Re: [Bimi] Interpreting SANs according to draft-fetch-validation-vmc-wchuang-05 (was: bimi Digest, Vol 20, Issue 1)
Taavi Eomäe <taavi@zone.ee> Fri, 02 February 2024 10:59 UTC
Return-Path: <taavi@zone.ee>
X-Original-To: bimi@ietfa.amsl.com
Delivered-To: bimi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD307C14E515 for <bimi@ietfa.amsl.com>; Fri, 2 Feb 2024 02:59:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=zone.ee
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PoC8GJouaZ0s for <bimi@ietfa.amsl.com>; Fri, 2 Feb 2024 02:59:07 -0800 (PST)
Received: from MTA-244-85.TLL01.ZONEAS.EU (mta-244-85.tll01.zoneas.eu [85.234.244.85]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 499C2C14F70F for <bimi@ietf.org>; Fri, 2 Feb 2024 02:59:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zone.ee; q=dns/txt; s=zone; bh=z7HQ5sspHDf3i6I+asSa8mgz1gBMZjkg5ebIw2G6EN8=; h=from:subject:date:message-id:to:mime-version:content-type:in-reply-to:references; b=ayXtfrxRV6tMbrStjDLDEAm78Y2vxeOKE+x3d+i118M42VxpF9lSV11Zb0TBpfVuMZtgLL6Zx hGrYCSWvlTbs0/Hc0x0+PSJGne5QCkDew/uovqf2wcpw1R7GpdRV+k/atUVij5iLiOpADi4ySkU ixD6mhtzQsojJzBCusGoYaOOCGuHJOfXp9Qd4y2KVTtzRocPYi7TjA3FQo74Lqu3TQFkV7WsQfJ ZNEin7NIjZGEFsJUrRpbpe8pHLsUCIXjZo8tSHKgJAr0QC5a6U2ShGg664VU9sre06d59COo2mm /rDzWZKOUsLoYPv+12LZoxFo4akUi/wv6Pyj2GyM/Faw==
Received: from [192.168.50.11] [217.146.66.6] (Authenticated sender: zmail526721[taavi@zone.ee]) by MTA-244-85.TLL01.ZONEAS.EU (ZoneMTA Forwarder) with ESMTPSA id 18d6978c0b30002f2b.001 for <bimi@ietf.org> (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384); Fri, 02 Feb 2024 10:58:57 +0000
Message-ID: <30076c6a-27f4-4f63-92bd-66e2d2a5bc58@zone.ee>
Date: Fri, 02 Feb 2024 12:58:57 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: BIMI IETF mailing list <bimi@ietf.org>
References: <mailman.12.1706299201.23110.bimi@ietf.org> <10b6ac60-55b1-41f9-bd01-95b192926064@iovo.me>
From: Taavi Eomäe <taavi@zone.ee>
Organization: Zone Media OÜ
In-Reply-To: <10b6ac60-55b1-41f9-bd01-95b192926064@iovo.me>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms050500060608030709090507"
Archived-At: <https://mailarchive.ietf.org/arch/msg/bimi/G9ZBtlh9Pqlb9ZZnu7jPCqUsvP0>
Subject: Re: [Bimi] Interpreting SANs according to draft-fetch-validation-vmc-wchuang-05 (was: bimi Digest, Vol 20, Issue 1)
X-BeenThere: bimi@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Brand Indicators for Message Identification <bimi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bimi>, <mailto:bimi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bimi/>
List-Post: <mailto:bimi@ietf.org>
List-Help: <mailto:bimi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bimi>, <mailto:bimi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Feb 2024 10:59:12 -0000
Hi, > SANs certificate are used for multiple domains (example.com, example.net, .eu, etc.) > Basicaly per 1 domain and all subdomains you need inly regular VMC. - 1 logo As described, there's just one SAN for a subdomain "www.example.com", most BIMI implementations display the logo, but at least one doesn't. The current RFC draft is difficult to interpret if that behavior is correct or not. > Of cource subdomains have to be DMARC compliant and with policy "reject" or "Quarantine" The letter itself only uses the higher-level domain "example.com" and DKIM/DMARC fully align. Best Regards, Taavi Eomäe Zone Media OÜ - https://zone.eu
- Re: [Bimi] bimi Digest, Vol 20, Issue 1 Ivan Hadzhiev
- Re: [Bimi] Interpreting SANs according to draft-f… Taavi Eomäe