IETF Logo Mail Archive

Re: [dmarc-ietf] The description of psd=n

Todd Herr <todd.herr@valimail.com> Tue, 05 March 2024 20:11 UTC

Return-Path: <todd.herr@valimail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 54745C14CF01 for <dmarc@ietfa.amsl.com>; Tue, 5 Mar 2024 12:11:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oUghQiLJbHZb for <dmarc@ietfa.amsl.com>; Tue, 5 Mar 2024 12:11:09 -0800 (PST)
Received: from mail-yb1-xb2b.google.com (mail-yb1-xb2b.google.com [IPv6:2607:f8b0:4864:20::b2b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47923C14F61F for <dmarc@ietf.org>; Tue, 5 Mar 2024 12:11:04 -0800 (PST)
Received: by mail-yb1-xb2b.google.com with SMTP id 3f1490d57ef6-dc6d9a8815fso1085938276.3 for <dmarc@ietf.org>; Tue, 05 Mar 2024 12:11:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; t=1709669463; x=1710274263; darn=ietf.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=jh624pBb3J9c4JfTbRFXa9bV9bZzuE4cBKe5CwjAPOI=; b=Q+Cj7NFLicISDMIf1aP6ojamrWLyUmKo5pjnJctuyDSg+lc8IyQ03BdbqvXydiqUSL NuD+hrO4B6LaHw+JxfFHHsM8gXRLXakcQ0MGUTCTqZujLr8zOjJhDZgTbnC6hCgX5nOR XsNkMRydtJNOz4TEtzopA8onvqpxZN3av5krsj/gibLsFdnJu8KOq1u8+UJpYxEYOAdp gKunRNfNxW9G877vKqBDdEFkaOpZJxR8+EccsMOOKHKi++BsfxlbUawLlZPaBSAMmuAZ SheSMUx7GcPTrXxOz9DcTCK77NuZBjb+Z64EqcCpyYRj6mol/0KQU8Gs5Ub/SutFMkQ3 z2lw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709669463; x=1710274263; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=jh624pBb3J9c4JfTbRFXa9bV9bZzuE4cBKe5CwjAPOI=; b=Dp9W+qWEsPGCSez6IpehHEEO+WpQzQ6bnOPStfN9sRTyFkZuvvo+ygsDM/1jB1xRnt ekD1tZ8CaYAkTDHPkM7+aHrJOZiNEiCw2pru4IQilHJmHIkpDi+LJYVxB137QA3uJO+W lUe+T+aCv6HbCD+Sz9078ENzSiafKAdIh/ujiHGpbiMo3DMDhPOUFbDw/8Ud7QVUxc1n KHMuOc/43DL/b/ngVkzU2a+5NvgiGq+QZ17BVgrq9SuuWbDOuGWf8sC97sGIsf/HsM+S 7Y79gNOKSePRQuzmILOLYyucME5lrgOapWn7iG3Z3Vp6WtTyJ1x/ep+J4eVdVLO3x2aC bjFA==
X-Gm-Message-State: AOJu0YyR8AF6Den+YlFfE9Dn6529qrlwuqCeojBWzqbNoKBhVBuj2kvP TYS+McjQaKu68II9A093Em/wrbDH3xOYsR5cMjvmyuqtSPX6B8G8YUBy+Wt15BCtxfQ4jynGwFZ 9wKW4eNv0t5TWRTVv8iW9zdyKeXBgLnRb8MIgo1LZxxsXQyn8Ck0=
X-Google-Smtp-Source: AGHT+IGoCdXSTZfDCwmrkYBqlD3RhlA6TAb0bpx4xnoe3PIz5aaCdfwcIy8ZrDTM0LNCIeY0EWcdVxUw9c2JgqqpRec=
X-Received: by 2002:a05:6902:1345:b0:dcc:84ae:9469 with SMTP id g5-20020a056902134500b00dcc84ae9469mr9885288ybu.64.1709669462791; Tue, 05 Mar 2024 12:11:02 -0800 (PST)
MIME-Version: 1.0
References: <courier.0000000065E6FDF1.00005F05@wmail.tana.it> <CAHej_8mNavBYt7_zcit2PnxaQ9pijjMSvyOCw=UZon3VM+6jSQ@mail.gmail.com> <8BD3FAC1-F9E6-4B93-8D27-6036BBDE2327@kitterman.com>
In-Reply-To: <8BD3FAC1-F9E6-4B93-8D27-6036BBDE2327@kitterman.com>
From: Todd Herr <todd.herr@valimail.com>
Date: Tue, 05 Mar 2024 15:10:46 -0500
Message-ID: <CAHej_8kUrK_u0V16vedgG3s91VXfszzt1_gC7V24mRj-MNPkzg@mail.gmail.com>
To: dmarc@ietf.org
Content-Type: multipart/alternative; boundary="0000000000000374260612ef7136"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/8OP_K7fVNpA1B9rxgyqB3jqLy_4>
Subject: Re: [dmarc-ietf] The description of psd=n
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Mar 2024 20:11:13 -0000

On Tue, Mar 5, 2024 at 1:30 PM Scott Kitterman <sklist@kitterman.com> wrote:

>
>
> On March 5, 2024 2:47:47 PM UTC, Todd Herr <todd.herr=
> 40valimail.com@dmarc.ietf.org> wrote:
> >On Tue, Mar 5, 2024 at 6:12 AM Alessandro Vesely <vesely@tana.it> wrote:
> >
> >> Hi,
> >>
> >> Section 5.3, in the format description of psd:
> >>
> >>        n:  The DMARC policy record is published for a PSD, but it is the
> >>           Organizational Domain for itself and its subdomain.  There is
> >>           no need to put psd=n in a DMARC record, except in the very
> >>           unusual case of a parent PSD publishing a DMARC record without
> >>           the requisite psd=y tag.
> >>
> >> Perhaps a "not" is missing between "is" and "published"?  I'd just say
> >> the
> >> domain is not a PSD /and/ it is the Organizational Domain for itself and
> >> its subdomain.
> >>
> >>
> >You may be correct in your assertion here; I'll wait for others to weigh
> in.
> >
> >In the meantime, Issue 126 has been opened to track this.
> >
>
> I think it's missing a not, but is overwise fine.
>
>
John Levine commented directly on issue 126
<https://github.com/ietf-wg-dmarc/draft-ietf-dmarc-dmarcbis/issues/126>,
indicating that he believes the text should read (emphasis added by me):

       n:  The DMARC policy record is published for a PSD, but it is NOT the
          Organizational Domain for itself and its subdomain.  There is
          no need to put psd=n in a DMARC record, except in the very
          unusual case of a parent PSD publishing a DMARC record without
          the requisite psd=y tag.

I think this is the correct place to put the 'not', as it's consistent with
the second sentence here, as well as this text from the following sections:

4.8 Organizational Domain Discovery - "If a valid DMARC record contains the
psd= tag set to 'n' (psd=n), this is the Organizational Domain, and the
selection process is complete."

11.8 Determination of Organizational Domain for Relaxed Alignment -  "If a
PSD domain publishes a DMARC record without the appropriate psd=y tag,
organizational domain owners can add psd=n to their organizational domain's
DMARC record so that the PSD record will not be incorrectly evaluated to be
the organizational domain."


-- 

*Todd Herr * | Technical Director, Standards & Ecosystem
*e:* todd.herr@valimail.com
*p:* 703-220-4153
*m:* 703.220.4153

This email and all data transmitted with it contains confidential and/or
proprietary information intended solely for the use of individual(s)
authorized to receive it. If you are not an intended and authorized
recipient you are hereby notified of any use, disclosure, copying or
distribution of the information included in this transmission is prohibited
and may be unlawful. Please immediately notify the sender by replying to
this email and then delete it from your system.

v2.23.0 | Report a Bug | By Email