IETF Logo Mail Archive

Re: [dmarc-ietf] Comment on draft-ietf-dmarc-psd

Tim Wicinski <tjw.ietf@gmail.com> Mon, 11 November 2019 09:58 UTC

Return-Path: <tjw.ietf@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 69C22120831 for <dmarc@ietfa.amsl.com>; Mon, 11 Nov 2019 01:58:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iqLJzZkXvHvg for <dmarc@ietfa.amsl.com>; Mon, 11 Nov 2019 01:58:11 -0800 (PST)
Received: from mail-oi1-x22d.google.com (mail-oi1-x22d.google.com [IPv6:2607:f8b0:4864:20::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ABF7E12080F for <dmarc@ietf.org>; Mon, 11 Nov 2019 01:58:11 -0800 (PST)
Received: by mail-oi1-x22d.google.com with SMTP id 22so10969725oip.7 for <dmarc@ietf.org>; Mon, 11 Nov 2019 01:58:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=LU8lDXrrvKzOIMjZBnK+3E56vYwZ7FipYbHafJbBT3w=; b=IxN4G0izAnXg5t+JiAofJPSLJNpJJdM/fg2E70vUvGxy7MjZ6+1bD6k4t7Y7p2EWpz xasw6MSirmQMAOgeUu8rqmTyPbiGCHkk3Vo+m+lyYtrPTCNQJ6jiK/3x+pFscUeoQBL/ Sln/9pT2BiUbpekXHrTzgb6Q/Gsikz1I2r42/1949AGYs+veBqrMofaLfrp/CKfqXH0T Gmc3V/hMA1At81418J7qBtjND9ndX0nSQEkbB/ELGW+uZxhXHliQ+RMtmQdcDrdnUDxE ZBiuZYN3Vawf1tnTI+MvRPOqZbShQKGuvuV5gK15nFfVKtNMsP8WZwq/1NKOfN2UMgfn Nl3g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=LU8lDXrrvKzOIMjZBnK+3E56vYwZ7FipYbHafJbBT3w=; b=q867SKS7wcIFHjv1QXahGSflxL1vRgmzW3meQm4BAW2q0JRZiIGLnFryuVud5sw9p2 toSlOtteQW4X189pANmsZO74EY5QHx7HpGTqT2jJGKoWbBMierWslXJ6Y8qv6bvd8pJG Of1GHpu7EDfDHOkN+jm9fC9bDwAJ2UDhJOQ+qmsWqD3c6ZbS6f/RkLHZCeCphsz5CZlz 6c1siVTeqhiN2E/Hx6PlONTVaZCg6ordaClymdudD6lZRQa8Iw5Nrf/+/tPcHCbalnXI 6q+/E/2eIjvDHi5DVUKE8cnrVFSHTyD8w9y0gyFYVlW5N2MolG4nW0oYPJpQbJmtrTkj QW3w==
X-Gm-Message-State: APjAAAVG3DPSBzRwxOTtiNz6XnjZxbyLPDr7nf4bL16IbWMbK0numOvv NZ/ir+7j+ew+h541oJZLsUGySVDs8Jm2vttyTZk=
X-Google-Smtp-Source: APXvYqzm6JoUV/YaUZHuoOW1SL6TwDh2My4jobOSRgFJqzaBkBy/7IQ5dE9PrbjhyqhXxuO/N1NkI7MXM81MSV/gUbU=
X-Received: by 2002:aca:a842:: with SMTP id r63mr22191715oie.118.1573466290986; Mon, 11 Nov 2019 01:58:10 -0800 (PST)
MIME-Version: 1.0
References: <728d7df1-d563-82f4-bfb3-a65a75fdd662@gmail.com> <CAL0qLwacbAT04tckpPcRcnOt=1QByOBeJ7uDf6rNK6NRwtxZYg@mail.gmail.com> <ffa2bf72-3024-237b-86ae-9cc04babeec6@gmail.com> <74a0ea49-7a46-4eb6-c297-cd703f63bd1b@gmail.com> <CAL0qLwbp2hNrgF_xxhKRRODQ6HP=U5_K-r3Wtm1wJZOZcKup3g@mail.gmail.com> <9DE9E7DC-FE60-4952-8595-B2D087A6B780@kitterman.com>
In-Reply-To: <9DE9E7DC-FE60-4952-8595-B2D087A6B780@kitterman.com>
From: Tim Wicinski <tjw.ietf@gmail.com>
Date: Mon, 11 Nov 2019 04:58:00 -0500
Message-ID: <CADyWQ+GSP0K=Ci22ouE6AvdqCDGgUAg3jZHBOg3EwCmw=QG84A@mail.gmail.com>
To: Scott Kitterman <sklist@kitterman.com>
Cc: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005722da05970f2b72"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/0mUyRwUMryf6UEdmBN68Df-Rk8o>
Subject: Re: [dmarc-ietf] Comment on draft-ietf-dmarc-psd
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Nov 2019 09:58:14 -0000

Scott

PSD DMARC does talk about organizational domains which from the original
DMARC spec (section 3.2)
does say 'Acquire a "public suffix" list'

The addition of the preamble text shouldn't move the document in either
direction.
I do feel anything which helps focus us on moving forward on DMARC-bis is a
good thing.
The WG should be able to start writing the PSL document right away.

Murray and I will be in Singapore if anyone wishes to speak their mind.

thanks
Tim




On Mon, Nov 11, 2019 at 3:29 AM Scott Kitterman <sklist@kitterman.com>
wrote:

>
>
> On November 11, 2019 7:34:39 AM UTC, "Murray S. Kucherawy" <
> superuser@gmail.com> wrote:
> >On Thu, Sep 5, 2019 at 1:22 PM Dave Crocker <dcrocker@gmail.com> wrote:
> >
> >> > 1. The change to DMARC should be limited to permitting the query
> >for the
> >> > organization domain to be anywhere in the DNS tree, including a
> >TLD.
> >> > Within DMARC this would not look like 'extra' mechanism.
> >> >
> >> > 2. The mechanism that processes that query should be cast strictly
> >as a
> >> > PSL enhancement, independent of DMARC.
> >>
> >>
> >> Trying to refine things further:
> >>
> >>
> >>     DMARC does not care about the PSL.
> >>
> >>     What DMARC cares about is the Organizational Domain (OD), as a
> >> fallback when no DMARC record is found at the desired domain name.
> >>
> >>     That is, PSL is literally outside the scope of DMARC.
> >>
> >>     At the least, therefore, the DMARC specification should define a
> >> distinct interface to the outside functionality that tells DMARC
> >where
> >> the OD is, which will return what suffix of the full domain name is
> >the
> >> OD --  eg, getOrgDomain(full-domain) -> org-domain-suffix
> >>
> >>     The PSL-related side of that interface should be a separate
> >> specification, so that changes to its behavior -- such as has been
> >> happening with the introduction of ODs that are TLDs or are otherwise
> >> 'above' where DMARC has been guessing the OD to be -- are isolated
> >from
> >> DMARC.
> >>
> >>     The current problems are that DMARC has embedded too much detail
> >> about the PSL world, yet DMARC has no involvement in that world. The
> >> current proposal embeds assumptions of PSL knowledge further, rather
> >> than separating PSL knowledge out.
> >>
> >
> >We (the chairs) fully agree with all of this.  What we -- I in
> >particular
> >-- have been struggling with is to find a path forward so the PSD
> >experiment can still take place without being blocked by the need to
> >first
> >go back and overhaul RFC 7489 as you've described here, separating
> >DMARC
> >and the OD determination.  Because that'll take months.
> >
> >We are perhaps in the fortuitous position in our charter now that our
> >very
> >next work item is to take up the task of reopening DMARC itself, and
> >the
> >separation of function Dave is espousing could be made into a reality
> >during that work.  Given this, we suggest that the PSD draft be allowed
> >to
> >proceed as Experimental, but with appropriate preamble text added to
> >its
> >Introduction explaining the deficiency Dave has identified.  So the
> >order
> >of operations becomes:
> >
> >* add text to the PSD draft making it clear that what it's describing
> >is an
> >experiment whose outcome will be taken only as feedback to the revision
> >of
> >the standard (i.e., this is not intended to be the final form of
> >anything),
> >and it is not intended to be deployed outside of the experiment's
> >participants;
> >* publish the experiment with those cautions and allow the experiment
> >to
> >begin
> >* while the experiment is running, spin up the work on two new
> >standards
> >track documents, in line with our charter:
> >a) DMARC, with PSL references replaced by the abstract notion of the OD
> >that's determined in some non-specific way, as Dave suggests
> >b) a PSL document that satisfies the abstract notion of OD in the DMARC
> >document, also as Dave suggests
> >* when the experiment completes, either augment (b) if it's still in
> >development, or publish a revision to it, based on what the experiment
> >has
> >revealed
> >
> >Can this be made to work?
> >
> >Honestly, the experiment could start anyway without an RFC published,
> >but a
> >formal record of the experiment and its caveats doesn't strike me as a
> >wrong thing to do.
>
> The current revision of the PSD DMARC draft makes no reference to the PSL
> in the body of the draft (it only comes up in Appendix A and C).    It
> seems like an odd choice to continue to insist PSD DMARC is specifically
> tied to the PSL when the text indicating so has been removed (Dave's email
> was two months ago and things have changed in the interim).
>
> I don't think the proposed note says anything the status of experimental
> shouldn't already communicate.  Given the current state of the draft, I
> don't think it's necessary to have such a note.
>
> Scott K
>
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>

v2.23.0 | Report a Bug | By Email