IETF Logo Mail Archive

Re: [dmarc-ietf] Which DKIM(s) should be reported? (Ticket #38)

"Brotman, Alex" <Alex_Brotman@comcast.com> Mon, 25 January 2021 17:59 UTC

Return-Path: <Alex_Brotman@comcast.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 20F273A1643 for <dmarc@ietfa.amsl.com>; Mon, 25 Jan 2021 09:59:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.099
X-Spam-Level:
X-Spam-Status: No, score=-0.099 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p3TLpEfM9vWh for <dmarc@ietfa.amsl.com>; Mon, 25 Jan 2021 09:59:32 -0800 (PST)
Received: from mx0b-00143702.pphosted.com (mx0b-00143702.pphosted.com [148.163.141.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BFF4D3A1645 for <dmarc@ietf.org>; Mon, 25 Jan 2021 09:59:31 -0800 (PST)
Received: from pps.filterd (m0184891.ppops.net [127.0.0.1]) by mx0b-00143702.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 10PHvjKh026834; Mon, 25 Jan 2021 12:59:30 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=20190412; bh=vaJHtDlhkkN0zPfJtGqwDtgIgYVKiFaUUkW9IBv+MdY=; b=mT8WqljNWNTYtd6EIHb3geGexxFEx8zdEk4gj1w+MDVZQYOQDj8Rb46FwjnLtbwoXatl MkA0BEm/M7fJ2dYL0cOdjDAMd1n5nhP4Rw6PbIQVL3DtU4pHyjkS1yD5HvAzYFC0dnTo Le42etk2read1XyfUlkp6lB299ESAmyINdG7473Ys3s2zHVrqbcVSGW5ZxHK2KuX6VP+ hLOSdpRkhgBx90OX0kbogsoccVDzU4yX7dCI8FuxBW0MRQ0njB6zEvriHt+OTigajZDB NeVxYv9iOwYAr0bH8QoawU8b0tlbn7IdiNG0nfxrpPT7Qg/wKUpHgCov9+ureWU9qH+q aw==
Received: from pacdcex56.cable.comcast.com (dlppfpt-wc-1p.slb.comcast.com [96.99.226.136]) by mx0b-00143702.pphosted.com with ESMTP id 368jqabaxc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 25 Jan 2021 12:59:30 -0500
Received: from PACDCEX49.cable.comcast.com (24.40.2.148) by PACDCEX56.cable.comcast.com (24.40.2.155) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 25 Jan 2021 12:59:28 -0500
Received: from PACDCEXEDGE01.cable.comcast.com (76.96.78.71) by PACDCEX49.cable.comcast.com (24.40.2.148) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Mon, 25 Jan 2021 12:59:28 -0500
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (104.47.58.172) by webmail.comcast.com (76.96.78.71) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 25 Jan 2021 12:59:17 -0500
Received: from MN2PR11MB4351.namprd11.prod.outlook.com (2603:10b6:208:193::31) by BL0PR11MB3444.namprd11.prod.outlook.com (2603:10b6:208:6f::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3784.15; Mon, 25 Jan 2021 17:59:17 +0000
Received: from MN2PR11MB4351.namprd11.prod.outlook.com ([fe80::7ca6:b482:a6b0:4d42]) by MN2PR11MB4351.namprd11.prod.outlook.com ([fe80::7ca6:b482:a6b0:4d42%7]) with mapi id 15.20.3784.017; Mon, 25 Jan 2021 17:59:16 +0000
From: "Brotman, Alex" <Alex_Brotman@comcast.com>
To: Douglas Foster <dougfoster.emailstandards@gmail.com>, IETF DMARC WG <dmarc@ietf.org>
Thread-Topic: [dmarc-ietf] Which DKIM(s) should be reported? (Ticket #38)
Thread-Index: AdbysIxA8zFO9cEQSfqEK/Gf/4kCJwAGWaOAAB4tRFA=
Date: Mon, 25 Jan 2021 17:59:16 +0000
Message-ID: <MN2PR11MB43513C20B5A598496FFBA4AAF7BD9@MN2PR11MB4351.namprd11.prod.outlook.com>
References: <MN2PR11MB4351BD7203D41DB25771D3B3F7BD9@MN2PR11MB4351.namprd11.prod.outlook.com> <CAH48Zfwat5MmXrvfEp-G=0pTZe2fwwDOJ6s6M1FSWs6M50yk0w@mail.gmail.com>
In-Reply-To: <CAH48Zfwat5MmXrvfEp-G=0pTZe2fwwDOJ6s6M1FSWs6M50yk0w@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=comcast.com;
x-originating-ip: [2601:43:101:380:a15b:1edf:6851:816e]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 090bb6cf-099d-476e-5086-08d8c15aeec0
x-ms-traffictypediagnostic: BL0PR11MB3444:
x-microsoft-antispam-prvs: <BL0PR11MB344491D3B5DBEE40EAE81986F7BD9@BL0PR11MB3444.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:159;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: v1VVLZ4w9BSRDpXsojdbq4mcHbzwHPuQg3BQ+C825cQRQOhpldZafrrMeSv/kY7QmwsU+nFKoYC63D0FwWi4oWQhzvLoRkr365UHNJ9o+lSel3D8G8lgpU9AKZVaPncH2A3mokdDnelm4rWiMm7soqvVVGEVQVei6/URVrPukdeH79d5/O4wYYZyS5uenFOzJF0NLF1bDzzdocyqvB+vWcwut05oPAHNiIc7W6DZ8OiTfSqZpRWxXcmCOjXfNwiPeMSXNhobdAgPH5dgMcXEzHdiiF5tjpnWf6UAL3kpjk2XEBkSibMlHZ2vKVWZIKRya1RTDe6mInlXN7N8Iq+peaHZOY8JefuflivUB0pRjuI6/s49O9/GdcpL/QX6UJV4J85hQUG8Hma0k+Zbh+3XWL68JXvf0OBgBJXaJqq9PUIo1f35KieySqQmDsaQ6yy8bUYsxNFtSxKtfYAnDMDavQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR11MB4351.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(376002)(366004)(136003)(396003)(39860400002)(86362001)(8936002)(66476007)(186003)(5660300002)(110136005)(66556008)(66446008)(966005)(53546011)(71200400001)(64756008)(83380400001)(478600001)(166002)(55016002)(76116006)(316002)(9686003)(6506007)(52536014)(66946007)(8676002)(7696005)(33656002)(2906002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: 6efwXVfNUNeJFNEP4w7nd5n4/KAJxXE03mJ2m7+OmxKBKnMZlltdauN/pdRJ/B4joR85ACfuPND3KrhiUEEXiY9F9N3ydWMTWLvQv4ZB9WktT+es+SXeMhuwavXc6NL8aCGhRhA0jSH33S6i9uJLAtFNvLEzMB1b8fQu4+qIZj+3rWwFuMEEgSxm/NNmKQ8F/CkTBqB4XDLv3zl51WTDanOLXEywQ2M2pDtScqA7NssqIR+6C+0JDMsIjkjPZuPwYThTxfYOSJuw2INDTnEykaNAcjMq2I17TybowU5FCD+rNykq/zxrTeldxptH2LC6wSE+I3d1pa0rnG15gSkRT+bhb2oqqmVwgbANfba4/822CHxjUPU9KsPyIF2S9o22IjJPCe48DAqDofdeHRU7ho5SjbABZs3ppeTZJUJuq4kC06O/WHOjCW3xg/Ki2IMGfdiAok5a84t9WJuIlhftOvDrHFZM5RC4KXthzTbN5r+yiDQPoJHYEQaDohcylLKAYKvsHsId5I6EGcRujDe16c4fZphfWybpUIklP9WSbapFbp/fKcaFzyvxyJ0nPcTUrE1g0qvgXMbSDad+bvnOuTkm3hrSKlK4fuxVynaM9xmsMGZWcF/Bdd5SWPvqaLnPm83sevEgq6uJfQ/wx3M780HkTVuKxqPSFkOAc9yixJode/bx1VBlmQtqDe8KH6mZYZnBguYP+gF6Q8Oe1hM6Y1McHIZWJXuxv5S+cBoOb/MDQ4qBuPKG3dZLWH846+CP0djsqTon30x9v7SJ3b2EcbLWzm9T8InrxFlkDv/dOx0=
x-ms-exchange-transport-forked: True
arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bmisAF+Gq/P6kd7IOTkqZdbblu8xc9JaaAI69TCsOzcjAIk2vC/tEmUizYMuKkY9QKBvL8VC8a3QWmYYn/MR4cqa+l+T/gyb44mJHKrrjLjqU2fEvFx9TDNxMfFFDL9QJ2pRW9kVhjpuxCyCj4eFa2VMWZO/q3ia2h8kblPUwTGjowt31T4NCHKwJ6SBabtadVM84NZUbpnyDDIHWF+yfRHraa61/Iv5lj+OUF2kule+RHVAvVlSkH4Oo/+fWj3UjdeoWBc4+Rl9w2URdxxF9UdnJ7e7Je10L14rh0TCETHPX93IuhadBAOPk0XFuvKTayC8hhZ3vviiho+o7XC4vQ==
arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kfscsfj2fyK8/2OP/qySMgC0wCAoDSw79b7UAhqAxWU=; b=CnAfLzvTkExwQphS0NfKgb/p/T93x7kGGciFs9kjX37pxA4ebrNnmVPNcMnMUVobDryEs8EglG1TjvPbKOoR6jkoPuirsgw1IYIiXvzpSZ2c6cIa/TspUuKhuuyp6PFeyfW4TO6p2Qlj3jwfvCcJbbaA9GwaAs4P1R+nTGncpKBFk6ExM72xxXkbr+EIeEFZXwAksLIDx6za+QFbc11yvEN7y2BuvNtIJH/02Dhsy+jXssv3NkAI42Psey7FoDBm3IWn4WbLTpK3Y6nPeKTxjhXcJi9yqX0d+yBSAQOYD3RCJEQAc3g15CpYCtGOvxFj/x8kB/OCp9ZD/D6cjy2glQ==
arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=comcast.com; dmarc=pass action=none header.from=comcast.com; dkim=pass header.d=comcast.com; arc=none
x-ms-exchange-crosstenant-authas: Internal
x-ms-exchange-crosstenant-authsource: MN2PR11MB4351.namprd11.prod.outlook.com
x-ms-exchange-crosstenant-network-message-id: 090bb6cf-099d-476e-5086-08d8c15aeec0
x-ms-exchange-crosstenant-originalarrivaltime: 25 Jan 2021 17:59:16.8804 (UTC)
x-ms-exchange-crosstenant-fromentityheader: Hosted
x-ms-exchange-crosstenant-id: 906aefe9-76a7-4f65-b82d-5ec20775d5aa
x-ms-exchange-crosstenant-mailboxtype: HOSTED
x-ms-exchange-crosstenant-userprincipalname: 3Kfn7AmJ2klG8f41G5D3VHL7sM9AVedBB4InhLIwjWb0/UYFA/Grs3tHQ/VUrvOSDk6GpzXLuBDtEnYnNp9GB/LgkWsPg0C0IZGL0iiGAPs=
x-ms-exchange-transport-crosstenantheadersstamped: BL0PR11MB3444
x-originatororg: comcast.com
Content-Type: multipart/alternative; boundary="_000_MN2PR11MB43513C20B5A598496FFBA4AAF7BD9MN2PR11MB4351namp_"
MIME-Version: 1.0
X-CFilter-Loop: Forward AAETWH
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.343, 18.0.737 definitions=2021-01-25_07:2021-01-25, 2021-01-25 signatures=0
X-Proofpoint-Spam-Reason: safe
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/6jpMee-_gz0yKrsVd_2ATqtrAfU>
Subject: Re: [dmarc-ietf] Which DKIM(s) should be reported? (Ticket #38)
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jan 2021 17:59:34 -0000

Doug,

And I don’t think what you’re doing is necessarily bad from an operational standpoint.  I think the question centers around whether that aligning signature is sufficient, or should you report all the signatures the receiver attempted to verify?  I’m not suggesting that we add anything that would report “Signature validation not attempted”, that sounds horrible.  Will the original source potentially care that the message was signed in three other places as the message bounced around?  Should we put the onus on the reporting entity to do the filter out the non-aligned (what if none aligned) signatures, or just realize it’s some automated job and including all logged/validated signatures is the better way?

--
Alex Brotman
Sr. Engineer, Anti-Abuse & Messaging Policy
Comcast

From: dmarc <dmarc-bounces@ietf.org> On Behalf Of Douglas Foster
Sent: Sunday, January 24, 2021 10:27 PM
To: IETF DMARC WG <dmarc@ietf.org>
Subject: Re: [dmarc-ietf] Which DKIM(s) should be reported? (Ticket #38)

Currently, my filter only evaluates signatures that are relevant to From alignment, and stops after the first success.   For that decision process, all that I need returned (and stored) is a Pass/Fail result; I don't need the details of the algorithm evaluated.  Any additional information collection is for the benefit of someone else, not the needs of my own organization.

The burden of data collection is proportionate  to the amount of data collected.  DMARC reporting is a courtesy service from the data collector to the domain owner.  Each effort to increase the precision of the data may reduce the number of domains willing to provide that information.

I suggest that we need report consumers in this group to discuss how they use the current data and the proposed additions to that data, so that a cost/benefit assessment can be made.   At least some of that justification should be included in the final document, since one purpose of that document will be to convince non-reporting entities to begin sending reports.

Doug Foster


On Sun, Jan 24, 2021 at 7:25 PM Brotman, Alex <Alex_Brotman=40comcast.com@dmarc.ietf.org<mailto:40comcast.com@dmarc.ietf.org>> wrote:
Hello folks,

Some time ago, an issue[1] was brought to the list where which DKIM(s) being reported is not clear in RFC7489 [2].  There was a short discussion, though no clear resolution before conversation trailed off.  It seems like there were points that may need to be discussed.  One was whether the reporting SHOULD report all signatures, regardless of alignment or validity, or perhaps just the one that aligns (if there is one).  There was also another question if there should be a limit to the number of signatures reported so that it remains sane.

We'd like to try to get this resolved within about two weeks.  Thank you for your feedback.

1: https://mailarchive.ietf.org/arch/msg/dmarc/9-V596yl2BBaUzCNaDZB1Tg1s4c/<https://urldefense.com/v3/__https:/mailarchive.ietf.org/arch/msg/dmarc/9-V596yl2BBaUzCNaDZB1Tg1s4c/__;!!CQl3mcHX2A!Qpo-kfJv_5UxDUzgIBRorIdxz7CetdRpFZdJGsbp1-jajBKoHP4UU7Czr0lzsRRs61zozlYiYw$>
2: https://tools.ietf.org/html/rfc7489#section-7.2<https://urldefense.com/v3/__https:/tools.ietf.org/html/rfc7489*section-7.2__;Iw!!CQl3mcHX2A!Qpo-kfJv_5UxDUzgIBRorIdxz7CetdRpFZdJGsbp1-jajBKoHP4UU7Czr0lzsRRs61yIx7-bJw$>

--
Alex Brotman
Sr. Engineer, Anti-Abuse & Messaging Policy
Comcast

_______________________________________________
dmarc mailing list
dmarc@ietf.org<mailto:dmarc@ietf.org>
https://www.ietf.org/mailman/listinfo/dmarc<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/dmarc__;!!CQl3mcHX2A!Qpo-kfJv_5UxDUzgIBRorIdxz7CetdRpFZdJGsbp1-jajBKoHP4UU7Czr0lzsRRs61wMnt5UTQ$>

v2.23.0 | Report a Bug | By Email