IETF Logo Mail Archive

Re: [dmarc-ietf] Been Quiet Around Here - Org Domain? Tree Walk?

Alessandro Vesely <vesely@tana.it> Mon, 04 April 2022 17:39 UTC

Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 58C4E3A0E5A for <dmarc@ietfa.amsl.com>; Mon, 4 Apr 2022 10:39:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.109
X-Spam-Level:
X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=tana.it header.b=lCfYp0Hx; dkim=pass (1152-bit key) header.d=tana.it header.b=B2dtx8XR
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0BocqgvQDS_7 for <dmarc@ietfa.amsl.com>; Mon, 4 Apr 2022 10:39:42 -0700 (PDT)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1851C3A0E47 for <dmarc@ietf.org>; Mon, 4 Apr 2022 10:39:40 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=tana.it; s=epsilon; t=1649093975; bh=n2/nFp0ZXq00qyOUAf5aV/F94u+dy3KQ3ZOjijlPhMI=; h=Date:Subject:To:References:From:In-Reply-To; b=lCfYp0HxUb9UYvAFImWxVIxlvVCBsnrhJ0hfbR2JUeP8ikeYSiw0CkKFaAOmxpFZ2 yAa5GSVTwv1IJc4XZFLCw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1649093975; bh=n2/nFp0ZXq00qyOUAf5aV/F94u+dy3KQ3ZOjijlPhMI=; h=Date:To:References:From:In-Reply-To; b=B2dtx8XRI7hqJ8KvA5jYSeY+L2DyeI9rnsstAQYbphfloOEsNfOH75j+RBAnWwdHz cQopb/3JGlHukgpgm6smKsTxIOCcoXXLQsWguHhIxIJyfsMTlcUIljDZj9pguIkNCh fczqqF41jh5LTA93UWZiI/LbstXitn+mqPEv2C0AKWq+dNK22iJOQps5xhUnm
Author: Alessandro Vesely <vesely@tana.it>
Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3, 128bits, ECDHE_RSA_AES_128_GCM_SHA256) by wmail.tana.it with ESMTPSA id 00000000005DC0E9.00000000624B2D57.00005E3D; Mon, 04 Apr 2022 19:39:35 +0200
Message-ID: <e63165a8-3b1c-ec0d-e81f-17c138c90133@tana.it>
Date: Mon, 4 Apr 2022 19:39:35 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0
Content-Language: en-US
To: dmarc@ietf.org
References: <20220317195040.E6EFD3954931@ary.qy> <14DD6AAE-AE27-4A43-A082-216E81CC0D9E@kitterman.com> <bed4a39d-26b3-2b86-2d8a-daabadbf49dd@tana.it> <4570053.8rGbQFW28E@zini-1880>
Authentication-Results: tana.it; auth=pass (details omitted)
From: Alessandro Vesely <vesely@tana.it>
In-Reply-To: <4570053.8rGbQFW28E@zini-1880>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/5uZwls4hQmREA_bG3VX8qcUHXBw>
Subject: Re: [dmarc-ietf] Been Quiet Around Here - Org Domain? Tree Walk?
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Apr 2022 17:39:49 -0000

On Mon 04/Apr/2022 15:14:07 +0200 Scott Kitterman wrote:
> On Sunday, April 3, 2022 12:15:23 PM EDT Alessandro Vesely wrote:
>> On Mon 21/Mar/2022 23:02:03 +0100 Scott Kitterman wrote:
>>> On March 21, 2022 5:42:42 PM UTC, Alessandro Vesely <vesely@tana.it> wrote:
>>>> According to the definition, two identical domains having psd=y 
>>>> are in strict alignment but not in relaxed alignment, which is 
>>>> somewhat counterintuitive.
>>>
>>> Actually, no:
>>>
>>> "If this process does not determine the Organizational Domain, then
>>>     the initial target domain is the Organizational Domain."
>>>
>>> This text in DMARCbis06 addresses that case.
>>
>> While that's true, it could be possible to revise the comparison 
>> process so as to account for identical domains.  In that case, we 
>> could avoid to call Organizational Domain one with no DMARC record.
>
> I thought I had covered this already in Section 4.8.  I'll add it to the list 
> in the note.


Yeah, the text you wrote Sunday night looks better.  I'd say:

    If this process does not determine the Organizational Domain, then
    there is no Organizational Domain.

That requires rewording the definitions of relaxed alignment.  For example:

OLD
    In relaxed mode, the Organizational Domains of both the DKIM-
    authenticated signing domain (taken from the value of the d= tag in
    the signature) and that of the RFC5322.From domain must be equal if
    the identifiers are to be considered to be aligned.  In strict mode,
    only an exact match between both Fully Qualified Domain Names (FQDNs)
    is considered to produce Identifier Alignment.

NEW
    In strict mode, an exact match between both Fully Qualified Domain Names
    (FQDNs) is required to produce Identifier Alignment.  In relaxed mode, an
    exact match of either both identifiers or of their respective Organizational
    Domains, if both exist, is considered to produce Identifier Alignment.



Best
Ale
--

v2.8.7 | Report a Bug | By Email