Re: [dmarc-ietf] Comment on draft-ietf-dmarc-psd

Craig Schwartz <craig@ftld.com> Wed, 05 February 2020 11:02 UTC

Return-Path: <craig@ftld.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A83812012D for <dmarc@ietfa.amsl.com>; Wed, 5 Feb 2020 03:02:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ftld.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Euufg85yRwXi for <dmarc@ietfa.amsl.com>; Wed, 5 Feb 2020 03:02:35 -0800 (PST)
Received: from mail-wm1-x334.google.com (mail-wm1-x334.google.com [IPv6:2a00:1450:4864:20::334]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7A0CE120099 for <dmarc@ietf.org>; Wed, 5 Feb 2020 03:02:35 -0800 (PST)
Received: by mail-wm1-x334.google.com with SMTP id c84so2174638wme.4 for <dmarc@ietf.org>; Wed, 05 Feb 2020 03:02:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ftld.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=9K1AZWfnfjChlhVQrVQ/a3ay6nYqe0HGmoYBNPD/cL8=; b=P5u+K3Flw3VGEzEGxg958+dhGDMVFvOZh0uY9p90UXFZdfhIMm4QR7q2DdQUTKIwty KdJHsJfn4DPgiT754RJ/5dusTbb4lC4sC5ez8Q6HpgEXG1iOR1cRsTkgQBU6r7Tb67O3 sJqHyF2+yUDnOl11JieH+oNXvDvZoKzRpy4ns=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=9K1AZWfnfjChlhVQrVQ/a3ay6nYqe0HGmoYBNPD/cL8=; b=O2nOS2iupAF2Bik+1mvkUWoJd7aNFZ13k0gU86OkablOUvJsbDleRI1sjnuok0Jdu8 ZPJqDEXgDS+FxWT87Pvqq6iDEnK3rVWZ1wI6s2WOTKb8Cr8mvelImBhpd6FLTRVWOoSH 9LZ8m7COMUXwm1hrtJwwyFPIMqF8DoJam5AU2fkUpkNRBsmbDUi6C9LmKQag9iLQmKbI rtmNUc4RizKXz8NwqbsQPlEH91MWp9U5XDEwybP5Yf+CE6Y99XWmWYxnb54ZgTRVmKOs vWQLJZsgBS4KSJh4Zhp0HA8sO+gQ9Yixb/NpKlmpSz2SPL/4xwYkW7WzIahjlvIm5ZIa /V3A==
X-Gm-Message-State: APjAAAVflh+RPv6XOOgP8ENtMOt7XA2nZWKqysEoZJ8kuOjl5u08g+Ur LYuLha8BScNBRch/Kj6xVa+jIj4RDRauc/4FPBu+//xAaWA=
X-Google-Smtp-Source: APXvYqxkcP54fhS98PH1FBjqX18A5+3HdlXfUtMIBBzL/cW9A1fYjmm7a/pV8G8Th/2HLuA3KZ7KWm7VgZr/RK2bSVk=
X-Received: by 2002:a1c:3b09:: with SMTP id i9mr5020794wma.31.1580900553574; Wed, 05 Feb 2020 03:02:33 -0800 (PST)
MIME-Version: 1.0
References: <728d7df1-d563-82f4-bfb3-a65a75fdd662@gmail.com> <CAL0qLwacbAT04tckpPcRcnOt=1QByOBeJ7uDf6rNK6NRwtxZYg@mail.gmail.com> <ffa2bf72-3024-237b-86ae-9cc04babeec6@gmail.com> <74a0ea49-7a46-4eb6-c297-cd703f63bd1b@gmail.com> <CAL0qLwbp2hNrgF_xxhKRRODQ6HP=U5_K-r3Wtm1wJZOZcKup3g@mail.gmail.com> <9DE9E7DC-FE60-4952-8595-B2D087A6B780@kitterman.com> <CADyWQ+GSP0K=Ci22ouE6AvdqCDGgUAg3jZHBOg3EwCmw=QG84A@mail.gmail.com> <CABuGu1obn55Y2=CuEYRYCEO3TYYNhYTsdkesQ67O61jRyfO=wA@mail.gmail.com> <79b1cbe6-8a53-9157-63de-210fd2bad89a@dcrocker.net> <CAL0qLwZnomZJTbFB=dfFdw2vWg7B0ObRuoage3pcWaYmP9Kp4A@mail.gmail.com> <082f2102-693c-136d-874c-1182f12a6818@gmail.com> <CAL0qLwZjd2qhejctNK0BM7j=SscaE45Mm7U9iWJNvO-GuhEKQA@mail.gmail.com> <1aa141c4-50d8-4f2e-c72f-e1d0bf19f280@gmail.com> <CAL0qLwY-v-VS-Wai-aqGRPOj1i8HxqMrYybzsNJGzN2dTHvG9w@mail.gmail.com> <CAJ+U=1qw63VGCEXAqA7AhL_GpidwcWBuLV-aAeJgvcTagi8=dA@mail.gmail.com> <CAL0qLwZobYEj7nmj0B5vHH5ED+BBv2uocGPVRSN-S0-xFzL68w@mail.gmail.com>
In-Reply-To: <CAL0qLwZobYEj7nmj0B5vHH5ED+BBv2uocGPVRSN-S0-xFzL68w@mail.gmail.com>
From: Craig Schwartz <craig@ftld.com>
Date: Wed, 5 Feb 2020 05:59:11 -0500
Message-ID: <CAJ+U=1o4qchsgm9ei3=WuW5qWOPOzdY8ox83rM23b1UZLc=Z0Q@mail.gmail.com>
To: "Murray S. Kucherawy" <superuser@gmail.com>
Cc: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ebea35059dd21785"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/-Pw88YQK3oG8UfzMwB4DxOriO7U>
Subject: Re: [dmarc-ietf] Comment on draft-ietf-dmarc-psd
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Feb 2020 11:02:43 -0000

Murray,

Notwithstanding the extensive commentary on this list in the last 24 hours,
you wrote the following so let me share some thoughts.

<<<To be clear, however: I think the working group mailing list archive has
enough of a record that participants think the experiment will be useful or
even critical to the evolution of DMARC, though people are of course
welcome to affirm that support for the record.  The question being put,
however, goes to the form of the experiment and the current form of DMARC
as a protocol with respect to determining Organizational Domains, and
whether there are indeed risks to the deployed infrastructure that the
experiment could become permanent.  That's the meaty stuff that would
really help to move this along.>>>

First, while I know you've said the needs of external actors won't
weigh on your
decision about moving forward, I would like to mention that having a stable
reference for PSD DMARC will help us with working towards policy changes
that would allow us to participate in this experiment.  It may not be important
to the WG Chairs' decision on the draft, but there are stakeholders for
whom it is important.

Second, I have consulted with my technical advisors and our conclusion is
that the risks to deployed infrastructure if this experiment becomes
permanent are negligible.  Currently the PSL has 8,818 non-comment
entries.  For PSD DMARC, we have 4.  We don't believe adding a list that's
.04% as long as the one that is currently being used successfully for DMARC
is an issue at all. Additionally, we believe that the use of this list to
constrain when PSD DMARC lookups will need to occur provides a very useful
limit on the impacts to DNS
(not that we would expect them to be significant regardless).

Finally, if the DMARC working group is successful in updating DMARC not to
use the PSL, then PSD DMARC would naturally evolve to use that solution
(PSD is currently defined relative to org domain, so if the method for
finding org domain changes, PSD DMARC will use it without any change
needed).  As a result, to the extent the use of lists like the PSL is a
problem, PSD DMARC is already ready to take advantage of whatever solution
the IETF develops.

In short, we've reviewed this and see many advantages to proceeding and
none for not.

Craig


*--*
Craig Schwartz
Managing Director
fTLD Registry Services | .BANK & .INSURANCE
Office: +1 202 589 2532
Mobile: +1 202 236 1154
Skype: craig-schwartz
www.fTLD.com








On Mon, Feb 3, 2020 at 10:08 PM Murray S. Kucherawy <superuser@gmail.com>
wrote:

> On Mon, Feb 3, 2020 at 4:24 PM Craig Schwartz <craig@ftld.com> wrote:
>
>> Hi Murray,
>>
>> <<<The chairs will not accept hearsay replies or opinions, or expressions
>> of needing this work but not knowing how to engage; you either give your
>> feedback on the list or privately to the chairs or Area Directors, or you
>> are along for whatever ride results.  Please indicate, as soon as possible,
>> where your support lies given the above.>>>
>>
>> In my capacity as managing director of fTLD Registry Services (fTLD),
>> registry operator of the .BANK and .INSURANCE TLDs, I believe PSD would
>> provide invaluable threat intelligence to domain registrants and to TLD
>> administrators like ourselves for NXDOMAINs. PSD has tremendous value to
>> specialized TLDs including, but not limited to, .BRANDS, community-based
>> domains, high-security domains, governments, etc. and as such I believe PSD
>> should proceed. I’ve previously posted to this list expressing this view
>> and while fTLD cannot participate in experimentation due to a prohibition
>> by ICANN, we remain committed to supporting and seeing this work continue.
>>
>
> Craig,
>
> Thanks for this, and for one other person that sent to the chairs
> privately (it was a list non-member caught in moderation, nothing secret).
>
> To be clear, however: I think the working group mailing list archive has
> enough of a record that participants think the experiment will be useful or
> even critical to the evolution of DMARC, though people are of course
> welcome to affirm that support for the record.  The question being put,
> however, goes to the form of the experiment and the current form of DMARC
> as a protocol with respect to determining Organizational Domains, and
> whether there are indeed risks to the deployed infrastructure that the
> experiment could become permanent.  That's the meaty stuff that would
> really help to move this along.
>
> -MSK
>