IETF Logo Mail Archive

Re: [dmarc-ietf] Clarifying the value of arc.closest-fail

Bron Gondwana <brong@fastmailteam.com> Wed, 03 January 2018 23:09 UTC

Return-Path: <brong@fastmailteam.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1031F1241F8 for <dmarc@ietfa.amsl.com>; Wed, 3 Jan 2018 15:09:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.719
X-Spam-Level:
X-Spam-Status: No, score=-2.719 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmailteam.com header.b=LZMCn3DK; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=XA7S/Als
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I8ed1Lqg5mox for <dmarc@ietfa.amsl.com>; Wed, 3 Jan 2018 15:09:35 -0800 (PST)
Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 20C49120046 for <dmarc@ietf.org>; Wed, 3 Jan 2018 15:09:35 -0800 (PST)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 909D620BCF; Wed, 3 Jan 2018 18:09:34 -0500 (EST)
Received: from web5 ([10.202.2.215]) by compute6.internal (MEProxy); Wed, 03 Jan 2018 18:09:34 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= fastmailteam.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=tAwCoC 0qoLeT+FqR4xEfJBs2uzDFahVCvZh2lwgwi9Y=; b=LZMCn3DKWWgVCFJKkU2D4/ 3SCV7yp3HvcqKPX1JxKFVtKYxvTWADS+j7NP1wxGGqGYRRVItVwbTv0yDo/vuSd8 kA4aq9vmXBaOuATTRCUMDHgFF2oHzhZpgVpyu2pPSSJk4eM3UY3bRDRjGAGQrtUn fJJzLP3AwVVvmUp1o79VVRRsRUzhAQ9nODN6P8P5ZLYcSJ1uOYS94LJ2zgYi/DrJ zBamZ/Yq6h+2o3ryuMD7NlLWhoBWWSEsEiVNrxadwYqld6jdagMD798gCV2crO2C 27NgBUdiV+6SQ9ItqylR6Ae2X4ZSDIGoNETIvYmNWOOrsZI3EsfQfPM8+n9P9n8g ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=tAwCoC 0qoLeT+FqR4xEfJBs2uzDFahVCvZh2lwgwi9Y=; b=XA7S/AlsfzoZWRStC37ieX qgsfETQeeb7DxeTp0zV+BUb6j4K47pWyozi+zIcA/K+H/9zop4Soqr8anfO8EYjw UEaQEDlcvymn0BlHX5R1ZRE9ABm+1lRXy9qAKe5YoJG7UByo10umOtndUjz8YUz9 b6a1FKc8NNxiCIWBBDND1mnMkfk4Sl2iGnojRGYm5mwkLOa6Fy8V5i7ppLRa7mFX WEj3J8+X1yTeiMU/O5PBGa55iZEiK/ghakdtR/spurgvaPViDEarBrkpxU6aVldu HnnadCLv1MvW8FL5SVsZ07CyLqJRHCXUMD0WCIWdwDWNZzGhGcDGtK3LPc3ZcZNQ ==
X-ME-Sender: <xms:rmJNWuzCATOga1OvjlkedAsJ1_a5E7o17T8H2Tq5_Re8e49i0M-lTw>
Received: by mailuser.nyi.internal (Postfix, from userid 99) id 6A4A09E259; Wed, 3 Jan 2018 18:09:34 -0500 (EST)
Message-Id: <1515020974.3103467.1223486072.1869C8B9@webmail.messagingengine.com>
From: Bron Gondwana <brong@fastmailteam.com>
To: "Kurt Andersen (b)" <kboth@drkurt.com>, Seth Blank <seth@sethblank.com>
Cc: John Levine <johnl@taugh.com>, dmarc@ietf.org
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: multipart/alternative; boundary="_----------=_151502097431034670"
X-Mailer: MessagingEngine.com Webmail Interface - ajax-cc9a457c
Date: Thu, 04 Jan 2018 10:09:34 +1100
In-Reply-To: <CABuGu1oEWD5Ls3+SKqEgUgXo2iznawFdNB31h91+NbAHpLE59Q@mail.gmail.com>
References: <CABuGu1oEWD5Ls3+SKqEgUgXo2iznawFdNB31h91+NbAHpLE59Q@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/6L6_hlCQndaoonWPgPGq_ulcoPM>
Subject: Re: [dmarc-ietf] Clarifying the value of arc.closest-fail
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jan 2018 23:09:37 -0000

On Thu, 4 Jan 2018, at 09:50, Kurt Andersen (b) wrote:
> While I wait for Bron's confirmation that my understanding matches his
> (see email from yesterday),
I'll go check on that...

> on Wed, Jan 3, 2018 at 8:57 PM, Seth Blank <seth@sethblank.com> wrote:>> 
>> . . .text for . . . arc.closest-fail . . . 
> I'm uncomfortable with the terminology implied by the term "arc.closest-
> fail". I think that it is more "ams.closest-fail" or "arc.ams-broken".
> AMS is expected to not verify except in the most recent ARC set. Doing
> so is not in any way a "failure" and has no bearing on the validity of
> the ARC chain (as documented in the cv parameter). Opinions regarding
> a replacement term?

Happy for the terminology to change.  amc.closest-fail might be better.
An analogy might be that each AMS casts a shadow of legitimacy forwards
a certain length.  While the AMS still holds, you know that the things
it covers are unchanged since the step that signed it.  That's really
valuable to know.
To give a clear english description for what I want, it is "Oldest AMS
which is still valid".  I don't care what it's called, or if it is "oldest-
valid" or "newest-invalid" or whatever, so long as the thing I do care
about can be accurately extracted.
 I'd also like to know the bootstrap pre-ARC case, which thankfully AAR
 contains as dkim=pass, spf=pass, etc.  While dkim=pass is still true,
 we know it wasn't modified by the first ARC signer either.
Bron.

--
  Bron Gondwana, CEO, FastMail Pty Ltd
  brong@fastmailteam.com

v2.23.0 | Report a Bug | By Email