pointing when I started this thread:
I was asking how do we fix this, since it apparently concerns 15 to 20%
of IETF participants.
Architecturally, we need to validate that phill@xxxxxxxxxxxxxxx is the
genuine sender even after the message has been relayed. DMARC doesn't do
that in its present form.
Brian