IETF Logo Mail Archive

Re: [dmarc-ietf] PSDs in draft-ietf-dmarc-psd

"Hollenbeck, Scott" <shollenbeck@verisign.com> Tue, 11 June 2019 11:55 UTC

Return-Path: <shollenbeck@verisign.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 47B561200FD for <dmarc@ietfa.amsl.com>; Tue, 11 Jun 2019 04:55:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yFotVPtuOW_Z for <dmarc@ietfa.amsl.com>; Tue, 11 Jun 2019 04:55:41 -0700 (PDT)
Received: from mail4.verisign.com (mail4.verisign.com [69.58.187.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A3425120043 for <dmarc@ietf.org>; Tue, 11 Jun 2019 04:55:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=11614; q=dns/txt; s=VRSN; t=1560254140; h=from:to:cc:date:message-id:references:in-reply-to: mime-version:subject; bh=+mcODi84KX/rf3jyfyy1GRn3fzMgjEkMopynpCEWAoQ=; b=en+Az37cPeJpq1RCnX58ODM0NPbtB1v8b8gy7YRxCfz9u0gtAi0CzdiZ zbLXw/0nwLRcaOKWVKvBNZbIUhxz3tqfLXOlvQtyW90bIEjurcoLX/UtL MY7Er74q2YW/vxLJlzxjg5zk1woXaNI6MuvkDeLFiwsFqivtnCSTO6imB s3Xp1XGjQifgaGrsXrwFxbI/b1X3FsWxpZjHslb7nzs0cqnaUa7kvcC3N kBqrCPNRcZ9ErvDZLb7vaeondb1yGtlEKxP0C+ULFFqNdVJrtd2uOSKGz SJNf3MhV3pPdecXyNHmYnjAEk05ekGVOVsOc+o0LwGF+xMUenJ7/VKWhn g==;
X-IronPort-AV: E=Sophos;i="5.63,579,1557201600"; d="scan'208,217";a="7828611"
IronPort-PHdr: 9a23:qZegWR3zII0NPR9wsmDT+DRfVm0co7zxezQtwd8ZsesWL/nxwZ3uMQTl6Ol3ixeRBMOHsqsC0reL+PqwEUU7or+5+EgYd5JNUxJXwe43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6arXK99yMdFQviPgRpOOv1BpTSj8Oq3Oyu5pHfeQpFiCegbb9oMRm7rQXcusYIjYZhN6081gbHrnxUdupM2GhmP0iTnxHy5sex+J5s7SFdsO8/+sBDTKv3Yb02QaRXAzo6PW814tbrtQTYQguU+nQcSGQWnQFWDAXD8Rr3Q43+sir+tup6xSmaIcj7Rq06VDi+86tmTgLjhSEaPDA77W7XkNR9gqJFrhy8uxxxzY3aYI+XO/p/YqzScsgXSnBdUsZTTSFNHp+wYokJAuEcPehYtY79p14WoBewBwesA+fvyjtWiX/wxqI1zfguEQLe0Ac9AtwBrHPUrMnpNKscTOu4y7LIzTXEb/NS3Tfy9o7IfQs/rv6QXrJ9atTRxlc1FwPElVWQqIPlPzWP2usRtGib6vNtWOSygGAprAFxpyKgxsYqioTRiIMUxF7F+T92wIYyO920UlN7Yd2iHZBNtC+aL5N7Tt4+T21ypSo3yLMLtYSmcCUKxpkr3RHSZviff4SV/h7vTvudLDVkiH5/Zb6yiBW//VK9xuD/TsW03khFoylZntTJs30A1QDc5tSdRfZ440uuxSqA2gXT5+5ZP080m6/WJpo8zbEtiJUet1nIEDXsl0XslqCWc10p+u2v6+v6fLrrvoScN4poigHmNaQuh9C/Dfw4MgcQW2ib/vyx2aD/80PhXblFjuU4nKbYv5zGO8gXvLC5DBNS0oY58xazFS2p38kCkXkZNlJFYxSHg5L1NFHJJfD0Ffa/g1Kynzd33/3KI6HtDo/QInXBnrrtZ6tx5k5SxQYpwt1S44pYCrQbL/LyXk/xusbYDhg8MwGs2ObnCNJ91ocaWW2RBK+WK73dvkOL5u80PemDepUVuDfmK/gk6P7ui2U1lkMafamsxZcXcmy3Hux6I0WFZnrhmtQBHnwNvgoiTOznk0CNUSRQZ3avRaI8+is3B56hDYfGXoqtmqCO3D+nHp1KYWBLEkuMEXTsd4WFQPcMdDmfIsxgkjwYSbiuVZUh1RS0uw/80bZoMu3U+igAv5L5yNd1//HTlQ019TFsEsud1nuCT3tokW4TRj85wrx/oUJnxleEy6h4jK8QKdsGrfBDVRs6HZLGzPFgF5b5XQeLNoOKQlG6Qv2qGzIsVM53yNgLNQI1Uc6hihHYwwKpAqMJmqaODZpy+aXZlTClPMV5ym3a/Kogk0UrWM5GMyutgasppCbJAIuc2WWek6Knc64R1y2JvFyIynaS9gkMSw53VaHIW3oSbUj+s9nj51jDQLnoArMiZFgSgfWeI7dHP4W6xW5NQ+3ubYzT
X-IPAS-Result: A2EEAAD4lf9c/zGZrQpkGgEBAQEBAgEBAQEHAgEBAQGBUQUBAQEBCwGBDoFsgSwKhAuDSoRSiimCO5hhgXsJAQEBAQEBAQEBBwElCgEBAoN4RgIXgws0CQ4BAwEBAQQBAQEBAwEBAQKBBQyCOiIcTWoBAQEBAQEBIwIfUQEBAQEDIwpMEAIBCBEEAQEBJwMCAgIwFAkIAgQBDQUIgxuBHXyoZ4Exg3WBUoRzgTQBi3OBQT6EIz6CYQSBdh8IgkyCWASOJoRwlhoDBgKCEIZFjHgjlyCNFpY+AgQCBAUCFYFPgX0MCHCDPAmNcIJZco5vgSEBAQ
Received: from BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) by BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Tue, 11 Jun 2019 07:55:37 -0400
Received: from BRN1WNEX02.vcorp.ad.vrsn.com ([fe80::7c0a:1cc:5def:9dde]) by BRN1WNEX02.vcorp.ad.vrsn.com ([fe80::7c0a:1cc:5def:9dde%4]) with mapi id 15.01.1713.004; Tue, 11 Jun 2019 07:55:37 -0400
From: "Hollenbeck, Scott" <shollenbeck@verisign.com>
To: "kboth@drkurt.com" <kboth@drkurt.com>, "sklist@kitterman.com" <sklist@kitterman.com>
CC: "dmarc@ietf.org" <dmarc@ietf.org>
Thread-Topic: [EXTERNAL] Re: [dmarc-ietf] PSDs in draft-ietf-dmarc-psd
Thread-Index: AQHVH9w8J4x0Q67D40m0K6H+JWCbDKaV542AgABqVHA=
Date: Tue, 11 Jun 2019 11:55:37 +0000
Message-ID: <f0c4a032899a47f1991f5174ca43662c@verisign.com>
References: <5130c7f40b444b97ab95864e6fc243ce@verisign.com> <CAJ+U=1oa1jWbc00-+r=btA_4Tn9zx_rkpq7W4oEEngD674y9JA@mail.gmail.com> <bb2dff4230404b0c8845f0a78d943e3a@verisign.com> <2221039.c73XDibtHi@l5580> <CABuGu1rcqHvX0rNS=GGEhWBJdbhwa9=65_rYNAQbMLw-89ViiA@mail.gmail.com>
In-Reply-To: <CABuGu1rcqHvX0rNS=GGEhWBJdbhwa9=65_rYNAQbMLw-89ViiA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.170.148.18]
Content-Type: multipart/alternative; boundary="_000_f0c4a032899a47f1991f5174ca43662cverisigncom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/2qGlXO_7gtNBeg1rfT8sCiU64e8>
Subject: Re: [dmarc-ietf] PSDs in draft-ietf-dmarc-psd
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Jun 2019 11:55:43 -0000




From: dmarc <dmarc-bounces@ietf.org> On Behalf Of Kurt Andersen (b)
Sent: Monday, June 10, 2019 9:08 PM
To: Scott Kitterman <sklist@kitterman.com>
Cc: dmarc@ietf.org
Subject: [EXTERNAL] Re: [dmarc-ietf] PSDs in draft-ietf-dmarc-psd



On Tue, Jun 11, 2019 at 6:31 AM Scott Kitterman <sklist@kitterman.com<mailto:sklist@kitterman.com>> wrote:

   On Friday, June 7, 2019 7:02:59 AM EDT Hollenbeck, Scott wrote:
   >
   > It would be helpful to the reader if the draft were either clear about
   > potential limitations to deployment or more descriptive about the domains
   > for which the approach can work. Right now, PSD DMARC cannot be deployed
   > ubiquitously. That reality should not be overlooked.

   I see your point, but I think it's probably out of scope.  This is an IETF
   document and such restrictions are outside the IETF's control.  Also, keep in
   mind that once an RFC is published, it is immutable.  If that guidance
   changes, then there would be no way to correct the document without spinning
   up a whole new RFC process.

   Is there a public, stable reference that describes the restrictions?  If so,
   it might make sense to reference it.  If we can, I think that would be much
   better than 'hard coding' the current external policy in an RFC.



   Including this information in the draft would be counter-productive. A large part of this effort is to document the desired handling so that the RFC can be used as documentation to support a change in ICANN policy.



   [SAH]: The draft is targeted for Experimental status. It would be irresponsible to not document conditions under which the experiment can or cannot be conducted. Section 3.2 of RFC 7489 does a good job of describing organizational domain variability; might there be some way of defining a PSD that’s based on the definition of an RFC 7489 organizational domain? That would address my concern, and it seems like it should be possible given that the definition of a “Longest PSD” in Section 2.3 is based on the organizational domain description from RFC 7489.



   On a slightly different note, Section 2.2 also says this:



   “PSD DMARC includes all public domains above the organizational level in the tree, e.g., ".gov.uk".”



   Registration in .gov.uk is restricted (https://www.gov.uk/government/publications/naming-and-registering-government-websites). What exactly is meant by “public domains”?



   Scott

v2.23.0 | Report a Bug | By Email