Re: [apps-discuss] I-D Action: draft-ietf-appsawg-rfc7001bis-03.txt
"Murray S. Kucherawy" <superuser@gmail.com> Sun, 15 March 2015 05:25 UTC
Return-Path: <superuser@gmail.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 443121A1AAA for <apps-discuss@ietfa.amsl.com>; Sat, 14 Mar 2015 22:25:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FzvvQOqDiy1o for <apps-discuss@ietfa.amsl.com>; Sat, 14 Mar 2015 22:25:14 -0700 (PDT)
Received: from mail-wi0-x22d.google.com (mail-wi0-x22d.google.com [IPv6:2a00:1450:400c:c05::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CB5B31A1AB2 for <apps-discuss@ietf.org>; Sat, 14 Mar 2015 22:25:13 -0700 (PDT)
Received: by wifj2 with SMTP id j2so17099874wif.1 for <apps-discuss@ietf.org>; Sat, 14 Mar 2015 22:25:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=pZAOYa2ycgJ9wtHVX9TY1fr4LJakxlO4qX/kPGr+aJ0=; b=WiNzUcgS5Up+nRL8wNCmoOhlOLP1+uS7sg1/x64yi8h+aeKeTZTCYwNzBbWArdyhAj 3Lh7IMgMqGrQooj+M+ViC6LyyFHe1mVSHwGIEQQEMmazgi8W1HvDNEoRvu062WwVDNkV xPDZ2G3IwXKt+NyUGo1z77euR5JI08RIqVzv0vcODC2BYd8EWfwTcotsMf8NWjNGYV1w ruwq9EUT+WKlS8IiItYH0v+/kQlc7AuXXMo7mJAdasdtLY6BJVZOGrJvEC1cIHX8z5ru KZJq5LXziMZiunoPgBtb9cwUSMHxK/vRbhbhji6zcjgrifeoWfVIhWZyiTbCoksFZkKz 7gsQ==
MIME-Version: 1.0
X-Received: by 10.194.239.65 with SMTP id vq1mr107580399wjc.98.1426397112562; Sat, 14 Mar 2015 22:25:12 -0700 (PDT)
Received: by 10.27.179.212 with HTTP; Sat, 14 Mar 2015 22:25:12 -0700 (PDT)
In-Reply-To: <5504BBF0.9000100@isdg.net>
References: <20150309213241.21308.78039.idtracker@ietfa.amsl.com> <5504BBF0.9000100@isdg.net>
Date: Sat, 14 Mar 2015 22:25:12 -0700
Message-ID: <CAL0qLwZNjruueGbUN15SseHw+E4s2YSkUJ_V=gSWerQBHibR6A@mail.gmail.com>
From: "Murray S. Kucherawy" <superuser@gmail.com>
To: Hector Santos <hsantos@isdg.net>
Content-Type: multipart/alternative; boundary="001a11c1b8f033fab705114cf5d5"
Archived-At: <http://mailarchive.ietf.org/arch/msg/apps-discuss/zMTOYqmObjZFojh3iTLqiZW2aVk>
Cc: IETF Apps Discuss <apps-discuss@ietf.org>
Subject: Re: [apps-discuss] I-D Action: draft-ietf-appsawg-rfc7001bis-03.txt
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss/>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Mar 2015 05:25:17 -0000
On Sat, Mar 14, 2015 at 3:53 PM, Hector Santos <hsantos@isdg.net> wrote: > For sentence #1, > > .... indicate the results > of different message authentication efforts. > > or > > .... indicate the results of any internal message > authorization and authentication efforts. > They're not necessarily internal checks (where "internal", I assume, means "done by my ADMD"). You could decide to trust an upstream check from your ISP, for example. > I was under the impression that this header can only be "trusted" > internally, essentially by the creator to be used by the backend > "receiver-side" software or even at the UI hosted presentation? > No, that's never been the case. Going back as far as RFC5451 Section 5, we've always allowed for the possibility of trusting information from outside. You just have to decide you believe whatever the outside source is telling you. > The DKIM/ADSP/DMARC/SPF/OTHER machine domain host name creating this > header needs to be trusted. > Yes, that's the point, not that it has to be internal. > The main reason I say this is because the first time I began to use this > for DKIM, I also used it for ADSP, Not SPF, nor ATPS. SPF already had an > internally produced and most importantly trusted result header > (Received-SPF) and AUTH-RES wasn't quite ready to pass all the essential, > different A/A protocol process parameters information being done, including > SPF and ATPS. > A-R predated ATPS, so they've always been compatible. As for Received-SPF, the whole reason this was introduced is because SPF created a header field for recording its results, and DomainKeys proposed one as well. Rather than having a different one for every method, it made sense to create one extensible one for this purpose. > So I created the fields I needed. Since it would intended for internal > consumption, other consumers like RFC-based Offline Mail Readers/Writers, > these offline MUAs should not rely on it. > > Is this still true? > If by "this" you mean internal consumption, then yes, mostly; it's intended for consumption by downstream agents (filters and MUAs, mainly) that are able to figure out which ones they believe. > If so, what are the rules for this? > Several sections of RFC5451, such as 2.3, 4.1, and 7, talk about when and how to consume the header field. All of this is carried forward into RFC7001 and now this document. > How about different AUTH-RES from different processing host? > Same answer. > As a related tech note, does the latest work reflect all the essential > information needed for? > > DKIM > DMARC > SPF > Yes. Is it ready for indicating 3rd party results? > The only supported third-party reporting scheme is ATPS, but it hasn't seen much in the way of real world deployment. None of the others have documents attaching them to Authentication-Results. Does it still support ADSP or its obsolete in the new AUTH-RES as well? > This draft doesn't cover them because ADSP was declared Historic. However, previous versions did, so "dkim-adsp" is still a registered method (though it's marked "obsolete"). I think this draft should actually change their entries to "deprecated". -MSK
- Re: [apps-discuss] I-D Action: draft-ietf-appsawg… Murray S. Kucherawy
- Re: [apps-discuss] I-D Action: draft-ietf-appsawg… Hector Santos
- [apps-discuss] I-D Action: draft-ietf-appsawg-rfc… internet-drafts
- Re: [apps-discuss] I-D Action: draft-ietf-appsawg… Murray S. Kucherawy
- Re: [apps-discuss] I-D Action: draft-ietf-appsawg… Scott Kitterman
- Re: [apps-discuss] I-D Action: draft-ietf-appsawg… Scott Kitterman
- Re: [apps-discuss] I-D Action: draft-ietf-appsawg… Murray S. Kucherawy
- Re: [apps-discuss] I-D Action: draft-ietf-appsawg… Murray S. Kucherawy
- Re: [apps-discuss] I-D Action: draft-ietf-appsawg… Scott Kitterman
- Re: [apps-discuss] I-D Action: draft-ietf-appsawg… Murray S. Kucherawy
- Re: [apps-discuss] I-D Action: draft-ietf-appsawg… Scott Kitterman
- Re: [apps-discuss] I-D Action: draft-ietf-appsawg… John Levine
- Re: [apps-discuss] I-D Action: draft-ietf-appsawg… Ned Freed
- Re: [apps-discuss] I-D Action: draft-ietf-appsawg… John R Levine
- Re: [apps-discuss] I-D Action: draft-ietf-appsawg… Murray S. Kucherawy
- Re: [apps-discuss] I-D Action: draft-ietf-appsawg… Scott Kitterman
- Re: [apps-discuss] I-D Action: draft-ietf-appsawg… Murray S. Kucherawy
- Re: [apps-discuss] I-D Action: draft-ietf-appsawg… Scott Kitterman
- Re: [apps-discuss] I-D Action: draft-ietf-appsawg… Ned Freed
- Re: [apps-discuss] I-D Action: draft-ietf-appsawg… John R Levine
- [apps-discuss] draft-ietf-appsawg-rfc7001bis s6.2 t.petch
- Re: [apps-discuss] draft-ietf-appsawg-rfc7001bis … Murray S. Kucherawy
- Re: [apps-discuss] I-D Action: draft-ietf-appsawg… Ned Freed