DMARC BOF at IETF 87 on 31 July 2013 Minutes by John Levine and Russ Housley - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Agenda Summary of DMARC -- Presentation: Murray Kucherawy -- Goal: Common foundation of DMARC -- Note: DMARC specification is being AD sponsored Summary of Open Issues -- Goal: What is left for a working group to do? Possible Technical Issues -- Presentation: Trent Adams Deployment & Usage Issues -- Presentation: Dave Crocker Charter review -- Presentation: Trent Adams -- Goal: Discuss the draft charter Hums -- Facilitator: Barry Leiba -- Goal: Is there adequate support for a DMARC WG? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Minutes * Summary of DMARC (Murray Kucherawy) Murray provided a brief summary of the history of DMARC and a technical summary of DMARC. The policy and reporting components were briefly described. The proposed charter does not include any work on the base DMARC specification. Barry is sponsoring the DMARC base specification as an individual submission on the standards track. * Possible Technical Issues (Trent Adams) Trent talked about some extensions to the DMARC base specification that might be worked on by the proposed working group. The extensions include display names, mailing lists, report transport, and organizational domains. After the presentation, there were discussions on implementation bugs and further possible extensions were uncovered, including From line comments, Subject line, EAI addresses. In addition, concerns were raised about the DMARC reporting becoming a vector for denial of service attacks. * Deployment & Usage Issues (Dave Crocker) Dave pointed out that DMARC employs a new kind of policy publication. Dave suggested that the proposed working group produce a BCP on this topic. * Charter Review (Trent Adams) The proposed charter is available at http://wiki.tools.ieM.org/wg/appsawg/trac/wiki/DMARC. Several people were concerned that the base document is not yet done. Given that the DMARC base specification was done successfully outside the IETF, why not let that same community tackle the extensions and the BCP. The non-IETF group responded that they want help from the IETF, especially on issues like EAI. Pete Resnick said that it will be hard to identify IETF consensus for an AD-sponsored standards-track specification. Barry Leiba agrees, and he will not take the document to the IESG until there is enough review and IETF consensus. Barry Leiba wonders whether there are some things that need to be fixed, and if the proposed working group would be a place for this work, if any bugs are found, to take place. John Levine says maybe, if the group has adequate advice from experts in EAI, http, and so on. * Hums (Barry Leiba) Barry asked three questions. (1) Are you willing to work in the proposed working group? There were a more than a dozen people willing to do work. (2) Are you willing to work as a document author in the proposed working group? There were at least five people willing to write documents. (3) Can the proposed working group be chartered before the DMARC base specification is approved for publication as an RFC? A vast majority indicated that work should start now. Work ought to begin while the MARC base specification is and Internet-Draft.