-
Notifications
You must be signed in to change notification settings - Fork 4
/
draft-ietf-dmarc-psd-10-from-1.diff.html
342 lines (341 loc) · 70.9 KB
/
draft-ietf-dmarc-psd-10-from-1.diff.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!-- Generated by rfcdiff 1.34: rfcdiff -->
<!-- <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional" > -->
<!-- System: Darwin boiler.local 20.3.0 Darwin Kernel Version 20.3.0: Thu Jan 21 00:07:06 PST 2021; root:xnu-7195.81.3~1/RELEASE_X86_64 x86_64 -->
<!-- Using awk: /opt/local/bin/gawk: GNU Awk 5.1.0, API: 3.0 -->
<!-- Using diff: /usr/bin/diff: diff (GNU diffutils) 2.8.1 -->
<!-- Using wdiff: /opt/local/bin/wdiff: wdiff (GNU wdiff) 1.2.2 -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta http-equiv="Content-Style-Type" content="text/css" />
<title>Diff: draft-ietf-dmarc-psd-11.txt - draft-ietf-dmarc-psd-10.txt</title>
<style type="text/css">
body { margin: 0.4ex; margin-right: auto; }
tr { }
td { white-space: pre; font-family: monospace; vertical-align: top; font-size: 0.86em;}
th { font-size: 0.86em; }
.small { font-size: 0.6em; font-style: italic; font-family: Verdana, Helvetica, sans-serif; }
.left { background-color: #EEE; }
.right { background-color: #FFF; }
.diff { background-color: #CCF; }
.lblock { background-color: #BFB; }
.rblock { background-color: #FF8; }
.insert { background-color: #8FF; }
.delete { background-color: #ACF; }
.void { background-color: #FFB; }
.cont { background-color: #EEE; }
.linebr { background-color: #AAA; }
.lineno { color: red; background-color: #FFF; font-size: 0.7em; text-align: right; padding: 0 2px; }
.elipsis{ background-color: #AAA; }
.left .cont { background-color: #DDD; }
.right .cont { background-color: #EEE; }
.lblock .cont { background-color: #9D9; }
.rblock .cont { background-color: #DD6; }
.insert .cont { background-color: #0DD; }
.delete .cont { background-color: #8AD; }
.stats, .stats td, .stats th { background-color: #EEE; padding: 2px 0; }
</style>
</head>
<body >
<table border="0" cellpadding="0" cellspacing="0">
<tr bgcolor="orange"><th></th><th> draft-ietf-dmarc-psd-11.txt </th><th> </th><th> draft-ietf-dmarc-psd-10.txt </th><th></th></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">Network Working Group S. Kitterman</td><td> </td><td class="right">Network Working Group S. Kitterman</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">Internet-Draft fTLD Registry Services</td><td> </td><td class="right">Internet-Draft fTLD Registry Services</td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0001" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock">Intended status: Experimental January <span class="delete">1,</span> 2021</td><td> </td><td class="rblock">Intended status: Experimental January <span class="insert">23,</span> 2021</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock">Expires: July <span class="delete">5,</span> 2021</td><td> </td><td class="rblock">Expires: July <span class="insert">27,</span> 2021</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Experimental DMARC Extension For Public Suffix Domains</td><td> </td><td class="right"> Experimental DMARC Extension For Public Suffix Domains</td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0002" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> draft-ietf-dmarc-psd-1<span class="delete">1</span></td><td> </td><td class="rblock"> draft-ietf-dmarc-psd-1<span class="insert">0</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">Abstract</td><td> </td><td class="right">Abstract</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0003" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> <span class="delete">Domain-based</span> Message Authentication, Reporting, and <span class="delete">Conformance</span></td><td> </td><td class="rblock"> <span class="insert">DMARC (Domain-based</span> Message Authentication, Reporting, and</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> (DMARC) permits</span> a <span class="delete">domain-controlling</span> organization <span class="delete">to</span> express <span class="delete">domain-</span></td><td> </td><td class="rblock"> <span class="insert">Conformance) is</span> a <span class="insert">scalable mechanism by which a mail-originating</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> level</span> policies and preferences for message validation, disposition,</td><td> </td><td class="rblock"> organization <span class="insert">can</span> express <span class="insert">domain-level</span> policies and preferences for</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> and reporting, <span class="delete">which</span> a mail-receiving organization can use to improve</td><td> </td><td class="rblock"> message validation, disposition, and reporting, <span class="insert">that</span> a mail-receiving</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> mail handling.</td><td> </td><td class="rblock"> organization can use to improve mail handling. <span class="insert">The design of DMARC</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> presumes that domain names represent either nodes in the tree below</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> which registrations occur, or nodes where registrations have</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> occurred; it does not permit a domain name to have both of these</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> properties simultaneously. Since its deployment in 2015, use of</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> DMARC has shown a clear need for the ability to express policy for</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> these domains as well.</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0004" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> <span class="delete">DMARC distinguishes the portion of a name that is a Public Suffix</span></td><td> </td><td class="rblock"> <span class="insert">Domains at</span> which <span class="insert">registrations can occur</span> are <span class="insert">referred</span> to <span class="insert">as Public</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> Domain (PSD), below</span> which <span class="delete">organizational domain names</span> are <span class="delete">created.</span></td><td> </td><td class="rblock"><span class="insert"> Suffix Domains (PSDs).</span> This document describes an extension to DMARC</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> The basic DMARC capability allows organizational domains to specify</span></td><td> </td><td class="rblock"> to enable DMARC functionality for PSDs.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> policies that apply</span> to <span class="delete">their subdomains, but it does not give that</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> capability to PSDs.</span> This document describes an extension to DMARC to</td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> <span class="delete">fully</span> enable DMARC functionality for PSDs.</td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0005" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> <span class="delete">Some</span> implementations <span class="delete">of DMARC</span> consider a <span class="delete">PSD</span> to be ineligible for</td><td> </td><td class="rblock"> <span class="insert">This document also seeks to address</span> implementations <span class="insert">that</span> consider a</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> DMARC enforcement. <span class="delete">This specification addresses that case.</span></td><td> </td><td class="rblock"> <span class="insert">domain on a public Suffix list</span> to be ineligible for DMARC</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> enforcement.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">Status of This Memo</td><td> </td><td class="right">Status of This Memo</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> This Internet-Draft is submitted in full conformance with the</td><td> </td><td class="right"> This Internet-Draft is submitted in full conformance with the</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> provisions of BCP 78 and BCP 79.</td><td> </td><td class="right"> provisions of BCP 78 and BCP 79.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Internet-Drafts are working documents of the Internet Engineering</td><td> </td><td class="right"> Internet-Drafts are working documents of the Internet Engineering</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Task Force (IETF). Note that other groups may also distribute</td><td> </td><td class="right"> Task Force (IETF). Note that other groups may also distribute</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> working documents as Internet-Drafts. The list of current Internet-</td><td> </td><td class="right"> working documents as Internet-Drafts. The list of current Internet-</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Drafts is at https://datatracker.ietf.org/drafts/current/.</td><td> </td><td class="right"> Drafts is at https://datatracker.ietf.org/drafts/current/.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Internet-Drafts are draft documents valid for a maximum of six months</td><td> </td><td class="right"> Internet-Drafts are draft documents valid for a maximum of six months</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> and may be updated, replaced, or obsoleted by other documents at any</td><td> </td><td class="right"> and may be updated, replaced, or obsoleted by other documents at any</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> time. It is inappropriate to use Internet-Drafts as reference</td><td> </td><td class="right"> time. It is inappropriate to use Internet-Drafts as reference</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> material or to cite them other than as "work in progress."</td><td> </td><td class="right"> material or to cite them other than as "work in progress."</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0006" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> This Internet-Draft will expire on July <span class="delete">5</span>, 2021.</td><td> </td><td class="rblock"> This Internet-Draft will expire on July <span class="insert">27</span>, 2021.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">Copyright Notice</td><td> </td><td class="right">Copyright Notice</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Copyright (c) 2021 IETF Trust and the persons identified as the</td><td> </td><td class="right"> Copyright (c) 2021 IETF Trust and the persons identified as the</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> document authors. All rights reserved.</td><td> </td><td class="right"> document authors. All rights reserved.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> This document is subject to BCP 78 and the IETF Trust's Legal</td><td> </td><td class="right"> This document is subject to BCP 78 and the IETF Trust's Legal</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Provisions Relating to IETF Documents</td><td> </td><td class="right"> Provisions Relating to IETF Documents</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> (https://trustee.ietf.org/license-info) in effect on the date of</td><td> </td><td class="right"> (https://trustee.ietf.org/license-info) in effect on the date of</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> publication of this document. Please review these documents</td><td> </td><td class="right"> publication of this document. Please review these documents</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr bgcolor="gray" ><td></td><th><a name="part-l2" /><small>skipping to change at</small><em> page 2, line 34</em></th><th> </th><th><a name="part-r2" /><small>skipping to change at</small><em> page 2, line 34</em></th><td></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> 1.2. Discussion . . . . . . . . . . . . . . . . . . . . . . . 4</td><td> </td><td class="right"> 1.2. Discussion . . . . . . . . . . . . . . . . . . . . . . . 4</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> 2. Terminology and Definitions . . . . . . . . . . . . . . . . . 5</td><td> </td><td class="right"> 2. Terminology and Definitions . . . . . . . . . . . . . . . . . 5</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> 2.1. Conventions Used in This Document . . . . . . . . . . . . 5</td><td> </td><td class="right"> 2.1. Conventions Used in This Document . . . . . . . . . . . . 5</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> 2.2. Public Suffix Domain (PSD) . . . . . . . . . . . . . . . 5</td><td> </td><td class="right"> 2.2. Public Suffix Domain (PSD) . . . . . . . . . . . . . . . 5</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> 2.3. Organizational Domain . . . . . . . . . . . . . . . . . . 6</td><td> </td><td class="right"> 2.3. Organizational Domain . . . . . . . . . . . . . . . . . . 6</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> 2.4. Longest PSD . . . . . . . . . . . . . . . . . . . . . . . 6</td><td> </td><td class="right"> 2.4. Longest PSD . . . . . . . . . . . . . . . . . . . . . . . 6</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> 2.5. Public Suffix Operator (PSO) . . . . . . . . . . . . . . 6</td><td> </td><td class="right"> 2.5. Public Suffix Operator (PSO) . . . . . . . . . . . . . . 6</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> 2.6. PSO Controlled Domain Names . . . . . . . . . . . . . . . 6</td><td> </td><td class="right"> 2.6. PSO Controlled Domain Names . . . . . . . . . . . . . . . 6</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> 2.7. Non-existent Domains . . . . . . . . . . . . . . . . . . 6</td><td> </td><td class="right"> 2.7. Non-existent Domains . . . . . . . . . . . . . . . . . . 6</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> 3. PSD DMARC Updates to DMARC Requirements . . . . . . . . . . . 6</td><td> </td><td class="right"> 3. PSD DMARC Updates to DMARC Requirements . . . . . . . . . . . 6</td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0007" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> 3.1. General Updates . . . . . . . . . . . . . . . . . . . . . <span class="delete">6</span></td><td> </td><td class="rblock"> 3.1. General Updates . . . . . . . . . . . . . . . . . . . . . <span class="insert">7</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> 3.2. Changes in Section 6.3 "General Record Format" . . . . . 7</td><td> </td><td class="right"> 3.2. Changes in Section 6.3 "General Record Format" . . . . . 7</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> 3.3. Changes in Section 6.5 "Domain Owner Actions" . . . . . . 7</td><td> </td><td class="right"> 3.3. Changes in Section 6.5 "Domain Owner Actions" . . . . . . 7</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> 3.4. Changes in Section 6.6.1 "Extract Author Domain" . . . . 7</td><td> </td><td class="right"> 3.4. Changes in Section 6.6.1 "Extract Author Domain" . . . . 7</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> 3.5. Changes in Section 6.6.3 "Policy Discovery" . . . . . . . 8</td><td> </td><td class="right"> 3.5. Changes in Section 6.6.3 "Policy Discovery" . . . . . . . 8</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> 3.6. Changes in Section 7 "DMARC Feedback" . . . . . . . . . . 8</td><td> </td><td class="right"> 3.6. Changes in Section 7 "DMARC Feedback" . . . . . . . . . . 8</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> 4. Privacy Considerations . . . . . . . . . . . . . . . . . . . 8</td><td> </td><td class="right"> 4. Privacy Considerations . . . . . . . . . . . . . . . . . . . 8</td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0008" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> 4.1. Feedback leakage . . . . . . . . . . . . . . . . . . . . <span class="delete">8</span></td><td> </td><td class="rblock"> 4.1. Feedback leakage . . . . . . . . . . . . . . . . . . . . <span class="insert">9</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> 5. Security Considerations . . . . . . . . . . . . . . . . . . . 10</td><td> </td><td class="right"> 5. Security Considerations . . . . . . . . . . . . . . . . . . . 10</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10</td><td> </td><td class="right"> 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> 6.1. Subdomain Policy Tag . . . . . . . . . . . . . . . . . . 10</td><td> </td><td class="right"> 6.1. Subdomain Policy Tag . . . . . . . . . . . . . . . . . . 10</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 10</td><td> </td><td class="right"> 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 10</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> 7.1. Normative References . . . . . . . . . . . . . . . . . . 10</td><td> </td><td class="right"> 7.1. Normative References . . . . . . . . . . . . . . . . . . 10</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> 7.2. Informative References . . . . . . . . . . . . . . . . . 11</td><td> </td><td class="right"> 7.2. Informative References . . . . . . . . . . . . . . . . . 11</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Appendix A. PSD DMARC Privacy Concern Mitigation Experiment . . 12</td><td> </td><td class="right"> Appendix A. PSD DMARC Privacy Concern Mitigation Experiment . . 12</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Appendix B. DMARC PSD Registry Examples . . . . . . . . . . . . 12</td><td> </td><td class="right"> Appendix B. DMARC PSD Registry Examples . . . . . . . . . . . . 12</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> B.1. DMARC PSD DNS Query Service . . . . . . . . . . . . . . . 12</td><td> </td><td class="right"> B.1. DMARC PSD DNS Query Service . . . . . . . . . . . . . . . 12</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> B.2. DMARC Public Suffix Domain (PSD) Registry . . . . . . . . 12</td><td> </td><td class="right"> B.2. DMARC Public Suffix Domain (PSD) Registry . . . . . . . . 12</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> B.3. DMARC PSD PSL Extension . . . . . . . . . . . . . . . . . 13</td><td> </td><td class="right"> B.3. DMARC PSD PSL Extension . . . . . . . . . . . . . . . . . 13</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Appendix C. Implementations . . . . . . . . . . . . . . . . . . 13</td><td> </td><td class="right"> Appendix C. Implementations . . . . . . . . . . . . . . . . . . 13</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> C.1. Authheaders Module . . . . . . . . . . . . . . . . . . . 13</td><td> </td><td class="right"> C.1. Authheaders Module . . . . . . . . . . . . . . . . . . . 13</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> C.2. Zdkimfilter Module . . . . . . . . . . . . . . . . . . . 14</td><td> </td><td class="right"> C.2. Zdkimfilter Module . . . . . . . . . . . . . . . . . . . 14</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 14</td><td> </td><td class="right"> Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 14</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 14</td><td> </td><td class="right"> Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 14</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">1. Introduction</td><td> </td><td class="right">1. Introduction</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0009" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> DMARC <span class="delete">([RFC7489])</span> provides a mechanism for publishing organizational</td><td> </td><td class="rblock"> DMARC <span class="insert">[RFC7489]</span> provides a mechanism for publishing organizational</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> policy information to email receivers. DMARC allows policy to be</td><td> </td><td class="right"> policy information to email receivers. DMARC allows policy to be</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> specified for both individual domains and for organizational domains</td><td> </td><td class="right"> specified for both individual domains and for organizational domains</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> and their sub-domains within a single organization.</td><td> </td><td class="right"> and their sub-domains within a single organization.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> To determine the organizational domain for a message under</td><td> </td><td class="right"> To determine the organizational domain for a message under</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> evaluation, and thus where to look for a policy statement, DMARC</td><td> </td><td class="right"> evaluation, and thus where to look for a policy statement, DMARC</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> makes use of a Public Suffix List. The process for doing this can be</td><td> </td><td class="right"> makes use of a Public Suffix List. The process for doing this can be</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> found in Section 3.2 of the DMARC specification.</td><td> </td><td class="right"> found in Section 3.2 of the DMARC specification.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0010" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> <span class="delete">In the basic</span> DMARC <span class="delete">model, PSDs</span> are not organizational domains and <span class="delete">are</span></td><td> </td><td class="rblock"> DMARC <span class="insert">as specified presumes that domain names present in a PSL</span> are</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> thus not subject to DMARC <span class="delete">processing. In DMARC, domains fall into</span></td><td> </td><td class="rblock"> not organizational domains and thus not subject to DMARC <span class="insert">processing;</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> one of three categories:</span> organizational domains, sub-domains of</td><td> </td><td class="rblock"><span class="insert"> domains are either</span> organizational domains, sub-domains of</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> organizational domains, or <span class="delete">PSDs. A PSD</span> can only <span class="delete">publish DMARC policy</span></td><td> </td><td class="rblock"> organizational domains, or <span class="insert">listed on a PSL. For domains listed in a</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> for <span class="delete">itself, and not</span> for <span class="delete">any sub-domains under it. In some cases,</span></td><td> </td><td class="rblock"><span class="insert"> PSL, i.e., TLDs and domains that exist between TLDs and organization</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> this limitation</span> allows for the abuse of non-existent <span class="delete">organizational-</span></td><td> </td><td class="rblock"><span class="insert"> level domains, policy</span> can only <span class="insert">be published</span> for <span class="insert">the exact domain. No</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> level</span> domains and <span class="delete">hampers</span> identification of domain abuse in email.</td><td> </td><td class="rblock"><span class="insert"> method is available</span> for <span class="insert">these domains to express policy or receive</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> feedback reporting for sub-domains. This missing method</span> allows for</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> the abuse of non-existent <span class="insert">organizational-level</span> domains and <span class="insert">prevents</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> identification of domain abuse in email.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> This document specifies experimental updates to the DMARC and PSL</td><td> </td><td class="right"> This document specifies experimental updates to the DMARC and PSL</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> algorithm cited above, in an attempt to mitigate this abuse.</td><td> </td><td class="right"> algorithm cited above, in an attempt to mitigate this abuse.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">1.1. Example</td><td> </td><td class="right">1.1. Example</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0011" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> As an example, imagine a <span class="delete">Top-Level Domain (TLD), ".example", that</span> has</td><td> </td><td class="rblock"> As an example, imagine a <span class="insert">country code TLD (ccTLD) which</span> has public</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> public subdomains for government and commercial use (".gov.example"</td><td> </td><td class="rblock"> subdomains for government and commercial use (".gov.example" and</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> and ".com.example"). <span class="delete">The</span> maintainer of <span class="delete">a list of such a PSD</span></td><td> </td><td class="rblock"> ".com.example"). <span class="insert">A PSL whose</span> maintainer <span class="insert">is aware</span> of <span class="insert">this country's</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> structure would</span> include entries for both of these <span class="delete">sub-domains,</span></td><td> </td><td class="rblock"><span class="insert"> domain structurewould</span> include entries for both of these <span class="insert">in the PSL,</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> thereby</span> indicating that they are <span class="delete">PSDs,</span> below which <span class="delete">organizational</span></td><td> </td><td class="rblock"> indicating that they are <span class="insert">PSDs</span> below which <span class="insert">registrations</span> can <span class="insert">occur.</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> domains</span> can <span class="delete">be registered.</span> Suppose further that there exists a</td><td> </td><td class="rblock"> Suppose further that there exists a domain "tax.gov.example",</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> <span class="delete">legitimate</span> domain <span class="delete">called</span> "tax.gov.example", registered within</td><td> </td><td class="rblock"> registered within <span class="insert">".gov.example", that is responsible for taxation in</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> <span class="delete">".gov.example".</span></td><td> </td><td class="rblock"><span class="insert"> this imagined country.</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> However, by exploiting the typically unauthenticated nature of email,</td><td> </td><td class="right"> However, by exploiting the typically unauthenticated nature of email,</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> there are regular malicious campaigns to impersonate this</td><td> </td><td class="right"> there are regular malicious campaigns to impersonate this</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> organization that use similar-looking ("cousin") domains such as</td><td> </td><td class="right"> organization that use similar-looking ("cousin") domains such as</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> "t4x.gov.example". Such domains are not registered.</td><td> </td><td class="right"> "t4x.gov.example". Such domains are not registered.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Within the ".gov.example" public suffix, use of DMARC has been</td><td> </td><td class="right"> Within the ".gov.example" public suffix, use of DMARC has been</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> mandated, so "gov.example" publishes the following DMARC DNS record:</td><td> </td><td class="right"> mandated, so "gov.example" publishes the following DMARC DNS record:</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> _dmarc.gov.example. IN TXT ( "v=DMARC1; p=reject; "</td><td> </td><td class="right"> _dmarc.gov.example. IN TXT ( "v=DMARC1; p=reject; "</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> "rua=mailto:[email protected]" )</td><td> </td><td class="right"> "rua=mailto:[email protected]" )</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> This DMARC record provides policy and a reporting destination for</td><td> </td><td class="right"> This DMARC record provides policy and a reporting destination for</td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0012" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> mail sent from @gov.example. <span class="delete">Similarly, "tax.gov.example" will have</span></td><td> </td><td class="rblock"> mail sent from @gov.example. However, due to DMARC's current method</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> a DMARC record that specifies policy for mail sent from addresses</span></td><td> </td><td class="rblock"> of discovering and applying policy at the organizational domain</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> @tax.gov.example.</span> However, due to DMARC's current method of</td><td> </td><td class="rblock"> level, the non-existent organizational domain of @t4x.gov.example</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> discovering and applying policy at the organizational domain level,</td><td> </td><td class="rblock"> does not and cannot fall under a DMARC policy.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> the non-existent organizational domain of @t4x.gov.example does not</td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> and cannot fall under a DMARC policy.</td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Defensively registering all variants of "tax" is obviously not a</td><td> </td><td class="right"> Defensively registering all variants of "tax" is obviously not a</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> scalable strategy. The intent of this specification, therefore, is</td><td> </td><td class="right"> scalable strategy. The intent of this specification, therefore, is</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> to enhance the DMARC algorithm by enabling an agent receiving such a</td><td> </td><td class="right"> to enhance the DMARC algorithm by enabling an agent receiving such a</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> message to be able to determine that a relevant policy is present at</td><td> </td><td class="right"> message to be able to determine that a relevant policy is present at</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> "gov.example", which is precluded by the current DMARC algorithm.</td><td> </td><td class="right"> "gov.example", which is precluded by the current DMARC algorithm.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">1.2. Discussion</td><td> </td><td class="right">1.2. Discussion</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0013" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> This document provides a simple extension to [RFC7489] to allow</td><td> </td><td class="rblock"> This document provides a simple extension to <span class="insert">DMARC </span>[RFC7489] to allow</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> operators of Public Suffix Domains (PSDs) to:</td><td> </td><td class="right"> operators of Public Suffix Domains (PSDs) to:</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> o Express policy at the level of the PSD that covers all</td><td> </td><td class="right"> o Express policy at the level of the PSD that covers all</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> organizational domains that do not explicitly publish DMARC</td><td> </td><td class="right"> organizational domains that do not explicitly publish DMARC</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> records</td><td> </td><td class="right"> records</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> o Extends the DMARC policy query functionality to detect and process</td><td> </td><td class="right"> o Extends the DMARC policy query functionality to detect and process</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> such a policy</td><td> </td><td class="right"> such a policy</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> o Describes receiver feedback for such policies</td><td> </td><td class="right"> o Describes receiver feedback for such policies</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr bgcolor="gray" ><td></td><th><a name="part-l3" /><small>skipping to change at</small><em> page 4, line 48</em></th><th> </th><th><a name="part-r3" /><small>skipping to change at</small><em> page 4, line 49</em></th><td></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> This document also provides a new DMARC tag to indicate requested</td><td> </td><td class="right"> This document also provides a new DMARC tag to indicate requested</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> handling policy for non-existent subdommains. This is provided</td><td> </td><td class="right"> handling policy for non-existent subdommains. This is provided</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> specifically to support phased deployment of PSD DMARC, but is</td><td> </td><td class="right"> specifically to support phased deployment of PSD DMARC, but is</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> expected to be useful more generally. Undesired rejection risks for</td><td> </td><td class="right"> expected to be useful more generally. Undesired rejection risks for</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> mail purporting to be from domains that do not exist are</td><td> </td><td class="right"> mail purporting to be from domains that do not exist are</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> substantially lower than for those that do, so the operational risk</td><td> </td><td class="right"> substantially lower than for those that do, so the operational risk</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> of requesting harsh policy treatment (e.g. reject) is lower.</td><td> </td><td class="right"> of requesting harsh policy treatment (e.g. reject) is lower.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> As an additional benefit, the PSD DMARC extension clarifies existing</td><td> </td><td class="right"> As an additional benefit, the PSD DMARC extension clarifies existing</td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0014" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> requirements. Based on the requirements of [RFC7489], DMARC should</td><td> </td><td class="rblock"> requirements. Based on the requirements of <span class="insert">DMARC</span> [RFC7489], DMARC</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> function above the organizational level for exact domain matches</td><td> </td><td class="rblock"> should function above the organizational level for exact domain</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> (i.e. if a DMARC record were published for 'example', then mail from</td><td> </td><td class="rblock"> matches (i.e. if a DMARC record were published for 'example', then</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> example@example should be subject to DMARC processing). Testing had</td><td> </td><td class="rblock"> mail from example@example should be subject to DMARC processing).</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> revealed that this is not consistently applied in different</td><td> </td><td class="rblock"> </td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> implementations.</td><td> </td><td class="rblock"> Testing had revealed that this is not consistently applied in</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> different implementations.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> There are two types of Public Suffix Operators (PSOs) for which this</td><td> </td><td class="right"> There are two types of Public Suffix Operators (PSOs) for which this</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> extension would be useful and appropriate:</td><td> </td><td class="right"> extension would be useful and appropriate:</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> o Branded PSDs (e.g., ".google"): These domains are effectively</td><td> </td><td class="right"> o Branded PSDs (e.g., ".google"): These domains are effectively</td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0015" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> Organizational Domains as discussed in [RFC7489]. They control</td><td> </td><td class="rblock"> Organizational Domains as discussed in <span class="insert">DMARC</span> [RFC7489]. They</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> all subdomains of the tree. These are effectively private</td><td> </td><td class="rblock"> control all subdomains of the tree. These are effectively private</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> domains, but listed in the Public Suffix List. They are treated</td><td> </td><td class="right"> domains, but listed in the Public Suffix List. They are treated</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> as Public for DMARC purposes. They require the same protections</td><td> </td><td class="right"> as Public for DMARC purposes. They require the same protections</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> as DMARC Organizational Domains, but are currently unable to</td><td> </td><td class="right"> as DMARC Organizational Domains, but are currently unable to</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> benefit from DMARC.</td><td> </td><td class="right"> benefit from DMARC.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> o Multi-organization PSDs that require DMARC usage (e.g., ".bank"):</td><td> </td><td class="right"> o Multi-organization PSDs that require DMARC usage (e.g., ".bank"):</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Because existing Organizational Domains using this PSD have their</td><td> </td><td class="right"> Because existing Organizational Domains using this PSD have their</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> own DMARC policy, the applicability of this extension is for non-</td><td> </td><td class="right"> own DMARC policy, the applicability of this extension is for non-</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> existent domains. The extension allows the brand protection</td><td> </td><td class="right"> existent domains. The extension allows the brand protection</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> benefits of DMARC to extend to the entire PSD, including cousin</td><td> </td><td class="right"> benefits of DMARC to extend to the entire PSD, including cousin</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> domains of registered organizations.</td><td> </td><td class="right"> domains of registered organizations.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Due to the design of DMARC and the nature of the Internet email</td><td> </td><td class="right"> Due to the design of DMARC and the nature of the Internet email</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> architecture [RFC5598], there are interoperability issues associated</td><td> </td><td class="right"> architecture [RFC5598], there are interoperability issues associated</td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0016" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> with DMARC deployment. These are discussed in Interoperability</td><td> </td><td class="rblock"> with DMARC <span class="insert">[RFC7489]</span> deployment. These are discussed in</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> Issues between DMARC and Indirect Email Flows [RFC7960]. These</td><td> </td><td class="rblock"> Interoperability Issues between DMARC and Indirect Email Flows</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> issues are not typically applicable to PSDs, since they (e.g., the</td><td> </td><td class="rblock"> [RFC7960]. These issues are not typically applicable to PSDs, since</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> ".gov.example" used above) do not typically send mail.</td><td> </td><td class="rblock"> they (e.g., the ".gov.example" used above) do not typically send</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> mail.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">2. Terminology and Definitions</td><td> </td><td class="right">2. Terminology and Definitions</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> This section defines terms used in the rest of the document.</td><td> </td><td class="right"> This section defines terms used in the rest of the document.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">2.1. Conventions Used in This Document</td><td> </td><td class="right">2.1. Conventions Used in This Document</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",</td><td> </td><td class="right"> The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and</td><td> </td><td class="right"> "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> "OPTIONAL" in this document are to be interpreted as described in</td><td> </td><td class="right"> "OPTIONAL" in this document are to be interpreted as described in</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr bgcolor="gray" ><td></td><th><a name="part-l4" /><small>skipping to change at</small><em> page 6, line 16</em></th><th> </th><th><a name="part-r4" /><small>skipping to change at</small><em> page 6, line 17</em></th><td></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> tree at which to register domain names "owned" by independent</td><td> </td><td class="right"> tree at which to register domain names "owned" by independent</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> organizations. Real-world examples are ".com", ".org", ".us", and</td><td> </td><td class="right"> organizations. Real-world examples are ".com", ".org", ".us", and</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> ".gov.uk". Names at which such registrations occur are called Public</td><td> </td><td class="right"> ".gov.uk". Names at which such registrations occur are called Public</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Suffix Domains (PSDs), and a registration consists of a label</td><td> </td><td class="right"> Suffix Domains (PSDs), and a registration consists of a label</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> selected by the registrant to which a desirable PSD is appended. For</td><td> </td><td class="right"> selected by the registrant to which a desirable PSD is appended. For</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> example, "ietf.org" is a registered domain name, and ".org" is its</td><td> </td><td class="right"> example, "ietf.org" is a registered domain name, and ".org" is its</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> PSD.</td><td> </td><td class="right"> PSD.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">2.3. Organizational Domain</td><td> </td><td class="right">2.3. Organizational Domain</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0017" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> The term Organizational Domains is defined in [RFC7489] Section 3.2.</td><td> </td><td class="rblock"> The term Organizational Domains is defined in <span class="insert">DMARC</span> [RFC7489]</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> Section 3.2.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">2.4. Longest PSD</td><td> </td><td class="right">2.4. Longest PSD</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> The longest PSD is the Organizational Domain with one label removed.</td><td> </td><td class="right"> The longest PSD is the Organizational Domain with one label removed.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> It names the immediate parent node of the Organizational Domain in</td><td> </td><td class="right"> It names the immediate parent node of the Organizational Domain in</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> the DNS namespace tree.</td><td> </td><td class="right"> the DNS namespace tree.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">2.5. Public Suffix Operator (PSO)</td><td> </td><td class="right">2.5. Public Suffix Operator (PSO)</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> A Public Suffix Operator is an organization which manages operations</td><td> </td><td class="right"> A Public Suffix Operator is an organization which manages operations</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr bgcolor="gray" ><td></td><th><a name="part-l5" /><small>skipping to change at</small><em> page 11, line 46</em></th><th> </th><th><a name="part-r5" /><small>skipping to change at</small><em> page 11, line 46</em></th><td></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> DOI 10.17487/RFC6973, July 2013,</td><td> </td><td class="right"> DOI 10.17487/RFC6973, July 2013,</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> <https://www.rfc-editor.org/info/rfc6973>.</td><td> </td><td class="right"> <https://www.rfc-editor.org/info/rfc6973>.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> [RFC7624] Barnes, R., Schneier, B., Jennings, C., Hardie, T.,</td><td> </td><td class="right"> [RFC7624] Barnes, R., Schneier, B., Jennings, C., Hardie, T.,</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Trammell, B., Huitema, C., and D. Borkmann,</td><td> </td><td class="right"> Trammell, B., Huitema, C., and D. Borkmann,</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> "Confidentiality in the Face of Pervasive Surveillance: A</td><td> </td><td class="right"> "Confidentiality in the Face of Pervasive Surveillance: A</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Threat Model and Problem Statement", RFC 7624,</td><td> </td><td class="right"> Threat Model and Problem Statement", RFC 7624,</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> DOI 10.17487/RFC7624, August 2015,</td><td> </td><td class="right"> DOI 10.17487/RFC7624, August 2015,</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> <https://www.rfc-editor.org/info/rfc7624>.</td><td> </td><td class="right"> <https://www.rfc-editor.org/info/rfc7624>.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0018" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> [RFC7960] Martin, F., Ed., Lear, E., Ed., Draegen<span class="delete">, T., Ed</span>., Zwicky,</td><td> </td><td class="rblock"> [RFC7960] Martin, F., Ed., Lear, E., Ed., Draegen<span class="insert">. Ed., T</span>., Zwicky,</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> E., Ed., and K. Andersen, Ed., "Interoperability Issues</td><td> </td><td class="right"> E., Ed., and K. Andersen, Ed., "Interoperability Issues</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> between Domain-based Message Authentication, Reporting,</td><td> </td><td class="right"> between Domain-based Message Authentication, Reporting,</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> and Conformance (DMARC) and Indirect Email Flows",</td><td> </td><td class="right"> and Conformance (DMARC) and Indirect Email Flows",</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> RFC 7960, DOI 10.17487/RFC7960, September 2016,</td><td> </td><td class="right"> RFC 7960, DOI 10.17487/RFC7960, September 2016,</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> <https://www.rfc-editor.org/info/rfc7960>.</td><td> </td><td class="right"> <https://www.rfc-editor.org/info/rfc7960>.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> [RFC8020] Bortzmeyer, S. and S. Huque, "NXDOMAIN: There Really Is</td><td> </td><td class="right"> [RFC8020] Bortzmeyer, S. and S. Huque, "NXDOMAIN: There Really Is</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Nothing Underneath", RFC 8020, DOI 10.17487/RFC8020,</td><td> </td><td class="right"> Nothing Underneath", RFC 8020, DOI 10.17487/RFC8020,</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> November 2016, <https://www.rfc-editor.org/info/rfc8020>.</td><td> </td><td class="right"> November 2016, <https://www.rfc-editor.org/info/rfc8020>.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td></td><td class="left"></td><td> </td><td class="right"></td><td></td></tr>
<tr bgcolor="gray"><th colspan="5" align="center"><a name="end"> End of changes. 18 change blocks. </a></th></tr>
<tr class="stats"><td></td><th><i>56 lines changed or deleted</i></th><th><i> </i></th><th><i>64 lines changed or added</i></th><td></td></tr>
<tr><td colspan="5" align="center" class="small"><br/>This html diff was produced by rfcdiff 1.34. The latest version is available from <a href="http://www.tools.ietf.org/tools/rfcdiff/" >http://tools.ietf.org/tools/rfcdiff/</a> </td></tr>
</table>
</body>
</html>