NOTE: <<< This activity is not yet chartered by the IETF. >>> DRAFT CHARTER Compatible Low-overhead Email Authentication and Responsibility (CLEAR) CHAIR(S): APPLICATION AREA DIRECTORS: AREA ADVISOR: MAILING LISTS: DESCRIPTION OF WORKING GROUP The Internet increasingly needs to improve the accountability of mail transfer activities. Accountability aids in determining the responsible party for fixing problems, and is useful in dealing with some categories of email identity abuse. SMTP "envelope" accountability identities are contained in the RFC2821.Helo/Ehlo and RFC2821.MailFrom commands. This Working Group will produce low-overhead techniques for validating these identities, based on information provided via DNS by the managers of their associated domain names. The techniques will be compatible with usage and operational practices for Internet mail based on applicable standards and BCPs. In order to provide validation that goes beyond simple authentication, the working group will also define DNS-based mechanisms for basic SMTP client service authorization and domain name-based service accreditation (reputation). Inputs to the working group will be: draft-ietf-marid-csv-intro, draft-ietf- marid-csv-csa, draft-ietf-marid-csv-dna, and draft-levine-mass-batv. CSV performs extended validation of the RFC2821.Helo/Ehlo domain name. BATV provides a framework for bounce address authentication that supports multiple techniques. The input BATV document also supplies a very basic technique for doing private bounce address authentication. Additional techniques, such as for permitting cross-administration bounce address authentication, may be independently developed and registered for BATV. An epidemic of forged RFC2821.MailFrom addresses is causing great confusion and reducing the overall reliability of email, primarily by inducing bounce notification messages to forged RFC2821.MailFrom addresses. The need for SMTP client accountability and for detection of misused bounce addresses is urgent. Therefore the working group will pursue near-term refinements to the input proposals, to permit early deployment and use. Discussion of enhancements with broader functionality or involving more extensive Internet mail infrastructure changes are out of scope for this Working Group. Authentication, authorization and accreditation each can be useful. Because accreditation involves new functional territory for Internet mail, the validation specification will first provide for private accreditation techniques, such as privately maintained lists. A DNS-based technique for querying external accreditation services will then be added. Technical and policy details about the operation of external accreditation services is outside the scope of this working group. Only the ability to query for a basic accreditation rating is within scope. Milestones are in terms of working group deadlines, rather than IESG or IETF submissions. These latter milestones flow from the working group events. GOALS AND MILESTONES Nov 1 04: Technical reviews on CSV -intro and -csa input drafts Dec 1 04: WG Last Call Consensus draft on CSV, with private accreditation Technical reviews on CSV -dna and BATV signature drafts Jan 15 05: WG Last Call DNS-based SMTP Client accreditation mechanism WG Last Call draft on CSV, with DNS-based accreditation Mar 1 05: WG Last Call on BATV signature framework and initial method