RFC 7489 seems to imply that the request clause must be the second clause although the wording isn’t very clear. Jon Postel’s mantra would suggest being tolerant of where it is positioned but I’m trying to work out if records, such as the one for ECU.EDU.AU, are conformant or not.
The ABNF in section 6.4 says
dmarc-record = dmarc-version dmarc-sep [dmarc-request] [dmarc-sep dmarc-srequest] ...
where
dmarc-request = "p" *WSP "=" *WSP ( "none" / "quarantine" / "reject" )
and it later says
components other than dmarc-version and dmarc-request may appear in any order.
Note 6.3 says that dmarc-version must be the first clause and it’s mandatory so you can’t stuff other clauses in front of it and dmarc-request is mandatory for policy records.
Yes, you are correct. the p tag should always be second.
If I misspoke in the presentation, then I apologize.
Well as I said the wording isn’t very clear and the ABNF could be a lot better but for my purposes I am just trying to flag erroneous configurations without falsely identifying ones that are only weird 
I have added a test to my IPv6 survey page to try to get a handle on how many organisations have a DMARC TXT record and what policy they are using. It seems p=none is very popular and deploying DMARC hasn’t encouraged the deployment of DNSSEC 
For reference my IPv6 survey is https://www.mrp.net/ipv6_survey and while it is targeted at IPv6 deployment SFP, DMARC and DNSSEC aren’t dependent on the version of IP.