Re: [dmarc-ietf] Ticket #42 - Expand DMARC reporting URI functionality

Dotzero <dotzero@gmail.com> Mon, 07 December 2020 11:17 UTC

Return-Path: <dotzero@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B4F7F3A131D for <dmarc@ietfa.amsl.com>; Mon, 7 Dec 2020 03:17:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FPxLCM_Vyd9U for <dmarc@ietfa.amsl.com>; Mon, 7 Dec 2020 03:17:34 -0800 (PST)
Received: from mail-qt1-x82f.google.com (mail-qt1-x82f.google.com [IPv6:2607:f8b0:4864:20::82f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 711BB3A131B for <dmarc@ietf.org>; Mon, 7 Dec 2020 03:17:34 -0800 (PST)
Received: by mail-qt1-x82f.google.com with SMTP id u21so9041947qtw.11 for <dmarc@ietf.org>; Mon, 07 Dec 2020 03:17:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=YFGVOr5y67oS4gDrtDFk14AS68ltQR0Z2GNPQ9sHvno=; b=LGptN4A3wOcE+iWacJxxO0MQt6IBliBE1kOfOFn52u11VYywmbYWGVVIHlJV6gx02W eF2dyiLzWEzzajEwQSeaQlh92MI6FXvGOL/zDM6zlBLTmGTjuhHeU+C6R/zaRhOxfxLT E2/gIZXvvHsEYZ0COe/aEp908u3hYWvWSl/xXuvJ6uCgmXiNShV6QrcpGl8MejZngZSI 0Jkse8bFYB8RCaTI56uANSv+Gcqi8hnQQ+E6wOJy2/2qRCHi34i2mD08WMu7TZa4S03L SWIwfiX62HpzBjadrWK+wNSxU8SQA0r7lCFHtsFURKumKpzbebFP56aItAiWEgQ+qrlt NgYw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=YFGVOr5y67oS4gDrtDFk14AS68ltQR0Z2GNPQ9sHvno=; b=jwlfKci8NbQ+AjwGiZveSsiLieXWjvBJeFhdJApfx11I9qq8Pf236rvILebJVsgAHM mH+VTs76Mm9auHTuQkSta0YeFol1htzeqiiKxU61Qc3yrBilXFtJwen4hqMmhsxWaEP+ qZ3d6bl5nQv8JPgrOE4LQD4a8+oQRwkIXvR1zJHdpSp+AUG47OiiCnUBRJ9HWI80gbZ+ mBPTG9vjSsL9sL93pXJIHitBZU8yjNPeRyCLfNOAhNX7pJQEHhdCNu/xWrbr8NeVJFWh XqZtBuk8H0d/t9SvF5GY4EBq9Fxa5CqotUpqshWxDsvAKcoTt0Y5X6lvrSIa2zRsUqkh AQWQ==
X-Gm-Message-State: AOAM532Bv6fGnFqu4t5JbugEHior7VV92ki21sFmIAU0CV+TRFXUxxAN CihPqrU+pVxuM4L7e4STVxrlJaOIaQ7ypGo4CZs=
X-Google-Smtp-Source: ABdhPJzfW5g0A3F4mF+kNVRxTmN/ca8Vd4Hfl4xJlF6YSmjm8nojhL6p9TuT0ovcWS5/Ki2pftlRFgj+ww3TqbQNCfU=
X-Received: by 2002:ac8:5c05:: with SMTP id i5mr23330218qti.34.1607339850625; Mon, 07 Dec 2020 03:17:30 -0800 (PST)
MIME-Version: 1.0
References: <eb3d06f-c89f-2511-3528-d421473e4d42@taugh.com> <CAL0qLwa3-qdYfDXo2awWzgFQuihq-OOSenbUz8Rx89LKYOPu4g@mail.gmail.com>
In-Reply-To: <CAL0qLwa3-qdYfDXo2awWzgFQuihq-OOSenbUz8Rx89LKYOPu4g@mail.gmail.com>
From: Dotzero <dotzero@gmail.com>
Date: Mon, 7 Dec 2020 06:17:19 -0500
Message-ID: <CAJ4XoYeQRr5yx=CEA45mpRmJVpKGfvzHS1Ana8wDfP33PNaE+g@mail.gmail.com>
To: "Murray S. Kucherawy" <superuser@gmail.com>
Cc: John R Levine <johnl@taugh.com>, IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000d476d305b5ddf850"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/6dSJn-XHas8ZDxE0WkS8oU2LYkk>
Subject: Re: [dmarc-ietf] Ticket #42 - Expand DMARC reporting URI functionality
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Dec 2020 11:17:36 -0000

On Mon, Dec 7, 2020 at 2:18 AM Murray S. Kucherawy <superuser@gmail.com>
wrote:

> On Tue, Dec 1, 2020 at 2:22 PM John R Levine <johnl@taugh.com> wrote:
>
>> We would like to close this ticket by Dec 15, two weeks from now, so
>> short
>> trenchant comments are welcome.
>>
>> Ticket #1 is about https reporting.  Early drafts of the DMARC spec had a
>> poorly defined http report which we took out.  I propose we add back
>> https
>> reporting similar to that for mta-sts, with a POST of the gzipped report
>> to the HTTPS URI.
>>
>
> Was this requested by someone?
>

I don't recall a strong security and privacy concerns discussion around
HTTP(S) reporting. Presumably the report contents are protected in transit
but to what extent is access by arbitrary parties an issue. Notwithstanding
that things like GDPR are political issues, they are worth noting as a real
life operational consideration.

Michael Hammer