Re: [dmarc-ietf] Ticket #42 - Expand DMARC reporting URI functionality

John Levine <johnl@taugh.com> Thu, 21 January 2021 00:48 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A45633A1657 for <dmarc@ietfa.amsl.com>; Wed, 20 Jan 2021 16:48:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.852
X-Spam-Level:
X-Spam-Status: No, score=-1.852 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.248, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=tXbyARrj; dkim=pass (2048-bit key) header.d=taugh.com header.b=LVfg3/71
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id akKPMczoG2vk for <dmarc@ietfa.amsl.com>; Wed, 20 Jan 2021 16:48:17 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 943F93A1655 for <dmarc@ietf.org>; Wed, 20 Jan 2021 16:48:17 -0800 (PST)
Received: (qmail 97835 invoked from network); 21 Jan 2021 00:48:16 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=17e13.6008cf50.k2101; bh=FWyVTE1HxXdzdiHSdRCkY+4nPgyhjS/uDgKzLNjB+MA=; b=tXbyARrjFpI9zPXqYLNzAlOMgZ52pP7qcKn75fVHcPmc5vFp+68N5snL+YvkFpv8xNN7JAmnLnmiuGcVbqDvx/LdUvp0DH76W+SnQoAnhOPqrFhwDBm/eQVWyhnCh3lyMY96DhJJutVJ2d/9lWyo+Dz2bMkE1wzslOhKNXq7fhz2JPOhoUzIuBTQUrKhODJYQj8wcfZi4wfvLz4YEw+8VPWzFnDkJLzEKi7iDjRdtC7xKMxygYwm8r1HnDEHGnJr01N8E8LVuRqBNeOBZjWja1+X2PaDpBtOvI6o6a4lnAvda/FqrgzdP3+U3gr7EJhIFbCuXhw98TG7sPp1ZPs46A==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=17e13.6008cf50.k2101; bh=FWyVTE1HxXdzdiHSdRCkY+4nPgyhjS/uDgKzLNjB+MA=; b=LVfg3/71Ve0g8tPBALMEKakJDkk4MaIv0nMKphFDgTUklZPFCsBCshaWiws0HKTBzHIpxRlgEjl9Te7dqBTMj+akGrxmkjNkpPamtSGjVqA2f/aHw6OtXa1ZMSlCdP2tSAxuXFAHKsqOle2ddevlZHN4XvC/klvrXELRNF5O+yyvzRPpLw3uuTiaC1w4/kiHIottdELPLDQT56k896Ayy2sMuN7WiFcMKeHNe6l5VwUez7/nsImixZr4GDdWer7xXk29pMrAqAoNDULiYbh7+YEggzlB7WnvBgWjJi4IB102TtgeDvmnoCMvc+ZyPGuDRULBovZV+czq/YJpeHlkRw==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 21 Jan 2021 00:48:15 -0000
Received: by ary.qy (Postfix, from userid 501) id 5ED4F6BC714B; Wed, 20 Jan 2021 19:48:16 -0500 (EST)
Date: 20 Jan 2021 19:48:16 -0500
Message-Id: <20210121004816.5ED4F6BC714B@ary.qy>
From: "John Levine" <johnl@taugh.com>
To: dmarc@ietf.org
Cc: smj@crash.com
In-Reply-To: <3c89c5f8-853e-8a8a-d026-3a834d26eccd@crash.com>
Organization: Taughannock Networks
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/4Rj4uIw6iaF7ho4Bhiw9n5Phvic>
Subject: Re: [dmarc-ietf] Ticket #42 - Expand DMARC reporting URI functionality
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jan 2021 00:48:20 -0000

In article <3c89c5f8-853e-8a8a-d026-3a834d26eccd@crash.com> you write:
>On 1/20/21 15:10, Steven M Jones wrote:
>>
>> Duplicate reports to the same destination are not
>> the base case
>
>I may be an idiot, or at least too quick to hit Send. Since nobody
>implements https:// yet, what does the transition look like? Likely two
>URIs to the same report processor, using each method.

Right, that's the question. I suppose we could do some hack like
saying that you process the URIs from left to right, and if you
succesfully do an https report, skip all subsequent mailto's, or
subsequent mailto's in the same domain.

For the specific details of https reporting, here's the two options (both
already implemented):

A) Do an HTTPS POST to the URL with application/gzip contents. This is
similar to MTA-STS but has the disadvantage that you don't get the
filename of the report.

B) Do an HTTPS PUT to the URL appending the filename from sec 7.2.1.1,
also with application/gzip contents.

I mildly prefer B since the filename can be useful, and this makes it
idempotent, since two PUTs of the same filename only store it once.

R's,
John