Re: [dmarc-ietf] Thoughts on choosing N
Douglas Foster <dougfoster.emailstandards@gmail.com> Tue, 16 April 2024 00:08 UTC
Return-Path: <dougfoster.emailstandards@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A0AB0C151061 for <dmarc@ietfa.amsl.com>; Mon, 15 Apr 2024 17:08:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QHzSPYHXcjhI for <dmarc@ietfa.amsl.com>; Mon, 15 Apr 2024 17:08:08 -0700 (PDT)
Received: from mail-lj1-x233.google.com (mail-lj1-x233.google.com [IPv6:2a00:1450:4864:20::233]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7C47EC14F6A8 for <dmarc@ietf.org>; Mon, 15 Apr 2024 17:08:08 -0700 (PDT)
Received: by mail-lj1-x233.google.com with SMTP id 38308e7fff4ca-2d8b194341eso33992131fa.3 for <dmarc@ietf.org>; Mon, 15 Apr 2024 17:08:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1713226087; x=1713830887; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=j3V9fzmWTnYL5BRqDnAbNaQhx8a9HTPeb3WT+OoAZ54=; b=KlrKiHdnDhoIwieP6vv2paQgNbnEkLVBkpOv6xZ2ayelwmw1ABPwspQ6miwmPSBNMg GGMed1//a4XLpH1vwqwDPRfscPTYwarchsarB6ODfhXKfQDM3RBSPGLtivMjrzEtlzZG BQ1f/eesIKegP7HVgA5G3PLrUBjpm/i4cqZLL43WhbReKM0W+Wmsyr6XGnoh9jK6Jhfg iigW+we+x4nDF+uwTTsfW8tN/V7N7gm8T/R409n9VQrDK9AB4rUtLLGnywLVhpDjEgzq j4gonv1WXJF89dQWbJOhc2ZLj5fxTe9GwPMroq9Ko7Jbqk0UlvBUHfe75d6v7JZ49Zzg 2Iqg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713226087; x=1713830887; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=j3V9fzmWTnYL5BRqDnAbNaQhx8a9HTPeb3WT+OoAZ54=; b=bBgvbVjoAJVBEbW27NAjtdjNsNKsoVZThNGaaPJuWTTKjo/SjdljwEiRjwZxG2ZQ9w YtFTPec8K+t84Y5nRM73byuezTz8r2FtuISHNWgnkHDEBkpT5cSlIS95Mb6nTUpzvmwv 8q4rqBHIwWzx6NkJV/6XTS2XH2Bzb01zNL9gPirX+pAT4qsuAEVNQsYSEI1cP0sVoLtu iU7JMpB5qgwSifoPvdhPcom7p+qtR4L29sQ1AY3FaKs1N+oSTuphDq68IcTjrDxTUh4L 41T8Gbvxb1ipUOGPO6ZzPq82UC5c60SYkJ4ZrgyG1GJgCQis0aEsElZA/UZe5oOhpEnI VlTg==
X-Gm-Message-State: AOJu0YymGJ+LBSxDC9wMDRjs3mvVyNUAyQVtHbm3RAu3BE+vdXo8tiv0 YOq0dhcJcVdno4h7JVY3t+l2BxpelV5lPUbyxKOoNUfuB1xKS+RRQ/ZUgdoHh/mhkKicLXk8331 f6ODbLwWZb2HKM0WRqQV6fQMFQeXigQ==
X-Google-Smtp-Source: AGHT+IGdJy6+p84c4nibmYBoX84ogAxA0ZjFwa4x8GtSzZDNMlufK+lzK6NEXd0kEADqz0BhAVkJ6B1lqorfGfPpmEc=
X-Received: by 2002:a2e:a696:0:b0:2d8:c151:80ec with SMTP id q22-20020a2ea696000000b002d8c15180ecmr5798640lje.52.1713226086350; Mon, 15 Apr 2024 17:08:06 -0700 (PDT)
MIME-Version: 1.0
References: <CAOZAAfPwJHKGyLjTkdGDqkMeK4RQX4Fj0rw-Upn0cLZ+cE74aA@mail.gmail.com> <2764165.rv8vZNihtd@zini-1880> <53f29df5-031a-8711-aed6-25c310f539a2@iecc.com> <8C54A48A-5665-41A1-B64F-93A39CF0B12C@kitterman.com> <CAL0qLwZ2TuV_EW6D9HZYwErmwL_n7q4ZKTEpHBZbyxnkKJ8m6w@mail.gmail.com> <CAH48ZfzckPscoSPUVEqy1WS71iAnKyj7gQVDOW4Hi=FXo0PzYg@mail.gmail.com> <a2bd52d6-7bb3-4526-a0d8-075f4ab44f33@tana.it> <92E339E5-0A4C-4929-A751-375B892C2C53@kitterman.com> <CAHej_8m8H2RRH2uMjtqgw7yf093a10do22swt0j0C-yCTNPL6A@mail.gmail.com>
In-Reply-To: <CAHej_8m8H2RRH2uMjtqgw7yf093a10do22swt0j0C-yCTNPL6A@mail.gmail.com>
From: Douglas Foster <dougfoster.emailstandards@gmail.com>
Date: Mon, 15 Apr 2024 20:07:54 -0400
Message-ID: <CAH48Zfx-w5LWO5VuK2posywHRF8O1wijTk35H-01e3JaL=V5=A@mail.gmail.com>
To: Todd Herr <todd.herr=40valimail.com@dmarc.ietf.org>
Cc: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000004c08b806162b88aa"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/4iwVKa5rhqAciYruef1dOxeXpPU>
Subject: Re: [dmarc-ietf] Thoughts on choosing N
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Apr 2024 00:08:12 -0000
Todd, can you clarify this? N is not concerned with maximum labels on a subdomain. We are interested in the maximum length of an org domain used for relaxed alignment. If this client wants to use level 7 as an org domain and apply relaxed alignment for 8-label domains, then N needs to be 7. If the client's lowest-desired org domain is at or above 4-labels, then N=4 is sufficient. Similarly, if the7-label domain only needs strict authentication, then N=7 is not needed. Has this or another client genuinely chafed at the insufficient granularity of the old PSL? On Mon, Apr 15, 2024, 10:02 AM Todd Herr <todd.herr= 40valimail.com@dmarc.ietf.org> wrote: > On Mon, Apr 15, 2024 at 7:58 AM Scott Kitterman <sklist@kitterman.com> > wrote: > >> >> >> On April 15, 2024 11:43:08 AM UTC, Alessandro Vesely <vesely@tana.it> >> wrote: >> >On Mon 15/Apr/2024 13:16:50 +0200 Douglas Foster wrote: >> >> Our original choice of N was based on the PSL. The PSL could not >> detect organizational boundaries could not boundaries below level 5, >> because it had no entries longer than 5 labels, and we determined that the >> 5-label entries were not used for mail. Therefore, any increase in N is >> new capability. That new capability is probably desirable, but need not >> be limitless. Using an N of 8 introduces a lot of new capability. >> > >> > >> >8 is not needed and not justified. A mail site using 8 labels would >> have troubles with the RFC 7489 version, which uses the PSL. They'd have >> to ask for PSL upgrades, right? >> > >> >Now, we can relax our ambition to be PSL-free and state N=max number of >> labels of public suffixes used by mail. Or we could put N in an IANA >> registry that can be updated by expert review. Such methods allow to have >> N low enough, yet upgradable and equal for all (compliant) implementations. >> > >> >Otherwise we can drop the requirement that N be equal for all >> implementations, and just make it configurable. After all, it is an >> anti-abuse measure, akin to SPF lookup limit. We can also keep it fixed at >> 5 and be sure that implementations will differ anyway. >> > >> Whatever we decide, I think it needs to be specified. If N is whatever, >> you will end up with difficult to troubleshoot interoperability issues when >> various sites pick different values. >> >> I don't think we need to worry about revising it later. In general, DNS >> is getting wider (new TLDs), not deeper. >> >> > An inspection of data collected by my employer reveals the longest > observed RFC5322.From address to include seven labels in the domain part. I > am not at liberty to reveal the specific domains due to customer privacy, > but they're there. > > For a domain with seven labels, a.b.c.d.e.f.g, the Tree Walk as currently > described would miss any DMARC policy records published at b.c.d.e.f.g and > c.d.e.f.g. > > I would propose the following first draft of expository text regarding > setting N at 8: > > The point of the Tree Walk is to allow for the publishing and discovery of > DMARC policy records at any level in the DNS hierarchy that strikes a > balance between what the domain registrant deems reasonable and what > operational needs deem reasonable. The setting of N is done with an eye to > putting a thumb on the scale on the side of operational needs, to guard > against the truly silly or abusive cases with domain names with label > counts in the dozens or even triple digits. Based on an observation at the > time of publishing that RFC5322.From domains with seven labels were in > active but uncommon use, eight was chosen as the value of N in order to not > only accommodate for current usage but also to allow for a bit of future > expansion of the depth of the name space used for RFC5322.From domains. > > > > -- > > Todd Herr | Technical Director, Standards & Ecosystem > Email: todd.herr@valimail.com > Phone: 703-220-4153 > > > This email and all data transmitted with it contains confidential and/or > proprietary information intended solely for the use of individual(s) > authorized to receive it. If you are not an intended and authorized > recipient you are hereby notified of any use, disclosure, copying or > distribution of the information included in this transmission is prohibited > and may be unlawful. Please immediately notify the sender by replying to > this email and then delete it from your system. > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc >
- Re: [dmarc-ietf] Thoughts on choosing N John Levine
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Alessandro Vesely
- [dmarc-ietf] WGLC editorial review of draft-ietf-… Seth Blank
- Re: [dmarc-ietf] WGLC editorial review of draft-i… John Levine
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Seth Blank
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Douglas Foster
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Alessandro Vesely
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Mark Alley
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Alessandro Vesely
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… John Levine
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Seth Blank
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Murray S. Kucherawy
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Murray S. Kucherawy
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Murray S. Kucherawy
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Richard Clayton
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Seth Blank
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Tero Kivinen
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Alessandro Vesely
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Brotman, Alex
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Dotzero
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Tim Wicinski
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Todd Herr
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Tim Wicinski
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Jim Fenton
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Alessandro Vesely
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Brotman, Alex
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Todd Herr
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Murray S. Kucherawy
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… John Levine
- Re: [dmarc-ietf] ARC, was WGLC editorial review o… Alessandro Vesely
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Tim Wicinski
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Laura Atkins
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Dotzero
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Scott Kitterman
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Scott Kitterman
- Re: [dmarc-ietf] the long march, WGLC editorial r… John R. Levine
- Re: [dmarc-ietf] the long march, WGLC editorial r… Scott Kitterman
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Neil Anuskiewicz
- Re: [dmarc-ietf] the long march, WGLC editorial r… Murray S. Kucherawy
- Re: [dmarc-ietf] Thoughts on choosing N Douglas Foster
- Re: [dmarc-ietf] Thoughts on choosing N Alessandro Vesely
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N Todd Herr
- Re: [dmarc-ietf] Thoughts on choosing N Murray S. Kucherawy
- Re: [dmarc-ietf] Thoughts on choosing N Douglas Foster
- Re: [dmarc-ietf] Thoughts on choosing N John Levine
- Re: [dmarc-ietf] Thoughts on choosing N Douglas Foster
- Re: [dmarc-ietf] Thoughts on choosing N John Levine
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N (choose 6) Douglas Foster
- Re: [dmarc-ietf] Thoughts on choosing N Todd Herr
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N John Levine
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N Todd Herr
- Re: [dmarc-ietf] Thoughts on choosing N Alessandro Vesely
- Re: [dmarc-ietf] Thoughts on choosing N John Levine
- Re: [dmarc-ietf] Thoughts on choosing N Neil Anuskiewicz
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N Douglas Foster
- Re: [dmarc-ietf] Thoughts on choosing N Alessandro Vesely