Re: Yahoo DMARC breakage

[Dave Crocker <dhc2 () dcrocker net>]

On 4/9/2014 7:25 PM, Miles Fidelman wrote:
> Dave Crocker wrote:
> > Everything they are doing is "legal".
> >
> > Your (possibly entirely valid) assessment that their action is
> > ill-advised or unpleasant does not equal broken.
>
> Well, sort of - given that DMARC is still an Internet draft, not even an
> experimental standard.  Maybe it's doing what the draft says it is - but
> it's an alpha-level protocol, that breaks a lot of things it touches. If
> not "broken" it's certainly "not ready for prime time" - and large scale
> deployment is akin to a DDoS attack - i.e., not "ill-advised" but
> verging on criminal.


While IETF "full" standards status does indicate real deployment and 
serious technical maturity, IETF Proposed Standard does not mean mature 
or immature, given the varied history of work leading to Proposed.

SSL was quite mature, before the IETF did enhancements to produce TLS.

The IETF's version of DKIM was essentially v4 for the technology.

DMARC is estimated to currently cover roughly 60% of the world's email 
traffic.  As "not ready for prime time" goes, that's quite a lot of 
prime time.

Yahoo! is choosing to apply the technology for usage scenarios that have 
long been known to be problematic.  Again, they've made an informed 
choice.  Whether it's justified and whether it was the right choice is 
more of a political or management discussion than a technical one.

In technical terms, DMARC is reasonably simple and reasonably well 
understood and extensively deployed.

For most discussions, that qualifies as 'mature'...

d/


--
Dave Crocker
Brandenburg InternetWorking
bbiw.net