IETF Logo Mail Archive

Re: [dmarc-ietf] Feedback on draft-ietf-dmarc-psd-02

Scott Kitterman <sklist@kitterman.com> Fri, 12 April 2019 11:38 UTC

Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E9CBB12028F for <dmarc@ietfa.amsl.com>; Fri, 12 Apr 2019 04:38:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_FAIL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b=P3eAIfvc; dkim=pass (2048-bit key) header.d=kitterman.com header.b=pBhQU4Q3
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SMhiZ3PKnIdG for <dmarc@ietfa.amsl.com>; Fri, 12 Apr 2019 04:38:39 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [IPv6:2604:a00:6:1039:225:90ff:feaa:b169]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 14BE9120003 for <dmarc@ietf.org>; Fri, 12 Apr 2019 04:38:38 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) by interserver.kitterman.com (Postfix) with ESMTPS id 03AE2F807C6 for <dmarc@ietf.org>; Fri, 12 Apr 2019 07:38:37 -0400 (EDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903e; t=1555069116; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from; bh=nHzBs3Hp4Y/Lzl9f1PpDKDlP+QZc/BZ97a6qm8FBeQM=; b=P3eAIfvcu+LhjTa1R/FFReAcQQptFWHFN5L/UvTKdpnamp6eu1H5Kbrl hhryxozdWoLx5P3xcNNXwASjjulKCA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903r; t=1555069116; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from; bh=nHzBs3Hp4Y/Lzl9f1PpDKDlP+QZc/BZ97a6qm8FBeQM=; b=pBhQU4Q3oCNhSerbLq1jfJVyBKJyC3Zlx6DKqsC976YbEtltSpfxyU/e 7n+0oIReVglDUexQBavGrA05BmXAoYamHzKckm94KbCf6JqBrWrDMmgb6X ITqjPUkcYV9Lji4xJIDA6l7k+Dq5jHG4FpwwqUTg2KgTnRO2Z/RcRlSIcs ABpG66jHgZAU1PfCEuLkqcIKtTPV5ywh13pdjN05rs1HYw6/buZkwV9aG9 zhNM7c5vVcykr162m99VxcehlhxUNT7Eb68KJDDMwto9xu49E8uPv6C4ok TrncL15XfX40cldEi6qq67GGNJe4jIAIRsWO+oMVS/6lt3YMIEi99g==
Received: from kitterma-e6430.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) by interserver.kitterman.com (Postfix) with ESMTPSA id AEBC3F80029 for <dmarc@ietf.org>; Fri, 12 Apr 2019 07:38:36 -0400 (EDT)
From: Scott Kitterman <sklist@kitterman.com>
To: dmarc@ietf.org
Date: Fri, 12 Apr 2019 07:38:35 -0400
Message-ID: <4617305.8bk7ACbl42@kitterma-e6430>
User-Agent: KMail/4.13.3 (Linux/3.13.0-164-generic; KDE/4.13.3; x86_64; ; )
In-Reply-To: <CAOZAAfP0fNxfRV1CGkzqSaznjUWUyJdTS3UdvDSDhn0ZCQK=7w@mail.gmail.com>
References: <CABuGu1oE+W7_==GxG0Qmo9WxcPWm5in50EZwU+kSEJ4a0=QZzA@mail.gmail.com> <2560485.41NbCdns5Z@kitterma-e6430> <CAOZAAfP0fNxfRV1CGkzqSaznjUWUyJdTS3UdvDSDhn0ZCQK=7w@mail.gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/8-jAR9tlptV0zPZONySoE2skppA>
Subject: Re: [dmarc-ietf] Feedback on draft-ietf-dmarc-psd-02
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Apr 2019 11:38:41 -0000

On Friday, April 12, 2019 09:00:33 AM Seth Blank wrote:
> On Fri, Apr 12, 2019 at 4:57 AM Scott Kitterman <sklist@kitterman.com>
> 
> wrote:
> > I think adding a MUST NOT regarding RUF is a good idea.
> 
> I think this is a bad idea for two very important reasons:
> 
> 1) Any gTLD being used as a brand domain (i.e. .google, .microsoft, etc.)
> may wish to use failure reports on these domains just as they would on
> their .com's.
> 
> 2) We wanted this spec to be the *minimum* delta from DMARC possible.
> That's why we added the third lookup but removed all other items. A MUST
> NOT for RUF no longer feels like a minimum delta. It also adds extra
> overhead to any implementation changes needed to test the experiment.
> 
> We should (and I believe do) make the case in privacy consideration that
> failure reports for a third lookup is a bad idea. I don't think we need
> more of this right now. If during the experiment it becomes clear that this
> guidance is needed, then it can be folded into DMARC 2.0 when everything
> comes together.

I think your first point is a reasonable one.  For the second one, I think 
minimum may be in the eye of the beholder.  From an implementation 
perspective, I think the difference is trivial (if X then don't do Y) and I 
think part of minimum is a design that makes sense from a privacy perspective.

As a practical matter, since so few entities send RUF reports, it's not a 
major issue either way.  Let's see what others think.  I'm glad to take it 
back out if that's the way the group leans.

Scott K

v2.23.0 | Report a Bug | By Email