IETF Logo Mail Archive

Re: [dmarc-ietf] Tickets 98 and 99 -- fake reports are not a problem and if they were authentication would not help

"Murray S. Kucherawy" <superuser@gmail.com> Mon, 25 January 2021 17:38 UTC

Return-Path: <superuser@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 970723A15FA for <dmarc@ietfa.amsl.com>; Mon, 25 Jan 2021 09:38:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.197
X-Spam-Level:
X-Spam-Status: No, score=-0.197 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rwQ-Ehiqp4h5 for <dmarc@ietfa.amsl.com>; Mon, 25 Jan 2021 09:38:58 -0800 (PST)
Received: from mail-ua1-x936.google.com (mail-ua1-x936.google.com [IPv6:2607:f8b0:4864:20::936]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DEBA53A15F7 for <dmarc@ietf.org>; Mon, 25 Jan 2021 09:38:57 -0800 (PST)
Received: by mail-ua1-x936.google.com with SMTP id k22so4715077ual.0 for <dmarc@ietf.org>; Mon, 25 Jan 2021 09:38:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=jqnAG9qQ6SLaRoGrp9YH+uTcxYzw7cZuvXHrAwIKH2o=; b=Hv2Gp6eFgDzuYM6VpRDLPeYZJTkVdKEQn4Kwe5omm2UjtwvIumOpDRcxJjFWIop6D2 kSM5Dff58LxMp+GcGd0DZh7ElGdk0qzQT6claHt9a3IsX1XayrrinQCuLjfOn1+tj21U S1wFGFmvB2oHwPh0Sde68fOYClPGtztYeY6HfE/X3ydDIw1v4P95kX+lZi1tYuLS3qQL xqThWQAvPLS/JvqgvwOQMKRX9XPDDvaYGEqNG7gapbHeuEKFGR3X70dJtlIggxsaL1fk /0IiHYaF6LXe9yrnBS1PJ62IjGjDGDGe1Qxz+hAhZLV5Yf+DKM/Gx0DWHqi+3DOwIxpD kCzg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=jqnAG9qQ6SLaRoGrp9YH+uTcxYzw7cZuvXHrAwIKH2o=; b=tC+36jvck0PZyNu6NWX4JvpIwIa9l+ulA0cmjPRQsrw0WDA0am7+2A8g84Tis6WxtP GkzLpx9mi6+FZIUHYe7db2JYNXVMxcfZuGaHNfVrPOpww0W7CL+01+saM9vdtXM5eYn9 zven8Jb1Zy2DIk3l8ndGfl/rJMVZyro4ch5CO/n2rr1zn8PhT4jA6nEA5PKjmoH3N47N Ez0/vZZf/w9mafc7M4soAp5ilPqkdfEv2ZJvVUKaJdmV/1wQpQYLyY+1T8QwjQpUxLzF TR1AQeHsNvpzGHdBl/BVTUpTB/+F3vMMuarkTO1gi+rWyx5RccbtxWbIaRuzuB8YkTCF Ub8w==
X-Gm-Message-State: AOAM5321r6zbIV4miihJAd4SxnmsnfWlcACHlXyZkZlidnlh+Dfg4J0l MTRGpBfHdGLF7mFSgTgg9B/9i6jxDensdhTCFnQ=
X-Google-Smtp-Source: ABdhPJz2R7Lc0FxC7uCCSYjyJpduXxvVUTYkOvt2ZFkwDAvBMo7Q2JffKKe9vu6yd03g3+FmAM4XyBJiTpAQVrvGHv0=
X-Received: by 2002:a9f:2628:: with SMTP id 37mr1420964uag.87.1611596336803; Mon, 25 Jan 2021 09:38:56 -0800 (PST)
MIME-Version: 1.0
References: <34317129-8225-fb38-4ad3-e1b9ffed21fb@iecc.com> <9c84fa50-d23c-a794-fc62-09788ac383a9@mtcc.com> <CAHej_8mTaFo7aESFk4pHjbqbheriYPoAy6f+HhcE6ASVJSyViA@mail.gmail.com> <df867378-5da0-b912-2a0f-b2081d1f2437@mtcc.com> <CAHej_8kfCC1H89pRjgxXK=+BizJHFdKgnr7Gxh_2wWq8P7L-0Q@mail.gmail.com> <a94cb6c0-0a32-da8d-4bd5-9c7ab2866c82@mtcc.com> <CAH48ZfxkQ9g-gmBOPdDsxr4RDvXOi56EaX=aJVDbuL_g7kR+xQ@mail.gmail.com> <CAOZAAfOB93fpYRjwxgQNkG-ydVHLtvgUp0LLROvv-F-amJVy4w@mail.gmail.com> <b9e8da8e-f46a-49c0-4196-1d50ed94d526@mtcc.com> <CAOZAAfPh4kYq0yXhtP9BaPmtP_rc7L-0f=r3Ff_P3oxrhYqvtw@mail.gmail.com> <fd74120f-bfad-ef51-64d7-2f8ec4f00fab@mtcc.com>
In-Reply-To: <fd74120f-bfad-ef51-64d7-2f8ec4f00fab@mtcc.com>
From: "Murray S. Kucherawy" <superuser@gmail.com>
Date: Mon, 25 Jan 2021 09:38:45 -0800
Message-ID: <CAL0qLwaPmMGR48EUhNkmZTozjoiTMnC6Rfmjdo9vLYD6ZhNoAw@mail.gmail.com>
To: Michael Thomas <mike@mtcc.com>
Cc: Seth Blank <seth@valimail.com>, Douglas Foster <dougfoster.emailstandards@gmail.com>, IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000002d36c505b9bd03d2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/7AzcMm4GnQs1OFigeIGNV9M4gsY>
Subject: Re: [dmarc-ietf] Tickets 98 and 99 -- fake reports are not a problem and if they were authentication would not help
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jan 2021 17:39:00 -0000

On Mon, Jan 25, 2021 at 9:32 AM Michael Thomas <mike@mtcc.com> wrote:

> Why is this controversial? Seriously. What is controversial about saying
> that the a report should authenticate? The onus is on the people who say it
> does not to lay out the case for why it's not a problem, not me. #98 has a
> simple piece of text to remedy this. it's 2021. You don't use
> unauthenticated data if you can possibly help it.
>
I'm not taking a position at this point on the issue, but I think you
should expect that this will come up in external reviews.  If consensus is
to maintain the status quo, we might want to say so explicitly (and why)
rather than saying nothing, as the latter might be interpreted as it having
gotten no consideration at all.

-MSK

v2.23.0 | Report a Bug | By Email