Re: [dmarc-ietf] spec nit - which DKIM to report

Elizabeth Zwicky <zwicky@otoh.org> Fri, 21 June 2019 19:15 UTC

Return-Path: <zwicky@otoh.org>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0FE681201BE for <dmarc@ietfa.amsl.com>; Fri, 21 Jun 2019 12:15:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=otoh.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cjPijtscn_gK for <dmarc@ietfa.amsl.com>; Fri, 21 Jun 2019 12:15:25 -0700 (PDT)
Received: from suricate.otoh.org (suricate.otoh.org [173.11.101.67]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 78992120096 for <dmarc@ietf.org>; Fri, 21 Jun 2019 12:15:25 -0700 (PDT)
Received: from [172.132.15.241] (unknown [209.131.62.183]) (Authenticated sender: zwicky) by suricate.otoh.org (Postfix) with ESMTPSA id B2DC31198D; Fri, 21 Jun 2019 19:15:20 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=otoh.org; s=2014-12-30; t=1561144520; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=dLjv+YtGuIXNR3L47s2x9LB8102jG0sNfn05vF8unVQ=; b=H/+Jt8pCrB8mEhLZNje/0HYM5hHB8Ws0RMemZJO5a4MoWFUX9HkiZxIEzXlJfpwj0fQ4Pv T417Y4TSGMRFC1whNNgze2AhmdJPAmxX4YXMWI8gciANWR9DD19T0sqrcPA6wMgpWfEMMJ Ou36Rz34jlPb7HY4jlAkyI0cimjImHs=
Content-Type: multipart/alternative; boundary=Apple-Mail-E70FB312-3F88-44F3-9D10-6C82755E1AF9
Mime-Version: 1.0 (1.0)
From: Elizabeth Zwicky <zwicky@otoh.org>
X-Mailer: iPhone Mail (16F203)
In-Reply-To: <alpine.OSX.2.21.9999.1906211507430.53840@ary.qy>
Date: Fri, 21 Jun 2019 12:15:19 -0700
Cc: dmarc@ietf.org, tki@tomki.com
Content-Transfer-Encoding: 7bit
Message-Id: <0C6B5A70-6373-4DC1-9AB3-E0745F4D3364@otoh.org>
References: <20190621184626.AE1B52016298ED@ary.qy> <8C941177-5B45-4B69-A2CB-C774BFB543FD@otoh.org> <alpine.OSX.2.21.9999.1906211507430.53840@ary.qy>
To: John R Levine <johnl@taugh.com>
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=otoh.org; s=2014-12-30; t=1561144520; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=dLjv+YtGuIXNR3L47s2x9LB8102jG0sNfn05vF8unVQ=; b=Rqu3rBv3M1MlXdwXmOwUF0eihbqjur4g/iuGUWtwbeMpiyUu9kD89qMDORWxbmKEDNwDYL tAYp2cj569aDsprv+hnHiPYlxP9NclzdRucM9ULPvIPcdpJ+ssySLc1N35uLxc/Q5c4hQq yVAa9dShsTEyFXqeBKD1sEJbq6v3QeQ=
ARC-Seal: i=1; s=2014-12-30; d=otoh.org; t=1561144520; a=rsa-sha256; cv=none; b=qiDSk9RuLtyQ+/tfLEwhvyQNbKbO+6p80RVzLxCJJqtpiM/jI/iYPoNND6zyGNy/q1/WZf iqE9WFappnjpDQiW8BREgEWtRecQEaTb+QEVywAPYK7Qoks/1Vbgye2c9fxNnD9prf2mMG oTAjzVdbADqdAcLa/BRxwYskPHlWxqs=
ARC-Authentication-Results: i=1; suricate.otoh.org; auth=pass smtp.auth=zwicky smtp.mailfrom=zwicky@otoh.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/0HnvtYeeseqopq1tLELctYte34M>
Subject: Re: [dmarc-ietf] spec nit - which DKIM to report
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Jun 2019 19:15:27 -0000

The problem with that language is that
>  o  The identifier evaluated by DKIM and the DKIM result, if any

is genuinely unclear. Often there are multiple identifiers. Does this mean I can pick any one of them? (That does not actually provide sufficient interoperability.) If there’s a specific one I should pick, which is it?

Elizabeth 


On Jun 21, 2019, at 12:11 PM, John R Levine <johnl@taugh.com>; wrote:

>> I believe they MUST contain any aligned DKIM signature regardless of validity and SHOULD  contain an entry for each domain, selector, result triple.
> 
> RFC 7489 says:
> 
>   The report SHOULD include the following data:
> 
>   o  The DMARC policy discovered and applied, if any
> 
>   o  The selected message disposition
> 
>   o  The identifier evaluated by SPF and the SPF result, if any
> 
>   o  The identifier evaluated by DKIM and the DKIM result, if any
> 
>   o  For both DKIM and SPF, an indication of whether the identifier was
>      in alignment
> 
> (and a bunch of other stuff)
> 
> I don't see any basis to change this, since as long as the report's format and syntax are correct, it'll interoperate.  It may not have all the hints the report's recipient would like, but life is like that.
> 
> R's,
> John