-
Notifications
You must be signed in to change notification settings - Fork 4
/
draft-ietf-dmarc-psd-09-from-8.diff.html
605 lines (599 loc) · 107 KB
/
draft-ietf-dmarc-psd-09-from-8.diff.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!-- Generated by rfcdiff 1.46: rfcdiff -->
<!-- <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional" > -->
<!-- System: Linux Zini-1880 4.19.0-10-amd64 #1 SMP Debian 4.19.132-1 (2020-07-24) x86_64 GNU/Linux -->
<!-- Using awk: /usr/bin/gawk: GNU Awk 4.2.1, API: 2.0 (GNU MPFR 4.0.2, GNU MP 6.1.2) -->
<!-- Using diff: /usr/bin/diff: diff (GNU diffutils) 3.7 -->
<!-- Using wdiff: /usr/bin/wdiff: wdiff (GNU wdiff) 1.2.2 -->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="Content-Style-Type" content="text/css" />
<title>Diff: draft-ietf-dmarc-psd-08.txt - draft-ietf-dmarc-psd-09.txt</title>
<style type="text/css">
body { margin: 0.4ex; margin-right: auto; }
tr { }
td { white-space: pre; font-family: monospace; vertical-align: top; font-size: 0.86em;}
th { font-size: 0.86em; }
.small { font-size: 0.6em; font-style: italic; font-family: Verdana, Helvetica, sans-serif; }
.left { background-color: #EEE; }
.right { background-color: #FFF; }
.diff { background-color: #CCF; }
.lblock { background-color: #BFB; }
.rblock { background-color: #FF8; }
.insert { background-color: #8FF; }
.delete { background-color: #ACF; }
.void { background-color: #FFB; }
.cont { background-color: #EEE; }
.linebr { background-color: #AAA; }
.lineno { color: red; background-color: #FFF; font-size: 0.7em; text-align: right; padding: 0 2px; }
.elipsis{ background-color: #AAA; }
.left .cont { background-color: #DDD; }
.right .cont { background-color: #EEE; }
.lblock .cont { background-color: #9D9; }
.rblock .cont { background-color: #DD6; }
.insert .cont { background-color: #0DD; }
.delete .cont { background-color: #8AD; }
.stats, .stats td, .stats th { background-color: #EEE; padding: 2px 0; }
span.hide { display: none; color: #aaa;} a:hover span { display: inline; } tr.change { background-color: gray; }
tr.change a { text-decoration: none; color: black }
</style>
<script>
var chunk_index = 0;
var old_chunk = null;
function format_chunk(index) {
var prefix = "diff";
var str = index.toString();
for (x=0; x<(4-str.length); ++x) {
prefix+='0';
}
return prefix + str;
}
function find_chunk(n){
return document.querySelector('tr[id$="' + n + '"]');
}
function change_chunk(offset) {
var index = chunk_index + offset;
var new_str;
var new_chunk;
new_str = format_chunk(index);
new_chunk = find_chunk(new_str);
if (!new_chunk) {
return;
}
if (old_chunk) {
old_chunk.style.outline = "";
}
old_chunk = new_chunk;
old_chunk.style.outline = "1px solid red";
window.location.replace("#" + new_str)
window.scrollBy(0,-100);
chunk_index = index;
}
document.onkeydown = function(e) {
switch (e.keyCode) {
case 78:
change_chunk(1);
break;
case 80:
change_chunk(-1);
break;
}
};
</script>
</head>
<body >
<table border="0" cellpadding="0" cellspacing="0">
<tr id="part-1" bgcolor="orange"><th></th><th> draft-ietf-dmarc-psd-08.txt </th><th> </th><th> draft-ietf-dmarc-psd-09.txt </th><th></th></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left">Network Working Group S. Kitterman</td><td> </td><td class="right">Network Working Group S. Kitterman</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left">Internet-Draft fTLD Registry Services</td><td> </td><td class="right">Internet-Draft fTLD Registry Services</td><td class="lineno"></td></tr>
<tr id="diff0001"><td></td></tr>
<tr><td class="lineno"></td><td class="lblock">Intended status: Experimental <span class="delete">March 12, 2020</span></td><td> </td><td class="rblock">Intended status: Experimental September <span class="insert">22,</span> 2020</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete">Expires:</span> September <span class="delete">13,</span> 2020</td><td> </td><td class="rblock"><span class="insert">Expires: March 26, 2021</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left">DMARC (Domain-based Message Authentication, Reporting, and Conformance)</td><td> </td><td class="right">DMARC (Domain-based Message Authentication, Reporting, and Conformance)</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> Extension For PSDs (Public Suffix Domains)</td><td> </td><td class="right"> Extension For PSDs (Public Suffix Domains)</td><td class="lineno"></td></tr>
<tr id="diff0002"><td></td></tr>
<tr><td class="lineno"></td><td class="lblock"> draft-ietf-dmarc-psd-0<span class="delete">8</span></td><td> </td><td class="rblock"> draft-ietf-dmarc-psd-0<span class="insert">9</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left">Abstract</td><td> </td><td class="right">Abstract</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> DMARC (Domain-based Message Authentication, Reporting, and</td><td> </td><td class="right"> DMARC (Domain-based Message Authentication, Reporting, and</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> Conformance) is a scalable mechanism by which a mail-originating</td><td> </td><td class="right"> Conformance) is a scalable mechanism by which a mail-originating</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> organization can express domain-level policies and preferences for</td><td> </td><td class="right"> organization can express domain-level policies and preferences for</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> message validation, disposition, and reporting, that a mail-receiving</td><td> </td><td class="right"> message validation, disposition, and reporting, that a mail-receiving</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> organization can use to improve mail handling. The design of DMARC</td><td> </td><td class="right"> organization can use to improve mail handling. The design of DMARC</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> presumes that domain names represent either nodes in the tree below</td><td> </td><td class="right"> presumes that domain names represent either nodes in the tree below</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> which registrations occur, or nodes where registrations have</td><td> </td><td class="right"> which registrations occur, or nodes where registrations have</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr id="part-2" class="change" ><td></td><th><small>skipping to change at</small><a href="#part-2"><em> page 1, line 49<span class="hide"> ¶</span></em></a></th><th> </th><th><small>skipping to change at</small><a href="#part-2"><em> page 1, line 49<span class="hide"> ¶</span></em></a></th><td></td></tr>
<tr><td class="lineno"></td><td class="left"> Internet-Drafts are working documents of the Internet Engineering</td><td> </td><td class="right"> Internet-Drafts are working documents of the Internet Engineering</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> Task Force (IETF). Note that other groups may also distribute</td><td> </td><td class="right"> Task Force (IETF). Note that other groups may also distribute</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> working documents as Internet-Drafts. The list of current Internet-</td><td> </td><td class="right"> working documents as Internet-Drafts. The list of current Internet-</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> Drafts is at https://datatracker.ietf.org/drafts/current/.</td><td> </td><td class="right"> Drafts is at https://datatracker.ietf.org/drafts/current/.</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> Internet-Drafts are draft documents valid for a maximum of six months</td><td> </td><td class="right"> Internet-Drafts are draft documents valid for a maximum of six months</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> and may be updated, replaced, or obsoleted by other documents at any</td><td> </td><td class="right"> and may be updated, replaced, or obsoleted by other documents at any</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> time. It is inappropriate to use Internet-Drafts as reference</td><td> </td><td class="right"> time. It is inappropriate to use Internet-Drafts as reference</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> material or to cite them other than as "work in progress."</td><td> </td><td class="right"> material or to cite them other than as "work in progress."</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr id="diff0003"><td></td></tr>
<tr><td class="lineno"></td><td class="lblock"> This Internet-Draft will expire on <span class="delete">September 13, 2020</span>.</td><td> </td><td class="rblock"> This Internet-Draft will expire on <span class="insert">March 26, 2021</span>.</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left">Copyright Notice</td><td> </td><td class="right">Copyright Notice</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> Copyright (c) 2020 IETF Trust and the persons identified as the</td><td> </td><td class="right"> Copyright (c) 2020 IETF Trust and the persons identified as the</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> document authors. All rights reserved.</td><td> </td><td class="right"> document authors. All rights reserved.</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> This document is subject to BCP 78 and the IETF Trust's Legal</td><td> </td><td class="right"> This document is subject to BCP 78 and the IETF Trust's Legal</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> Provisions Relating to IETF Documents</td><td> </td><td class="right"> Provisions Relating to IETF Documents</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> (https://trustee.ietf.org/license-info) in effect on the date of</td><td> </td><td class="right"> (https://trustee.ietf.org/license-info) in effect on the date of</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> publication of this document. Please review these documents</td><td> </td><td class="right"> publication of this document. Please review these documents</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr id="part-3" class="change" ><td></td><th><small>skipping to change at</small><a href="#part-3"><em> page 2, line 26<span class="hide"> ¶</span></em></a></th><th> </th><th><small>skipping to change at</small><a href="#part-3"><em> page 2, line 26<span class="hide"> ¶</span></em></a></th><td></td></tr>
<tr><td class="lineno"></td><td class="left"> include Simplified BSD License text as described in Section 4.e of</td><td> </td><td class="right"> include Simplified BSD License text as described in Section 4.e of</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> the Trust Legal Provisions and are provided without warranty as</td><td> </td><td class="right"> the Trust Legal Provisions and are provided without warranty as</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> described in the Simplified BSD License.</td><td> </td><td class="right"> described in the Simplified BSD License.</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left">Table of Contents</td><td> </td><td class="right">Table of Contents</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3</td><td> </td><td class="right"> 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> 2. Terminology and Definitions . . . . . . . . . . . . . . . . . 5</td><td> </td><td class="right"> 2. Terminology and Definitions . . . . . . . . . . . . . . . . . 5</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> 2.1. Conventions Used in This Document . . . . . . . . . . . . 5</td><td> </td><td class="right"> 2.1. Conventions Used in This Document . . . . . . . . . . . . 5</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> 2.2. Public Suffix Domain (PSD) . . . . . . . . . . . . . . . 5</td><td> </td><td class="right"> 2.2. Public Suffix Domain (PSD) . . . . . . . . . . . . . . . 5</td><td class="lineno"></td></tr>
<tr id="diff0004"><td></td></tr>
<tr><td class="lineno"></td><td class="lblock"> 2.3. <span class="delete">Longest PSD</span> . . . . . . . . . . . . . . . . . . . . . . . <span class="delete">5</span></td><td> </td><td class="rblock"> 2.3. <span class="insert">Organizational Domain</span> . . . . . . . . . . . . . . . . . . <span class="insert">5</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> 2.4. Organizational Domain</span> . . . . . . . . . . . . . . . . . . <span class="delete">6</span></td><td> </td><td class="rblock"><span class="insert"> 2.4. Longest PSD</span> . . . . . . . . . . . . . . . . . . . . . . . <span class="insert">5</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> 2.5. Public Suffix Operator (PSO) . . . . . . . . . . . . . . 6</td><td> </td><td class="right"> 2.5. Public Suffix Operator (PSO) . . . . . . . . . . . . . . 6</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> 2.6. PSO Controlled Domain Names . . . . . . . . . . . . . . . 6</td><td> </td><td class="right"> 2.6. PSO Controlled Domain Names . . . . . . . . . . . . . . . 6</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> 2.7. Non-existent Domains . . . . . . . . . . . . . . . . . . 6</td><td> </td><td class="right"> 2.7. Non-existent Domains . . . . . . . . . . . . . . . . . . 6</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> 3. PSD DMARC Updates to DMARC Requirements . . . . . . . . . . . 6</td><td> </td><td class="right"> 3. PSD DMARC Updates to DMARC Requirements . . . . . . . . . . . 6</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> 3.1. General Updates . . . . . . . . . . . . . . . . . . . . . 6</td><td> </td><td class="right"> 3.1. General Updates . . . . . . . . . . . . . . . . . . . . . 6</td><td class="lineno"></td></tr>
<tr id="diff0005"><td></td></tr>
<tr><td class="lineno"></td><td class="lblock"> 3.2. Section 6.3 <span class="delete">General</span> Record <span class="delete">Format . . . . . . .</span> . . . . . 6</td><td> </td><td class="rblock"> 3.2. <span class="insert">Changes in</span> Section 6.3 <span class="insert">"General</span> Record <span class="insert">Format"</span> . . . . . 6</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"> 3.3. Section <span class="delete">6.5. Domain</span> Owner <span class="delete">Actions . . . . .</span> . . . . . . 7</td><td> </td><td class="rblock"> 3.3. <span class="insert">Changes in</span> Section <span class="insert">6.5 "Domain</span> Owner <span class="insert">Actions"</span> . . . . . . 7</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"> 3.4. Section <span class="delete">6.6.1. Extract</span> Author <span class="delete">Domain . . . . . .</span> . . . . 7</td><td> </td><td class="rblock"> 3.4. <span class="insert">Changes in</span> Section <span class="insert">6.6.1 "Extract</span> Author <span class="insert">Domain"</span> . . . . 7</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"> 3.5. Section <span class="delete">6.6.3. Policy Discovery . . . . .</span> . . . . . . . 7</td><td> </td><td class="rblock"> 3.5. <span class="insert">Changes in</span> Section <span class="insert">6.6.3 "Policy Discovery"</span> . . . . . . . 7</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"> 3.6. Section <span class="delete">7. DMARC Feedback . . . . .</span> . . . . . . . . . . 8</td><td> </td><td class="rblock"> 3.6. <span class="insert">Changes in</span> Section <span class="insert">7 "DMARC Feedback"</span> . . . . . . . . . . 8</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> 4. Privacy Considerations . . . . . . . . . . . . . . . . . . . 8</td><td> </td><td class="right"> 4. Privacy Considerations . . . . . . . . . . . . . . . . . . . 8</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> 4.1. Feedback leakage . . . . . . . . . . . . . . . . . . . . 8</td><td> </td><td class="right"> 4.1. Feedback leakage . . . . . . . . . . . . . . . . . . . . 8</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> 5. Security Considerations . . . . . . . . . . . . . . . . . . . 9</td><td> </td><td class="right"> 5. Security Considerations . . . . . . . . . . . . . . . . . . . 9</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9</td><td> </td><td class="right"> 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> 6.1. Subdomain Policy Tag . . . . . . . . . . . . . . . . . . 10</td><td> </td><td class="right"> 6.1. Subdomain Policy Tag . . . . . . . . . . . . . . . . . . 10</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 10</td><td> </td><td class="right"> 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 10</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> 7.1. Normative References . . . . . . . . . . . . . . . . . . 10</td><td> </td><td class="right"> 7.1. Normative References . . . . . . . . . . . . . . . . . . 10</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> 7.2. Informative References . . . . . . . . . . . . . . . . . 10</td><td> </td><td class="right"> 7.2. Informative References . . . . . . . . . . . . . . . . . 10</td><td class="lineno"></td></tr>
<tr id="diff0006"><td></td></tr>
<tr><td class="lineno"></td><td class="lblock"> Appendix A. <span class="delete">The Experiment . . . . . . . . . . . . . . . . . . . 11</span></td><td> </td><td class="rblock"> Appendix A. PSD DMARC Privacy Concern Mitigation <span class="insert">Experiment</span> . . <span class="insert">11</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> A.1.</span> PSD DMARC Privacy Concern Mitigation . . <span class="delete">. . . . . . . . 12</span></td><td> </td><td class="rblock"> Appendix B. DMARC PSD Registry Examples . . . . . . . . . . . . <span class="insert">12</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> A.2. Non-Existent Subdomain Policy . . . . . . . . . . . . . . 12</span></td><td> </td><td class="rblock"> B.1. DMARC PSD DNS Query Service . . . . . . . . . . . . . . . <span class="insert">12</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"> Appendix B. DMARC PSD Registry Examples . . . . . . . . . . . . <span class="delete">13</span></td><td> </td><td class="rblock"> B.2. DMARC Public Suffix Domain (PSD) Registry . . . . . . . . <span class="insert">12</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"> B.1. DMARC PSD DNS Query Service . . . . . . . . . . . . . . . <span class="delete">13</span></td><td> </td><td class="rblock"> B.3. DMARC PSD PSL Extension . . . . . . . . . . . . . . . . . <span class="insert">13</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"> B.2. DMARC Public Suffix Domain (PSD) Registry . . . . . . . . <span class="delete">13</span></td><td> </td><td class="rblock"> Appendix C. Implementations . . . . . . . . . . . . . . . . . . <span class="insert">13</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"> B.3. DMARC PSD PSL Extension . . . . . . . . . . . . . . . . . <span class="delete">14</span></td><td> </td><td class="rblock"> C.1. Authheaders Module . . . . . . . . . . . . . . . . . . . <span class="insert">13</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"> </td><td> </td><td class="rblock"> C.2. Zdkimfilter Module . . . . . . . . . . . . . . . . . . . <span class="insert">13</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"> Appendix C. Implementations . . . . . . . . . . . . . . . . . . <span class="delete">14</span></td><td> </td><td class="rblock"> Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . <span class="insert">13</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"> C.1. Authheaders Module . . . . . . . . . . . . . . . . . . . <span class="delete">14</span></td><td> </td><td class="rblock"> Author's Address . . . . . . . . . . . . . . . . . . . . . . . . <span class="insert">14</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"> C.2. Zdkimfilter Module . . . . . . . . . . . . . . . . . . . <span class="delete">14</span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"> Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . <span class="delete">14</span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"> Author's Address . . . . . . . . . . . . . . . . . . . . . . . . <span class="delete">15</span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left">1. Introduction</td><td> </td><td class="right">1. Introduction</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> DMARC [RFC7489] provides a mechanism for publishing organizational</td><td> </td><td class="right"> DMARC [RFC7489] provides a mechanism for publishing organizational</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> policy information to email receivers. DMARC allows policy to be</td><td> </td><td class="right"> policy information to email receivers. DMARC allows policy to be</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> specified for both individual domains and for organizational domains</td><td> </td><td class="right"> specified for both individual domains and for organizational domains</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> and their sub-domains within a single organization. DMARC leverages</td><td> </td><td class="right"> and their sub-domains within a single organization. DMARC leverages</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> public suffix lists to determine which domains are organizational</td><td> </td><td class="right"> public suffix lists to determine which domains are organizational</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> domains. It presumes that public suffix list listed domains are not</td><td> </td><td class="right"> domains. It presumes that public suffix list listed domains are not</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> organizational domains and not subject to DMARC processing; domains</td><td> </td><td class="right"> organizational domains and not subject to DMARC processing; domains</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr id="part-4" class="change" ><td></td><th><small>skipping to change at</small><a href="#part-4"><em> page 3, line 38<span class="hide"> ¶</span></em></a></th><th> </th><th><small>skipping to change at</small><a href="#part-4"><em> page 3, line 35<span class="hide"> ¶</span></em></a></th><td></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> As an example, imagine a country code TLD (ccTLD) which has public</td><td> </td><td class="right"> As an example, imagine a country code TLD (ccTLD) which has public</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> subdomains for government and commercial use (.gov.example and</td><td> </td><td class="right"> subdomains for government and commercial use (.gov.example and</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> .com.example). Suppose there exists a registered domain</td><td> </td><td class="right"> .com.example). Suppose there exists a registered domain</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> "tax.gov.example" that is responsible for taxation in this imagined</td><td> </td><td class="right"> "tax.gov.example" that is responsible for taxation in this imagined</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> country. However, by exploiting the typically unauthenticated nature</td><td> </td><td class="right"> country. However, by exploiting the typically unauthenticated nature</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> of email, there are regular malicious campaigns to impersonate this</td><td> </td><td class="right"> of email, there are regular malicious campaigns to impersonate this</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> organization that use similar-looking ("cousin") domains such as</td><td> </td><td class="right"> organization that use similar-looking ("cousin") domains such as</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> "t4x.gov.example". These domains are not registered. Within the</td><td> </td><td class="right"> "t4x.gov.example". These domains are not registered. Within the</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> ".gov.example" public suffix, use of DMARC has been mandated, so</td><td> </td><td class="right"> ".gov.example" public suffix, use of DMARC has been mandated, so</td><td class="lineno"></td></tr>
<tr id="diff0007"><td></td></tr>
<tr><td class="lineno"></td><td class="lblock"> "gov.example" publishes the following DMARC record:</td><td> </td><td class="rblock"> "gov.example" publishes the following DMARC <span class="insert">DNS</span> record:</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"> </td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"> <span class="delete">"v=DMARC1; p=reject; rua=mailto:[email protected]"</span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"></span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> at</span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr id="diff0008"><td></td></tr>
<tr><td class="lineno"></td><td class="lblock"> _dmarc.gov.example.</td><td> </td><td class="rblock"> _dmarc.gov.example. <span class="insert">IN TXT ( "v=DMARC1; p=reject; "</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> "rua=mailto:[email protected]" )</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> This DMARC record provides policy and a reporting destination for</td><td> </td><td class="right"> This DMARC record provides policy and a reporting destination for</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> mail sent from @gov.example. However, due to DMARC's current method</td><td> </td><td class="right"> mail sent from @gov.example. However, due to DMARC's current method</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> of discovering and applying policy at the organizational domain</td><td> </td><td class="right"> of discovering and applying policy at the organizational domain</td><td class="lineno"></td></tr>
<tr id="diff0009"><td></td></tr>
<tr><td class="lineno"></td><td class="lblock"> level, the non-existent organizational domain of @t<span class="delete">a</span>x.gov.example</td><td> </td><td class="rblock"> level, the non-existent organizational domain of @t<span class="insert">4</span>x.gov.example</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> does not and cannot fall under a DMARC policy.</td><td> </td><td class="right"> does not and cannot fall under a DMARC policy.</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> Defensively registering all variants of "tax" is obviously not a</td><td> </td><td class="right"> Defensively registering all variants of "tax" is obviously not a</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> scalable strategy. The intent of this specification, therefore, is</td><td> </td><td class="right"> scalable strategy. The intent of this specification, therefore, is</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> to enhance the DMARC algorithm by enabling an agent receiving such a</td><td> </td><td class="right"> to enhance the DMARC algorithm by enabling an agent receiving such a</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> message to be able to determine that a relevant policy is present at</td><td> </td><td class="right"> message to be able to determine that a relevant policy is present at</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> "gov.example", which is precluded by the current DMARC algorithm.</td><td> </td><td class="right"> "gov.example", which is precluded by the current DMARC algorithm.</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> This document provides a simple extension to DMARC [RFC7489] to allow</td><td> </td><td class="right"> This document provides a simple extension to DMARC [RFC7489] to allow</td><td class="lineno"></td></tr>
<tr id="diff0010"><td></td></tr>
<tr><td class="lineno"></td><td class="lblock"> operators of Public Suffix Domains (PSDs) <span class="delete">to express</span> policy at the</td><td> </td><td class="rblock"> operators of Public Suffix Domains (PSDs) <span class="insert">to:</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"> level of the PSD that covers all organizational domains that do not</td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"> explicitly publish DMARC <span class="delete">records, extends</span> the DMARC policy query</td><td> </td><td class="rblock"><span class="insert"> o Express</span> policy at the level of the PSD that covers all</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"> functionality to detect and process such a <span class="delete">policy, describes</span> receiver</td><td> </td><td class="rblock"> organizational domains that do not explicitly publish DMARC</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"> feedback for such <span class="delete">policies, and provides</span> controls to mitigate</td><td> </td><td class="rblock"> <span class="insert">records</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"> potential privacy considerations associated with this <span class="delete">extension.</span></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> o Extends</span> the DMARC policy query functionality to detect and process</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"></td><td> </td><td class="rblock"> such a <span class="insert">policy</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> o Describes</span> receiver feedback for such <span class="insert">policies</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> o Provides</span> controls to mitigate potential privacy considerations</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"></td><td> </td><td class="rblock"> associated with this <span class="insert">extension</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> This document also provides a new DMARC [RFC7489] tag to indicate</td><td> </td><td class="right"> This document also provides a new DMARC [RFC7489] tag to indicate</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> requested handling policy for non-existent subdommains. This is</td><td> </td><td class="right"> requested handling policy for non-existent subdommains. This is</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> provided specifically to support phased deployment of PSD DMARC, but</td><td> </td><td class="right"> provided specifically to support phased deployment of PSD DMARC, but</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> is expected to be useful more generally. Undesired rejection risks</td><td> </td><td class="right"> is expected to be useful more generally. Undesired rejection risks</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> for mail purporting to be from domains that do not exist are</td><td> </td><td class="right"> for mail purporting to be from domains that do not exist are</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> substantially lower than for those that do, so the operational risk</td><td> </td><td class="right"> substantially lower than for those that do, so the operational risk</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> of requesting harsh policy treatment (e.g. reject) is lower.</td><td> </td><td class="right"> of requesting harsh policy treatment (e.g. reject) is lower.</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> As an additional benefit, the PSD DMARC extension clarifies existing</td><td> </td><td class="right"> As an additional benefit, the PSD DMARC extension clarifies existing</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr id="part-5" class="change" ><td></td><th><small>skipping to change at</small><a href="#part-5"><em> page 5, line 30<span class="hide"> ¶</span></em></a></th><th> </th><th><small>skipping to change at</small><a href="#part-5"><em> page 5, line 30<span class="hide"> ¶</span></em></a></th><td></td></tr>
<tr><td class="lineno"></td><td class="left"> "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and</td><td> </td><td class="right"> "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> "OPTIONAL" in this document are to be interpreted as described in</td><td> </td><td class="right"> "OPTIONAL" in this document are to be interpreted as described in</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all</td><td> </td><td class="right"> BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> capitals, as shown here.</td><td> </td><td class="right"> capitals, as shown here.</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left">2.2. Public Suffix Domain (PSD)</td><td> </td><td class="right">2.2. Public Suffix Domain (PSD)</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> The global Internet Domain Name System (DNS) is documented in</td><td> </td><td class="right"> The global Internet Domain Name System (DNS) is documented in</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> numerous Requests for Comment (RFC). It defines a tree of names</td><td> </td><td class="right"> numerous Requests for Comment (RFC). It defines a tree of names</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> starting with root, ".", immediately below which are Top Level Domain</td><td> </td><td class="right"> starting with root, ".", immediately below which are Top Level Domain</td><td class="lineno"></td></tr>
<tr id="diff0011"><td></td></tr>
<tr><td class="lineno"></td><td class="lblock"> names such as ".com" and ".us". <span class="delete">They are not available for private</span></td><td> </td><td class="rblock"> names such as ".com" and ".us". The domain name structure consists</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> registration. In many cases the public portion of the DNS tree is</span></td><td> </td><td class="rblock"> of a tree of names, each of which is made of a sequence of words</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> more than one level deep.</span> The domain name structure consists of a</td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"> tree of names, each of which is made of a sequence of words</td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> ("labels") separated by period characters. The root of the tree is</td><td> </td><td class="right"> ("labels") separated by period characters. The root of the tree is</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> simply called ".". The Internet community at large, through</td><td> </td><td class="right"> simply called ".". The Internet community at large, through</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> processes and policies external to this work, selects points in this</td><td> </td><td class="right"> processes and policies external to this work, selects points in this</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> tree at which to register domain names "owned" by independent</td><td> </td><td class="right"> tree at which to register domain names "owned" by independent</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> organizations. Real-world examples are ".com", ".org", ".us", and</td><td> </td><td class="right"> organizations. Real-world examples are ".com", ".org", ".us", and</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> ".gov.uk". Names at which such registrations occur are called Public</td><td> </td><td class="right"> ".gov.uk". Names at which such registrations occur are called Public</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> Suffix Domains (PSDs), and a registration consists of a label</td><td> </td><td class="right"> Suffix Domains (PSDs), and a registration consists of a label</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> selected by the registrant to which a desirable PSD is appended. For</td><td> </td><td class="right"> selected by the registrant to which a desirable PSD is appended. For</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> example, "ietf.org" is a registered domain name, and ".org" is its</td><td> </td><td class="right"> example, "ietf.org" is a registered domain name, and ".org" is its</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> PSD.</td><td> </td><td class="right"> PSD.</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr id="diff0012"><td></td></tr>
<tr><td class="lineno"></td><td class="lblock">2.3. <span class="delete">Longest PSD</span></td><td> </td><td class="rblock">2.3. Organizational Domain</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"></span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> The longest PSD is the Organizational Domain with one label removed.</span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"></span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete">2.4.</span> Organizational Domain</td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> The term Organizational Domains is defined in DMARC [RFC7489]</td><td> </td><td class="right"> The term Organizational Domains is defined in DMARC [RFC7489]</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> Section 3.2.</td><td> </td><td class="right"> Section 3.2.</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr id="diff0013"><td></td></tr>
<tr><td class="lineno"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">2.4. Longest PSD</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> The longest PSD is the Organizational Domain with one label removed.</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"></td><td> </td><td class="rblock"> </td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left">2.5. Public Suffix Operator (PSO)</td><td> </td><td class="right">2.5. Public Suffix Operator (PSO)</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr id="diff0014"><td></td></tr>
<tr><td class="lineno"></td><td class="lblock"> A Public Suffix Operator manages operations within <span class="delete">its PSD.</span></td><td> </td><td class="rblock"> A Public Suffix Operator <span class="insert">is an organization which</span> manages operations</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"></td><td> </td><td class="rblock"> within <span class="insert">a PSD, particularly the DNS records published for names at and</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> under that domain name.</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left">2.6. PSO Controlled Domain Names</td><td> </td><td class="right">2.6. PSO Controlled Domain Names</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> PSO Controlled Domain Names are names in the DNS that are managed by</td><td> </td><td class="right"> PSO Controlled Domain Names are names in the DNS that are managed by</td><td class="lineno"></td></tr>
<tr id="diff0015"><td></td></tr>
<tr><td class="lineno"></td><td class="lblock"> a PSO and are not available for use as Organizational Domains.</td><td> </td><td class="rblock"> a PSO and are not available for use as Organizational Domains. <span class="insert">PSO</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"> <span class="delete">Depending on PSD policy, these will</span> have one (e.g., ".com") or more</td><td> </td><td class="rblock"><span class="insert"> Controlled Domain Names may</span> have one (e.g., ".com") or more (e.g.,</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"> (e.g., ".co.uk") name <span class="delete">components.</span></td><td> </td><td class="rblock"> ".co.uk") name <span class="insert">components, depending on PSD policy.</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left">2.7. Non-existent Domains</td><td> </td><td class="right">2.7. Non-existent Domains</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> For DMARC purposes, a non-existent domain is a domain for which there</td><td> </td><td class="right"> For DMARC purposes, a non-existent domain is a domain for which there</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> is an NXDOMAIN or NODATA response for A, AAAA, and MX records. This</td><td> </td><td class="right"> is an NXDOMAIN or NODATA response for A, AAAA, and MX records. This</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> is a broader definition than that in NXDOMAIN [RFC8020].</td><td> </td><td class="right"> is a broader definition than that in NXDOMAIN [RFC8020].</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left">3. PSD DMARC Updates to DMARC Requirements</td><td> </td><td class="right">3. PSD DMARC Updates to DMARC Requirements</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> This document updates DMARC [RFC7489] as follows:</td><td> </td><td class="right"> This document updates DMARC [RFC7489] as follows:</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left">3.1. General Updates</td><td> </td><td class="right">3.1. General Updates</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> References to "Domain Owners" also apply to PSOs.</td><td> </td><td class="right"> References to "Domain Owners" also apply to PSOs.</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr id="diff0016"><td></td></tr>
<tr><td class="lineno"></td><td class="lblock">3.2. <span class="delete">Section 6.3 General Record Format</span></td><td> </td><td class="rblock">3.2. <span class="insert">Changes in Section 6.3 "General Record Format"</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> A new tag is added after "fo":</td><td> </td><td class="right"> A new tag is added after "fo":</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> np: Requested Mail Receiver policy for non-existent subdomains</td><td> </td><td class="right"> np: Requested Mail Receiver policy for non-existent subdomains</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> (plain-text; OPTIONAL). Indicates the policy to be enacted by the</td><td> </td><td class="right"> (plain-text; OPTIONAL). Indicates the policy to be enacted by the</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> Receiver at the request of the Domain Owner. It applies only to</td><td> </td><td class="right"> Receiver at the request of the Domain Owner. It applies only to</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> non-existent subdomains of the domain queried and not to either</td><td> </td><td class="right"> non-existent subdomains of the domain queried and not to either</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> existing subdomains or the domain itself. Its syntax is identical</td><td> </td><td class="right"> existing subdomains or the domain itself. Its syntax is identical</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> to that of the "p" tag defined below. If the 'np' tag is absent,</td><td> </td><td class="right"> to that of the "p" tag defined below. If the 'np' tag is absent,</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> the policy specified by the "sp" tag (if the 'sp' tag is present)</td><td> </td><td class="right"> the policy specified by the "sp" tag (if the 'sp' tag is present)</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr id="part-6" class="change" ><td></td><th><small>skipping to change at</small><a href="#part-6"><em> page 7, line 19<span class="hide"> ¶</span></em></a></th><th> </th><th><small>skipping to change at</small><a href="#part-6"><em> page 7, line 17<span class="hide"> ¶</span></em></a></th><td></td></tr>
<tr><td class="lineno"></td><td class="left"> the "sp" tag' is updated to read 'Policy applies to the domain</td><td> </td><td class="right"> the "sp" tag' is updated to read 'Policy applies to the domain</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> queried and to subdomains, unless subdomain policy is explicitly</td><td> </td><td class="right"> queried and to subdomains, unless subdomain policy is explicitly</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> described using the "sp" or "np" tags.'</td><td> </td><td class="right"> described using the "sp" or "np" tags.'</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> sp: The sentence 'If absent, the policy specified by the "p" tag</td><td> </td><td class="right"> sp: The sentence 'If absent, the policy specified by the "p" tag</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> MUST be applied for subdomains' is updated to read 'If both the</td><td> </td><td class="right"> MUST be applied for subdomains' is updated to read 'If both the</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> 'sp' tag is absent and the 'np' tag is either absent or not</td><td> </td><td class="right"> 'sp' tag is absent and the 'np' tag is either absent or not</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> applicable, the policy specified by the "p" tag MUST be applied</td><td> </td><td class="right"> applicable, the policy specified by the "p" tag MUST be applied</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> for subdomains.</td><td> </td><td class="right"> for subdomains.</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr id="diff0017"><td></td></tr>
<tr><td class="lineno"></td><td class="lblock">3.3. <span class="delete">Section 6.5. Domain Owner Actions</span></td><td> </td><td class="rblock">3.3. <span class="insert">Changes in Section 6.5 "Domain Owner Actions"</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> In addition to the DMARC domain owner actions, PSOs that require use</td><td> </td><td class="right"> In addition to the DMARC domain owner actions, PSOs that require use</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> of DMARC and participate in PSD DMARC ought to make that information</td><td> </td><td class="right"> of DMARC and participate in PSD DMARC ought to make that information</td><td class="lineno"></td></tr>
<tr id="diff0018"><td></td></tr>
<tr><td class="lineno"></td><td class="lblock"> available to receivers. <span class="delete">The</span> mechanism for doing <span class="delete">so is one of the</span></td><td> </td><td class="rblock"> available to receivers. <span class="insert">This document is an experimental</span> mechanism</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> experimental elements of this document.</span> See the experiment</td><td> </td><td class="rblock"> for doing <span class="insert">so.</span> See the <span class="insert">[this document]</span> experiment description</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"> description (Appendix A).</td><td> </td><td class="rblock"> (Appendix A).</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr id="diff0019"><td></td></tr>
<tr><td class="lineno"></td><td class="lblock">3.4. <span class="delete">Section 6.6.1. Extract Author Domain</span></td><td> </td><td class="rblock">3.4. <span class="insert">Changes in Section 6.6.1 "Extract Author Domain"</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> Experience with DMARC has shown that some implementations short-</td><td> </td><td class="right"> Experience with DMARC has shown that some implementations short-</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> circuit messages, bypassing DMARC policy application, when the domain</td><td> </td><td class="right"> circuit messages, bypassing DMARC policy application, when the domain</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> name extracted by the receiver (from the RFC5322.From) is on the</td><td> </td><td class="right"> name extracted by the receiver (from the RFC5322.From) is on the</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> public suffix list used by the receiver. This negates the capability</td><td> </td><td class="right"> public suffix list used by the receiver. This negates the capability</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> being created by this specification. Therefore, the following</td><td> </td><td class="right"> being created by this specification. Therefore, the following</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> paragraph is appended to Section 6.6.1 of DMARC [RFC7489]:</td><td> </td><td class="right"> paragraph is appended to Section 6.6.1 of DMARC [RFC7489]:</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> Note that domain names that appear on a public suffix list are not</td><td> </td><td class="right"> Note that domain names that appear on a public suffix list are not</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> exempt from DMARC policy application and reporting.</td><td> </td><td class="right"> exempt from DMARC policy application and reporting.</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr id="diff0020"><td></td></tr>
<tr><td class="lineno"></td><td class="lblock">3.5. <span class="delete">Section 6.6.3. Policy Discovery</span></td><td> </td><td class="rblock">3.5. <span class="insert">Changes in Section 6.6.3 "Policy Discovery"</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> A new step between step 3 and 4 is added:</td><td> </td><td class="right"> A new step between step 3 and 4 is added:</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr id="diff0021"><td></td></tr>
<tr><td class="lineno"></td><td class="lblock"> 3A. If the set is now empty and the longest PSD (Section 2.<span class="delete">3</span>) of the</td><td> </td><td class="rblock"> 3A. If the set is now empty and the longest PSD (Section 2.<span class="insert">4</span>) of the</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> Organizational Domain is one that the receiver has determined is</td><td> </td><td class="right"> Organizational Domain is one that the receiver has determined is</td><td class="lineno"></td></tr>
<tr id="diff0022"><td></td></tr>
<tr><td class="lineno"></td><td class="lblock"> acceptable for PSD DMARC (discussed in the experiment description</td><td> </td><td class="rblock"> acceptable for PSD DMARC (discussed in the <span class="insert">[this document]</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"> (Appendix A)), the Mail Receiver MUST query the DNS for a DMARC</td><td> </td><td class="rblock"> experiment description (Appendix A)), the Mail Receiver MUST query</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"> TXT record at the DNS domain matching the longest PSD</td><td> </td><td class="rblock"> the DNS for a DMARC TXT record at the DNS domain matching the</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"> (Section <span class="delete">2.3)</span> in place of the RFC5322.From domain in the message</td><td> </td><td class="rblock"> <span class="insert">[this document]</span> longest PSD (Section <span class="insert">2.4)</span> in place of the</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"> (if different). A possibly empty set of records is returned.</td><td> </td><td class="rblock"> RFC5322.From domain in the message (if different). A possibly</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"></td><td> </td><td class="rblock"> empty set of records is returned.</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> As an example, for a message with the Organizational Domain of</td><td> </td><td class="right"> As an example, for a message with the Organizational Domain of</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> "example.compute.cloudcompany.com.example", the query for PSD DMARC</td><td> </td><td class="right"> "example.compute.cloudcompany.com.example", the query for PSD DMARC</td><td class="lineno"></td></tr>
<tr id="diff0023"><td></td></tr>
<tr><td class="lineno"></td><td class="lblock"> would use "compute.cloudcompany.com.example" as the longest PSD</td><td> </td><td class="rblock"> would use "compute.cloudcompany.com.example" as the <span class="insert">[this document]</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"> (Section <span class="delete">2.3).</span> The receiver would check to see if that PSD is listed</td><td> </td><td class="rblock"> longest PSD (Section <span class="insert">2.4).</span> The receiver would check to see if that</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"> in the DMARC PSD Registry, and if so, perform the policy lookup at</td><td> </td><td class="rblock"> PSD is listed in the DMARC PSD Registry, and if so, perform the</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"> "_dmarc.compute.cloudcompany.com.example".</td><td> </td><td class="rblock"> policy lookup at "_dmarc.compute.cloudcompany.com.example".</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> Note: Because the PSD policy query comes after the Organizational</td><td> </td><td class="right"> Note: Because the PSD policy query comes after the Organizational</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> Domain policy query, PSD policy is not used for Organizational</td><td> </td><td class="right"> Domain policy query, PSD policy is not used for Organizational</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> domains that have published a DMARC policy. Specifically, this is</td><td> </td><td class="right"> domains that have published a DMARC policy. Specifically, this is</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> not a mechanism to provide feedback addresses (RUA/RUF) when an</td><td> </td><td class="right"> not a mechanism to provide feedback addresses (RUA/RUF) when an</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> Organizational Domain has declined to do so.</td><td> </td><td class="right"> Organizational Domain has declined to do so.</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr id="diff0024"><td></td></tr>
<tr><td class="lineno"></td><td class="lblock">3.6. <span class="delete">Section 7. DMARC Feedback</span></td><td> </td><td class="rblock">3.6. <span class="insert">Changes in Section 7 "DMARC Feedback"</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> Operational note for PSD DMARC: For PSOs, feedback for non-existent</td><td> </td><td class="right"> Operational note for PSD DMARC: For PSOs, feedback for non-existent</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> domains is desirable and useful, just as it is for org-level DMARC</td><td> </td><td class="right"> domains is desirable and useful, just as it is for org-level DMARC</td><td class="lineno"></td></tr>
<tr id="diff0025"><td></td></tr>
<tr><td class="lineno"></td><td class="lblock"> operators. See Section 4 of <span class="delete">this document</span> for discussion of Privacy</td><td> </td><td class="rblock"> operators. See Section 4 of <span class="insert">[this document]</span> for discussion of</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"> <span class="delete">Considerations.</span></td><td> </td><td class="rblock"> Privacy <span class="insert">Considerations for PSD DMARC.</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left">4. Privacy Considerations</td><td> </td><td class="right">4. Privacy Considerations</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> These privacy considerations are developed based on the requirements</td><td> </td><td class="right"> These privacy considerations are developed based on the requirements</td><td class="lineno"></td></tr>
<tr id="diff0026"><td></td></tr>
<tr><td class="lineno"></td><td class="lblock"> of [RFC6973]. <span class="delete">The</span> Privacy Considerations of [RFC7489] apply to this</td><td> </td><td class="rblock"> of [RFC6973]. <span class="insert">Additionally, the</span> Privacy Considerations of [RFC7489]</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"> document.</td><td> </td><td class="rblock"> apply to <span class="insert">the mechanisms described by</span> this document.</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left">4.1. Feedback leakage</td><td> </td><td class="right">4.1. Feedback leakage</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr id="diff0027"><td></td></tr>
<tr><td class="lineno"></td><td class="lblock"> Providing feedback reporting to PSOs can, in some cases, <span class="delete">create</span></td><td> </td><td class="rblock"> Providing feedback reporting to PSOs can, in some cases, <span class="insert">cause</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> leakage of</span> information <span class="delete">outside</span> of an organization to the PSO. This</td><td> </td><td class="rblock"> information <span class="insert">to leak out</span> of an organization to the PSO. This leakage</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"> leakage could potentially be utilized as part of a program of</td><td> </td><td class="rblock"> could potentially be utilized as part of a program of pervasive</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"> pervasive surveillance (See [RFC7624]). There are roughly three</td><td> </td><td class="rblock"> surveillance (See [RFC7624]). There are roughly three cases to</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"> cases to consider:</td><td> </td><td class="rblock"> consider:</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> o Single Organization PSDs (e.g., ".google"), RUA and RUF reports</td><td> </td><td class="right"> o Single Organization PSDs (e.g., ".google"), RUA and RUF reports</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> based on PSD DMARC have the potential to contain information about</td><td> </td><td class="right"> based on PSD DMARC have the potential to contain information about</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> emails related to entities managed by the organization. Since</td><td> </td><td class="right"> emails related to entities managed by the organization. Since</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> both the PSO and the Organizational Domain owners are common,</td><td> </td><td class="right"> both the PSO and the Organizational Domain owners are common,</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> there is no additional privacy risk for either normal or non-</td><td> </td><td class="right"> there is no additional privacy risk for either normal or non-</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> existent Domain reporting due to PSD DMARC.</td><td> </td><td class="right"> existent Domain reporting due to PSD DMARC.</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> o Multi-organization PSDs that require DMARC usage (e.g., ".bank"):</td><td> </td><td class="right"> o Multi-organization PSDs that require DMARC usage (e.g., ".bank"):</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> PSD DMARC based reports will only be generated for domains that do</td><td> </td><td class="right"> PSD DMARC based reports will only be generated for domains that do</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr id="part-7" class="change" ><td></td><th><small>skipping to change at</small><a href="#part-7"><em> page 9, line 20<span class="hide"> ¶</span></em></a></th><th> </th><th><small>skipping to change at</small><a href="#part-7"><em> page 9, line 20<span class="hide"> ¶</span></em></a></th><td></td></tr>
<tr><td class="lineno"></td><td class="left"> Organizational Domain level) vice opt-in, which would be the more</td><td> </td><td class="right"> Organizational Domain level) vice opt-in, which would be the more</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> desirable characteristic. This means that any non-DMARC</td><td> </td><td class="right"> desirable characteristic. This means that any non-DMARC</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> organizational domain would have its feedback reports redirected</td><td> </td><td class="right"> organizational domain would have its feedback reports redirected</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> to the PSO. The content of such reports, particularly for</td><td> </td><td class="right"> to the PSO. The content of such reports, particularly for</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> existing domains, is privacy sensitive.</td><td> </td><td class="right"> existing domains, is privacy sensitive.</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> PSOs will receive feedback on non-existent domains, which may be</td><td> </td><td class="right"> PSOs will receive feedback on non-existent domains, which may be</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> similar to existing Organizational Domains. Feedback related to such</td><td> </td><td class="right"> similar to existing Organizational Domains. Feedback related to such</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> cousin domains have a small risk of carrying information related to</td><td> </td><td class="right"> cousin domains have a small risk of carrying information related to</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> an actual Organizational Domain. To minimize this potential concern,</td><td> </td><td class="right"> an actual Organizational Domain. To minimize this potential concern,</td><td class="lineno"></td></tr>
<tr id="diff0028"><td></td></tr>
<tr><td class="lineno"></td><td class="lblock"> PSD DMARC feedback <span class="delete">is best</span> limited to Aggregate Reports. Feedback</td><td> </td><td class="rblock"> PSD DMARC feedback <span class="insert">MUST be</span> limited to Aggregate Reports. Feedback</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> Reports carry more detailed information and present a greater risk.</td><td> </td><td class="right"> Reports carry more detailed information and present a greater risk.</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> Due to the inherent Privacy and Security risks associated with PSD</td><td> </td><td class="right"> Due to the inherent Privacy and Security risks associated with PSD</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> DMARC for Organizational Domains in multi-organization PSDs that do</td><td> </td><td class="right"> DMARC for Organizational Domains in multi-organization PSDs that do</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> not particpate in DMARC, any Feedback Reporting related to multi-</td><td> </td><td class="right"> not particpate in DMARC, any Feedback Reporting related to multi-</td><td class="lineno"></td></tr>
<tr id="diff0029"><td></td></tr>
<tr><td class="lineno"></td><td class="lblock"> organizational PSDs <span class="delete">ought to</span> be limited to non-existent domains</td><td> </td><td class="rblock"> organizational PSDs <span class="insert">MUST</span> be limited to non-existent domains except in</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"> except in cases where the reporter knows that PSO requires use of</td><td> </td><td class="rblock"> cases where the reporter knows that PSO requires use of DMARC.</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"> DMARC.</td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left">5. Security Considerations</td><td> </td><td class="right">5. Security Considerations</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> This document does not change the Security Considerations of</td><td> </td><td class="right"> This document does not change the Security Considerations of</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> [RFC7489] and [RFC7960].</td><td> </td><td class="right"> [RFC7489] and [RFC7960].</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> The risks of the issues identified in [RFC7489], Section 12.3, DNS</td><td> </td><td class="right"> The risks of the issues identified in [RFC7489], Section 12.3, DNS</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> Security, are amplified by PSD DMARC. In particular, DNS cache</td><td> </td><td class="right"> Security, are amplified by PSD DMARC. In particular, DNS cache</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> poisoning (or Name Chaining), see [RFC3833] for details, consequences</td><td> </td><td class="right"> poisoning (or Name Chaining), see [RFC3833] for details, consequences</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> are increased because a successful attack would potentially have a</td><td> </td><td class="right"> are increased because a successful attack would potentially have a</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr id="part-8" class="change" ><td></td><th><small>skipping to change at</small><a href="#part-8"><em> page 10, line 44<span class="hide"> ¶</span></em></a></th><th> </th><th><small>skipping to change at</small><a href="#part-8"><em> page 10, line 44<span class="hide"> ¶</span></em></a></th><td></td></tr>
<tr><td class="lineno"></td><td class="left"> [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC</td><td> </td><td class="right"> [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,</td><td> </td><td class="right"> 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> May 2017, <https://www.rfc-editor.org/info/rfc8174>.</td><td> </td><td class="right"> May 2017, <https://www.rfc-editor.org/info/rfc8174>.</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left">7.2. Informative References</td><td> </td><td class="right">7.2. Informative References</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> [psddmarc.org]</td><td> </td><td class="right"> [psddmarc.org]</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> multiple, "PSD DMARC Web Site", April 2019,</td><td> </td><td class="right"> multiple, "PSD DMARC Web Site", April 2019,</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> <https://psddmarc.org/>.</td><td> </td><td class="right"> <https://psddmarc.org/>.</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr id="diff0030"><td></td></tr>
<tr><td class="lineno"></td><td class="lblock"> <span class="delete">[PSL] multiple, "Public Suffix List", April 2019,</span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> <https://publicsuffix.org/>.</span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"> </td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> [RFC3833] Atkins, D. and R. Austein, "Threat Analysis of the Domain</td><td> </td><td class="right"> [RFC3833] Atkins, D. and R. Austein, "Threat Analysis of the Domain</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> Name System (DNS)", RFC 3833, DOI 10.17487/RFC3833, August</td><td> </td><td class="right"> Name System (DNS)", RFC 3833, DOI 10.17487/RFC3833, August</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> 2004, <https://www.rfc-editor.org/info/rfc3833>.</td><td> </td><td class="right"> 2004, <https://www.rfc-editor.org/info/rfc3833>.</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an</td><td> </td><td class="right"> [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> IANA Considerations Section in RFCs", RFC 5226,</td><td> </td><td class="right"> IANA Considerations Section in RFCs", RFC 5226,</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> DOI 10.17487/RFC5226, May 2008,</td><td> </td><td class="right"> DOI 10.17487/RFC5226, May 2008,</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> <https://www.rfc-editor.org/info/rfc5226>.</td><td> </td><td class="right"> <https://www.rfc-editor.org/info/rfc5226>.</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> [RFC5598] Crocker, D., "Internet Mail Architecture", RFC 5598,</td><td> </td><td class="right"> [RFC5598] Crocker, D., "Internet Mail Architecture", RFC 5598,</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr id="part-9" class="change" ><td></td><th><small>skipping to change at</small><a href="#part-9"><em> page 11, line 38<span class="hide"> ¶</span></em></a></th><th> </th><th><small>skipping to change at</small><a href="#part-9"><em> page 11, line 33<span class="hide"> ¶</span></em></a></th><td></td></tr>
<tr><td class="lineno"></td><td class="left"> E., Ed., and K. Andersen, Ed., "Interoperability Issues</td><td> </td><td class="right"> E., Ed., and K. Andersen, Ed., "Interoperability Issues</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> between Domain-based Message Authentication, Reporting,</td><td> </td><td class="right"> between Domain-based Message Authentication, Reporting,</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> and Conformance (DMARC) and Indirect Email Flows",</td><td> </td><td class="right"> and Conformance (DMARC) and Indirect Email Flows",</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> RFC 7960, DOI 10.17487/RFC7960, September 2016,</td><td> </td><td class="right"> RFC 7960, DOI 10.17487/RFC7960, September 2016,</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> <https://www.rfc-editor.org/info/rfc7960>.</td><td> </td><td class="right"> <https://www.rfc-editor.org/info/rfc7960>.</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> [RFC8020] Bortzmeyer, S. and S. Huque, "NXDOMAIN: There Really Is</td><td> </td><td class="right"> [RFC8020] Bortzmeyer, S. and S. Huque, "NXDOMAIN: There Really Is</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> Nothing Underneath", RFC 8020, DOI 10.17487/RFC8020,</td><td> </td><td class="right"> Nothing Underneath", RFC 8020, DOI 10.17487/RFC8020,</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> November 2016, <https://www.rfc-editor.org/info/rfc8020>.</td><td> </td><td class="right"> November 2016, <https://www.rfc-editor.org/info/rfc8020>.</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr id="diff0031"><td></td></tr>
<tr><td class="lineno"></td><td class="lblock">Appendix A. <span class="delete">The Experiment</span></td><td> </td><td class="rblock">Appendix A. PSD DMARC Privacy Concern Mitigation <span class="insert">Experiment</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"></span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> There are two experimental questions addressed in this document: one</span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> regarding mitigation of PSD related privacy concerns and the other on</span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> the utility of specifying separate DMARC policies for non-existent</span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> sub-domains.</span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"></span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> Aditionally, as of the writing of this document operational and</span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> policy constraints prevent this experiment from being deployed</span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> globally. If the experiment shows that PSD DMARC solves a real</span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> problem and can be used at a large scale, the results could prove to</span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> be useful in removing constraints outside of the IETF that would</span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> permit broader deployment.</span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"></span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete">A.1.</span> PSD DMARC Privacy Concern Mitigation</td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"> </td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"> <span class="delete">To mitigate the privacy concerns associated with Multi-organization</span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> PSDs that do not mandate DMARC usage, see Section 4.1, a mechanism to</span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> indicate which PSDs do not present this privacy risk is appropriate.</span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> There are multiple approaches that are possible.</span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"></span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> The experiment is to evaluate different possible approaches. The</span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> experiment will be complete when there is rough consensus on a</span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> technical approach that is demonstrated to be operationally usable</span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> and effective at mitigating the privacy concern.</span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"></span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> The mechanism needs the following attributes:</span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"></span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> o Be reliably, publicly accessible</span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"></span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> o Be under configuration control based on a public set of criteria</span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"></span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> o List PSDs that either mandate DMARC for their registrants or for</span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> which all lower level domains are controlled by the PSO and that</span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> the relevant PSO has indicated a desire for the PSD to participate</span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> in PSD DMARC</span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"></span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> o Have a small operational footprint (e.g. provide a documented,</span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> lightweight mechanism for developers and operators to retrieve the</span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> list of PSD DMARC participants)</span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"></span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> o Not allow PSO to add PSDs to the PSD DMARC participants list</span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> without third party review</span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"></span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> As of this writing, three approaches have been proposed. None of</span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> them are ideal:</span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"></span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> o An extension to the Public Suffix List at [PSL]</span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"></span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> o A dedicated registry queried via DNS - an example of such a</span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> service is described in Appendix B.1 below</span></td><td> </td><td class="rblock"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr id="diff0032"><td></td></tr>
<tr><td class="lineno"></td><td class="lblock"> <span class="delete">o An IANA registry</span></td><td> </td><td class="rblock"> <span class="insert">The experiment being performed has three different questions which</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> are looking to be addressed in this document.</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr id="diff0033"><td></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete">A.2. Non-Existent Subdomain Policy</span></td><td> </td><td class="rblock"> <span class="insert">o Section 3.2 modifies policy discovery to add an additional DNS</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> lookup. To determine if this lookup is useful, PSDs will add</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> additional DMARC records in place, and will analyze the DMARC</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> reports. Success will be determined if a consensus of PSDs that</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> publish DMARC records are able to collect useful data.</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr id="diff0034"><td></td></tr>
<tr><td class="lineno"></td><td class="lblock"> PSOs <span class="delete">that plan</span> to <span class="delete">implement PSD DMARC have indicated that the ability</span></td><td> </td><td class="rblock"> <span class="insert">o Section 3.2 adds the "np" tag for non-existent subdomains (DNS</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"> to <span class="delete">describe distinct policies for existing</span> and <span class="delete">non- existing sub-</span></td><td> </td><td class="rblock"><span class="insert"> NXDOMAIN).</span> PSOs <span class="insert">wishing</span> to <span class="insert">test this will add this flag</span> to <span class="insert">their</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> domains would facilitate PSD</span> DMARC deployment. <span class="delete">There are also</span></td><td> </td><td class="rblock"><span class="insert"> DMARC record,</span> and <span class="insert">will analyze</span> DMARC <span class="insert">reports for</span> deployment.</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> suggestions that it would</span> be <span class="delete">more generally useful for DMARC.</span></td><td> </td><td class="rblock"> <span class="insert">Success will</span> be <span class="insert">determined if organizations find explicitly</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> blocking non-existent subdomains domains desirable and provide</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> added value.</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr id="diff0035"><td></td></tr>
<tr><td class="lineno"></td><td class="lblock"> <span class="delete">During the period of the experiment, uptake of the new 'np' tag will</span></td><td> </td><td class="rblock"> <span class="insert">o Section 4.1 discusses three cases where providing feedback could</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> be evaluated</span> to <span class="delete">support assessment</span> of the <span class="delete">utility of including 'np'</span></td><td> </td><td class="rblock"><span class="insert"> cause information</span> to <span class="insert">leak out</span> of <span class="insert">an organization. This experiment</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"><span class="delete"> in a future, non-experimental update.</span></td><td> </td><td class="rblock"><span class="insert"> will analyze</span> the <span class="insert">feedback reports generated for each case to</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> determine if there is information leakage.</span></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left">Appendix B. DMARC PSD Registry Examples</td><td> </td><td class="right">Appendix B. DMARC PSD Registry Examples</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> To facilitate experimentation around data leakage mitigation, samples</td><td> </td><td class="right"> To facilitate experimentation around data leakage mitigation, samples</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> of the DNS based and IANA like registries are available at</td><td> </td><td class="right"> of the DNS based and IANA like registries are available at</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> [psddmarc.org].</td><td> </td><td class="right"> [psddmarc.org].</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left">B.1. DMARC PSD DNS Query Service</td><td> </td><td class="right">B.1. DMARC PSD DNS Query Service</td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr><td class="lineno"></td><td class="left"> A sample stand-alone DNS query service is available at</td><td> </td><td class="right"> A sample stand-alone DNS query service is available at</td><td class="lineno"></td></tr>
<tr><td></td><td class="left"></td><td> </td><td class="right"></td><td></td></tr>
<tr id="end" bgcolor="gray"><th colspan="5" align="center"> End of changes. 35 change blocks. </th></tr>
<tr class="stats"><td></td><th><i>144 lines changed or deleted</i></th><th><i> </i></th><th><i>100 lines changed or added</i></th><td></td></tr>
<tr><td colspan="5" align="center" class="small"><br/>This html diff was produced by rfcdiff 1.46. The latest version is available from <a href="http://www.tools.ietf.org/tools/rfcdiff/" >http://tools.ietf.org/tools/rfcdiff/</a> </td></tr>
</table>
</body>
</html>