Re: [dmarc-ietf] WGLC editorial review of draft-ietf-dmarc-dmarcbis-30
Scott Kitterman <sklist@kitterman.com> Sat, 06 April 2024 17:38 UTC
Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59E1AC14F60D for <dmarc@ietfa.amsl.com>; Sat, 6 Apr 2024 10:38:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.397
X-Spam-Level:
X-Spam-Status: No, score=-4.397 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b="H/Pf/xi8"; dkim=pass (2048-bit key) header.d=kitterman.com header.b="HlYu2viy"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nIYl6zlHDvXE for <dmarc@ietfa.amsl.com>; Sat, 6 Apr 2024 10:37:56 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 05F42C14F5F3 for <dmarc@ietf.org>; Sat, 6 Apr 2024 10:37:55 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) by interserver.kitterman.com (Postfix) with ESMTPS id 44302F8020E for <dmarc@ietf.org>; Sat, 6 Apr 2024 13:37:46 -0400 (EDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903e; t=1712425051; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from; bh=rXXYFClQm4ppjlkuCu6uudFae4hkDihluvix+9K4b+I=; b=H/Pf/xi8s8y97jnstmNzMo5CTqKtjwhpyrkN+TX5xKTLnubAmJs0aWsUira4LgVfK8frA HYbFAql85xmrMzJBg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903r; t=1712425051; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from; bh=rXXYFClQm4ppjlkuCu6uudFae4hkDihluvix+9K4b+I=; b=HlYu2viyc7AlzTfQPrttYmezG7uheNAL/HfaMojV5u4C2K1KbvoojUSYmREvrVXJLiEvh 43/GWPm65XkZaSbqR5iK6bO08GfDODi0C9NYJ2t/Jgc7iUoUAlCpTdc2hmZ1qKIy52POrXx d5fw8GQz7rXurAR1jqZ6RtnhFDtK5323lngApGX2QLsGc7G1ttL8flII8FOQ4SWwvEz+3zz Zgb3nPV7rNuzrgwKsh13j7qykGvXezHg8HN6k6kpaiqwddMa0CeVXn5mi8YBMR4YM//pGTq MsGmirHINigjX6VlYBwXQTjyrAjs/wQq4W33bGNmM9PeUEPiJ+YoionCIqHA==
Received: from zini-1880.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) by interserver.kitterman.com (Postfix) with ESMTP id 10282F80126 for <dmarc@ietf.org>; Sat, 6 Apr 2024 13:37:31 -0400 (EDT)
From: Scott Kitterman <sklist@kitterman.com>
To: dmarc@ietf.org
Date: Sat, 06 Apr 2024 13:37:25 -0400
Message-ID: <2764165.rv8vZNihtd@zini-1880>
In-Reply-To: <CAOZAAfPwJHKGyLjTkdGDqkMeK4RQX4Fj0rw-Upn0cLZ+cE74aA@mail.gmail.com>
References: <CAOZAAfPwJHKGyLjTkdGDqkMeK4RQX4Fj0rw-Upn0cLZ+cE74aA@mail.gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/7FmAFWBc_HRgz9WwG2vjfv0Ro6g>
Subject: Re: [dmarc-ietf] WGLC editorial review of draft-ietf-dmarc-dmarcbis-30
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Apr 2024 17:38:01 -0000
On Saturday, March 30, 2024 4:05:17 PM EDT Seth Blank wrote: > Section 4.6: DNS Tree Walk: > > The text is correct, but N is wrong. I've shared my notes with this list > but we never reached consensus: > https://mailarchive.ietf.org/arch/msg/dmarc/GoExCeJYWhxnvH8lwjbr7nAcFh4/ > > tl;dr: N of 5 works for *org domain discovery* but falls short > *policy/reporting* discovery. The algorithm can stay the same, but N needs > to be increased and the text to match. > > I *strongly* believe that N needs to be 8 to meet operational use cases > we see today, and may still fall short in the future as this use case is > unlocked by the tree walk. We started to discuss this in a different thread last week, before I got distracted. I'd like to pick this up taking a look at Seth's proposal and rationale directly, rather than as a side point from another discussion. I think that Seth's basic rationale is correct. N=5 works for org domain discovery. I am willing to accept that there is a need for different reporting addresses within an org and that this might require a different value of N. The problem I have is that this is outside the scope of the agreed design space. If there's consensus to expand the scope of what DMARCbis is taking on, I don't think the difference between 5 and 8 for N is operationally significant. In RFC 7489 DMARC, policy and reporting addresses can be discovered exactly two places: the RFC5322.From domain and the org domain. The DMARC records for any labels between those two domains are not assessed. As a result, any subdomain that needs a different reporting address than that specified in the org domain, needs to publish it's own DMARC record. As a side effect of the switch to the tree walk approach in DMARCbis, this is no longer true. For any subdomain without a DMARC record, the domains above it in the tree are also checked, so you can specify a different policy/ reporting address for groups of subdomains below the org domain (as long as you don't get past the max N value in length). This was never a design objective, just a side effect. As a result, I am skeptical of the claim that the thing we accidentally did, that DMARC (as defined by RFC 7489) does not do, is somehow critical. It's not at all clear to my why any organization with these long domain names can't continue to do whatever they are doing now. If we are going to change our design scope after WGLC, I think there should be a high bar for it. I think it would be an admission that there is not WG consensus to proceed and we may need another WGLC after this is sorted (but I'm happy to leave that to management to figure out). I can articulate that N=5 is based on the longest email relevant entry in the current PSL. Why N=8 and not N=7 or N=9? I think we need to have an articulable rationale for what ever number we end up with (even though that rationale probably doesn't go into DMARCbis). I suspect that once we work through it, most of the work here is about the "text to match" that Seth mentioned, I don't think the exact number is that important. Scott K P.S. Sorry for the delay, this email was more than I felt I could reasonably pull off writing from my phone. P.P.S I think I'm caught up on last call email now.
- Re: [dmarc-ietf] Thoughts on choosing N John Levine
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Alessandro Vesely
- [dmarc-ietf] WGLC editorial review of draft-ietf-… Seth Blank
- Re: [dmarc-ietf] WGLC editorial review of draft-i… John Levine
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Seth Blank
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Douglas Foster
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Alessandro Vesely
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Mark Alley
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Alessandro Vesely
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… John Levine
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Seth Blank
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Murray S. Kucherawy
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Murray S. Kucherawy
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Murray S. Kucherawy
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Richard Clayton
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Seth Blank
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Tero Kivinen
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Alessandro Vesely
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Brotman, Alex
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Dotzero
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Tim Wicinski
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Todd Herr
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Tim Wicinski
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Jim Fenton
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Alessandro Vesely
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Brotman, Alex
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Todd Herr
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Murray S. Kucherawy
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… John Levine
- Re: [dmarc-ietf] ARC, was WGLC editorial review o… Alessandro Vesely
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Tim Wicinski
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Laura Atkins
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Dotzero
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Scott Kitterman
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Scott Kitterman
- Re: [dmarc-ietf] the long march, WGLC editorial r… John R. Levine
- Re: [dmarc-ietf] the long march, WGLC editorial r… Scott Kitterman
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Neil Anuskiewicz
- Re: [dmarc-ietf] the long march, WGLC editorial r… Murray S. Kucherawy
- Re: [dmarc-ietf] Thoughts on choosing N Douglas Foster
- Re: [dmarc-ietf] Thoughts on choosing N Alessandro Vesely
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N Todd Herr
- Re: [dmarc-ietf] Thoughts on choosing N Murray S. Kucherawy
- Re: [dmarc-ietf] Thoughts on choosing N Douglas Foster
- Re: [dmarc-ietf] Thoughts on choosing N John Levine
- Re: [dmarc-ietf] Thoughts on choosing N Douglas Foster
- Re: [dmarc-ietf] Thoughts on choosing N John Levine
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N (choose 6) Douglas Foster
- Re: [dmarc-ietf] Thoughts on choosing N Todd Herr
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N John Levine
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N Todd Herr
- Re: [dmarc-ietf] Thoughts on choosing N Alessandro Vesely
- Re: [dmarc-ietf] Thoughts on choosing N John Levine
- Re: [dmarc-ietf] Thoughts on choosing N Neil Anuskiewicz
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N Douglas Foster
- Re: [dmarc-ietf] Thoughts on choosing N Alessandro Vesely