IETF Logo Mail Archive

Re: [dmarc-ietf] Which DKIM(s) should be reported? (Ticket #38)

Дилян Палаузов <dilyan.palauzov@aegee.org> Mon, 25 January 2021 05:10 UTC

Return-Path: <dilyan.palauzov@aegee.org>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25E613A0E39; Sun, 24 Jan 2021 21:10:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.204
X-Spam-Level:
X-Spam-Status: No, score=0.204 tagged_above=-999 required=5 tests=[DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, MAY_BE_FORGED=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (4096-bit key) reason="fail (message has been altered)" header.d=aegee.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nCEsdEZFg5rM; Sun, 24 Jan 2021 21:10:13 -0800 (PST)
Received: from mail.aegee.org (mail.aegee.org [144.76.142.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 786063A0E37; Sun, 24 Jan 2021 21:10:11 -0800 (PST)
Authentication-Results: mail.aegee.org/10P59uV24178984; auth=pass (PLAIN) smtp.auth=didopalauzov@aegee.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=aegee.org; s=k4096; t=1611551397; i=dkim+MSA-tls@aegee.org; bh=PUlbFp6+Ql/qty164mPVeC4eOq97oGtpC91CZZrlazY=; h=Date:In-Reply-To:References:Subject:To:CC:From; b=DzjDH7k5srjTLaqlxroraSMlgUrpn7TFFZWid0H9atbLXhab1F2mjei0ddNAX0qEJ MjRwyWak/F54DGfEwwtFYQ+pQ70TvklVWAzSHK3+N6wbD+i+TVTzwUCrersSkwIXR8 +bSicZbC9wOuOTBMU9dfJEXmAFFuA3H77Y6/DMEQ1nzTRe1DBNhljlEXhLC5k4jZ5E KBP9ycc5fnO4n84b6/I/95tzOTh9w1Jfvfv8rkGHr7EFOh5NgxOsE5OSCxzIi9wviD jdTYA2LvU2cGH1Osp/PR55qp4ZQOUl5z5Q9XPejBl/nhs5R/E0fzD0jJc47VXLRjrJ XaKmUoen0pqr221JIkr2I4pImfXGGVGfpA4MI5GXfYYUL53WEmaHakDDnQzeCoHB1m szYbFpLykePKZSPD/DgZGzYbKnwXsoxv7FU6hf5qkBtAcQ1t3Lgo+F55RPj6JyIoj5 mWcjB+yQx7/H3I09ypHBT/xTAP+eVHEEiMmO8wY1eB4pejhCWo/NadFqjBSx+Oo/O/ ANgIEoniAfFdxW17qXEWh4Jnf6n60BUOdY3He1aQh7NuVddISMDu8SDvyJvxFN2jff CUV56szqqgnsOKNl1YqE9zlG+5nBAc73qKi2orCNNT1ayAEcbplt+pkPKg8Oo76Bar Le5wdI/PETU3d7NfVruPljUY=
Authentication-Results: mail.aegee.org/10P59uV24178984; dkim=none
Received: from [192.168.0.236] (87.118.146.153.topnet.bg [87.118.146.153] (may be forged)) (authenticated bits=0) by mail.aegee.org (8.15.2/8.15.2) with ESMTPSA id 10P59uV24178984 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 25 Jan 2021 05:09:56 GMT
Date: Mon, 25 Jan 2021 07:09:52 +0200
User-Agent: K-9 Mail for Android
In-Reply-To: <MN2PR11MB4351BD7203D41DB25771D3B3F7BD9@MN2PR11MB4351.namprd11.prod.outlook.com>
References: <MN2PR11MB4351BD7203D41DB25771D3B3F7BD9@MN2PR11MB4351.namprd11.prod.outlook.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----OKPAYHLI0QLA2QZF1DQBHYYXP2ZMLX"
Content-Transfer-Encoding: 7bit
To: dmarc@ietf.org, "Brotman, Alex" <Alex_Brotman=40comcast.com@dmarc.ietf.org>
CC: Tomki <tki@tomki.com>
From: Дилян Палаузов <dilyan.palauzov@aegee.org>
Message-ID: <A551B531-BFCA-466A-8E8D-4EA4EF9FC82C@aegee.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/5wikO78tFQio9yoa8ViLntj8BMQ>
Subject: Re: [dmarc-ietf] Which DKIM(s) should be reported? (Ticket #38)
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jan 2021 05:10:15 -0000

Hello,

lets say a site signs an email with both rsa and ed25519 algorithms.  This site wants to know, whether the recipient can validate the ed25519 signatures, so that in the future rsa signing for that receiving site can be skipped (or errors in the ed25519 implementation fixed).

For this to work the receiving site must put in the report information about each aligned dkim signature, saying which public key-name was used.

Greetings
  Дилян

On January 25, 2021 2:25:13 AM GMT+02:00, "Brotman, Alex" <Alex_Brotman=40comcast.com@dmarc.ietf.org> wrote:
>Hello folks,
>
>Some time ago, an issue[1] was brought to the list where which DKIM(s)
>being reported is not clear in RFC7489 [2].  There was a short
>discussion, though no clear resolution before conversation trailed off.
>It seems like there were points that may need to be discussed.  One was
>whether the reporting SHOULD report all signatures, regardless of
>alignment or validity, or perhaps just the one that aligns (if there is
>one).  There was also another question if there should be a limit to
>the number of signatures reported so that it remains sane.
>
>We'd like to try to get this resolved within about two weeks.  Thank
>you for your feedback.
>
>1:
>https://mailarchive.ietf.org/arch/msg/dmarc/9-V596yl2BBaUzCNaDZB1Tg1s4c/
>2: https://tools.ietf.org/html/rfc7489#section-7.2
>
>--
>Alex Brotman
>Sr. Engineer, Anti-Abuse & Messaging Policy
>Comcast
>
>_______________________________________________
>dmarc mailing list
>dmarc@ietf.org
>https://www.ietf.org/mailman/listinfo/dmarc

v2.23.0 | Report a Bug | By Email