Re: [dmarc-ietf] Ruminating the tree walk
Barry Leiba <barryleiba@computer.org> Sun, 03 April 2022 13:10 UTC
Return-Path: <barryleiba@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 2995B3A1C2C
for <dmarc@ietfa.amsl.com>; Sun, 3 Apr 2022 06:10:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.412
X-Spam-Level:
X-Spam-Status: No, score=-1.412 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.248,
FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248,
HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001]
autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id x_p2BoSrH_Xo for <dmarc@ietfa.amsl.com>;
Sun, 3 Apr 2022 06:10:42 -0700 (PDT)
Received: from mail-wr1-f50.google.com (mail-wr1-f50.google.com
[209.85.221.50])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id D16593A1C2B
for <dmarc@ietf.org>; Sun, 3 Apr 2022 06:10:41 -0700 (PDT)
Received: by mail-wr1-f50.google.com with SMTP id q19so3718351wrc.6
for <dmarc@ietf.org>; Sun, 03 Apr 2022 06:10:41 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to:cc;
bh=18cUVjcUHtqzKKNFBuudqV+9HAEAWl4PCBDb95TpFm4=;
b=mZ4CI51zUPvLfqV7WSxW7UtGEjCvpe09jxQw92INTMHgEd2ALEsy89T1gi6XPHt41Q
G8e2w+SQkj8yf1GYhZE4Yoy7k6wQBlBJ6ZraIvPEhalYelU9lUwtMuHOkCuAFOXUNNug
OdgyDcYbf3TmF24VQnEeNKm8ZjMliud4RsgzbXt4YDMYj6TMKQM6jCIVn3xg7rPSr2VL
SHbTzFaw8csTjuHK7AAuvTjjbfYb+Q6zCzB8pZ8L3YEQSVp/Vnlo1Cref6HPXEgwPwmW
KdZF6CbiKJ979nhi/L2uhIE2Sg9XJgrpCHbWGjWC6ROjRO7ZmdAi9RoX/C9NHGTt2uMd
pMtA==
X-Gm-Message-State: AOAM530C7MyxNEJ1wrPaAZb4ujR2uD9p9fBpFpDJJI1MbdKXvEuQIzOK
pYW7P1sbg5/7/LtFAt6zayupMd/lQmWj99LFZohNOPFvKZQ=
X-Google-Smtp-Source: ABdhPJxMheAzI2SRzT9G8mZFp2H7Tygm8Tdiq+AtF+nbXTfGeY166WuCqdVuL1BG0mHMV1WIUEypVKksSzOVNuAZKzw=
X-Received: by 2002:a5d:6d0e:0:b0:205:f374:aeb4 with SMTP id
e14-20020a5d6d0e000000b00205f374aeb4mr10447900wrq.438.1648991439925; Sun, 03
Apr 2022 06:10:39 -0700 (PDT)
MIME-Version: 1.0
References: <164789584226.30456.9564261134406099481@ietfa.amsl.com>
<CAH48ZfydWRgbMTpifJT_Md+muYnm3TeP+-9ULxcoEoB1oVYD7Q@mail.gmail.com>
<aef95e07-bc42-7a13-8f89-080397ef85cf@tana.it> <3890985.9lyzESmaKy@zini-1880>
<995e74ff-9a40-72c7-3d3f-9b5fd196573e@tana.it>
In-Reply-To: <995e74ff-9a40-72c7-3d3f-9b5fd196573e@tana.it>
From: Barry Leiba <barryleiba@computer.org>
Date: Sun, 3 Apr 2022 09:10:28 -0400
Message-ID: <CALaySJ+x57TPsxPQXV5sVBz_wF4QYzX2ip0pGqfYyF7bwoPvEQ@mail.gmail.com>
To: Alessandro Vesely <vesely@tana.it>
Cc: dmarc@ietf.org
Content-Type: multipart/alternative; boundary="00000000000003b41705dbbfbda2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/0bEU5DVNnPh_W7r1CO92IeEZvRw>
Subject: Re: [dmarc-ietf] Ruminating the tree walk
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting,
and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>,
<mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>,
<mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Apr 2022 13:10:47 -0000
An alternative here is a pointer to one or two open-source implementations that readers can refer to if they want to. That keeps the document tight while providing access to implementation examples. Barry On Sun, Apr 3, 2022 at 7:27 AM Alessandro Vesely <vesely@tana.it> wrote: > On Sun 03/Apr/2022 01:35:16 +0200 Scott Kitterman wrote: > > On Wednesday, March 23, 2022 6:59:08 AM EDT Alessandro Vesely wrote: > >> Hm... > >> > >> On Wed 23/Mar/2022 03:08:35 +0100 Douglas Foster wrote: > >>> During my ruminations last night, I gained some clarity around that > >>> question and wanted to highlight those conclusions. They simplify the > >>> alignment search significantly: > >>> > >>> - If the common substring is shorter than the Organizational Domain, > then > >>> the names are not aligned and the candidate domain can be ignored. > >>> > >>> - Otherwise, if any candidate domain is a parent of (or equal to) the > FROM > >>> domain, then and we have alignment and DMARC PASS. The secondary tree > >>> walk is not needed and no further evaluation is required. > >>> > >>> - If several candidate names are child domains of the FROM address, > then > >>> only the shortest string needs to be evaluated with a secondary tree > >>> walk. If it is aligned, further evaluation is not required. If it is > >>> not aligned because of an organizational boundary, all other child > >>> domains are also excluded. > >> > >> That and the deeper-than-5 optimization Doug posted on a separate > message. > >> > >> I know the document is already longish. However, collecting these > >> observations in an appendix may be helpful for developers, and maybe > also > >> for general understanding of the intricacies involved in the tree walk, > >> including proper usage of the psd= flag. > > > > I think we do need to add some additional clarity, which I plan to > draft, but > > let's not go overboard. We are trying to describe a protocol, not a > > implementation specification. So far, in my experience, the extra code > > required to address short cuts like this is not justified by the improved > > 'efficiency'. I don't think these need to be in the document. > > > I agree that the efficiency is determined more by having a dedicated > caching > resolver than by the algorithm. And the importance of setting up DNS will > never be stressed enough. > > I was thinking rather to a walk through the tree walk (no pun intended), > to be > read by domain owners and programmers alike, to help understanding what's > good, > what's bad, what's normal and what's exceptional. > > Having such an appendix permits the actual algorithm to be stated in a > concise, > formal expression. The last description, for example, uses two steps, 2 > and 7, > to advise to discard non-DMARC records. Step 8 repeats the directive > already > given in step 3. That language is neither formal nor friendly. > > > Best > Ale > -- > > > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc >
- [dmarc-ietf] I-D Action: draft-ietf-dmarc-dmarcbi… internet-drafts
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dma… Douglas Foster
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dma… Scott Kitterman
- [dmarc-ietf] 5.5.4. Publish a DMARC Policy for th… Alessandro Vesely
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dma… Douglas Foster
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dma… Scott Kitterman
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Scott Kitterman
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dma… Douglas Foster
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dma… Douglas Foster
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dma… Douglas Foster
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dma… Douglas Foster
- [dmarc-ietf] Ruminating the tree walk Alessandro Vesely
- Re: [dmarc-ietf] Ruminating the tree walk Douglas Foster
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dma… Scott Kitterman
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dma… Scott Kitterman
- Re: [dmarc-ietf] Ruminating the tree walk Scott Kitterman
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Scott Kitterman
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… John Levine
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Alessandro Vesely
- Re: [dmarc-ietf] Ruminating the tree walk Alessandro Vesely
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Douglas Foster
- Re: [dmarc-ietf] Ruminating the tree walk Barry Leiba
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… John R Levine
- Re: [dmarc-ietf] Ruminating the tree walk Douglas Foster
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Alessandro Vesely
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Douglas Foster
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Scott Kitterman
- Re: [dmarc-ietf] Ruminating the tree walk Scott Kitterman
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Scott Kitterman
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Todd Herr
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… John R Levine
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Alessandro Vesely
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… John R Levine
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… John Levine
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Alessandro Vesely
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Alessandro Vesely
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… John R Levine
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Scott Kitterman
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Scott Kitterman
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Scott Kitterman
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Scott Kitterman
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… John Levine
- Re: [dmarc-ietf] PSD vs org, 5.5.4. Publish a DMA… John R Levine
- Re: [dmarc-ietf] PSD vs org, 5.5.4. Publish a DMA… Scott Kitterman
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Alessandro Vesely
- Re: [dmarc-ietf] PSD vs org, 5.5.4. Publish a DMA… Alessandro Vesely
- Re: [dmarc-ietf] PSD vs org, 5.5.4. Publish a DMA… John Levine