IETF Logo Mail Archive

Re: [dmarc-ietf] easier DKIM, DMARC2 & SPF Dependency Removal

Benny Pedersen <me@junc.eu> Tue, 20 June 2023 01:02 UTC

Return-Path: <me@junc.eu>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EEA0AC14CF1A for <dmarc@ietfa.amsl.com>; Mon, 19 Jun 2023 18:02:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.098
X-Spam-Level:
X-Spam-Status: No, score=-7.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=junc.eu
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id afN5qbp8dFTg for <dmarc@ietfa.amsl.com>; Mon, 19 Jun 2023 18:02:36 -0700 (PDT)
Received: from mx.junc.eu (mx.junc.eu [172.104.150.56]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 351ACC14F73F for <dmarc@ietf.org>; Mon, 19 Jun 2023 18:02:34 -0700 (PDT)
Received: from localhost (localhost.junc.eu [127.0.0.1]) by mx.junc.eu (Postfix) with ESMTP id 9CBCF85193; Tue, 20 Jun 2023 03:02:29 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=junc.eu; h= content-transfer-encoding:content-type:organization:message-id :references:in-reply-to:subject:from:date:mime-version; s= default; t=1687222949; x=1688086950; bh=G6jexH8gGpN+tY2QgOKetns+ ZbWbVq9nttmx8r1jEy8=; b=IIoKCKdpdrQ8z8+bvHiF9W15CMkqUxWM5Md1stKB uymkVsovSj37St1PD0fpYQGUm09N82t+L7Ea21DyvCp8vXtLKn7TG8/A5g31/S2d 6jNuCp4AMccyYnu15PH5EVFndmKi/ur+Vxc1BR+utcsmDWBQLpasN79ftc8+5OME wx41q2HYf/aWrzJRXydHqgSAEl3OCJ8JkjUCxQYymLrVbND2FnZb1l+avh6hpDq6 E39S8XVd9QnPk1Pr7HTj9Kf7SioAbP4YmgAgRdQVXLXaViVt3LzKFCaCIsIG7ktr 8gSNkLLzUR1dt8IO6qkIqlo5x3JuQEOea9gcGSXVNWXyfg==
X-Virus-Scanned: amavisd-new at mx.junc.eu
Received: from mx.junc.eu ([127.0.0.1]) by localhost (mx.junc.eu [127.0.0.1]) (amavisd-new, port 10023) with LMTP id Mxxj0xIBJqHi; Tue, 20 Jun 2023 03:02:29 +0200 (CEST)
Received: from localhost.junc.eu (localhost.junc.eu [127.0.0.1]) by mx.junc.eu (Postfix) with ESMTPSA id 13FD08518E; Tue, 20 Jun 2023 03:02:29 +0200 (CEST)
MIME-Version: 1.0
Date: Tue, 20 Jun 2023 03:02:29 +0200
From: Benny Pedersen <me@junc.eu>
To: John R Levine <johnl@taugh.com>
Cc: Patrick Ben Koetter <p@sys4.de>, dmarc@ietf.org
In-Reply-To: <3087d0fa-91b4-62b4-fc64-a705c7f0b672@taugh.com>
References: <30BB83B2-B454-41B8-992B-8E2569802D9C@1und1.de> <D225D7FC-C570-4B63-A694-9F16DB1F33E1@kitterman.com> <CALaySJKwuOK-81dW2H9dtURxa5mLQDUNo+MWcs+Hho8N+yP9qg@mail.gmail.com> <2817813.dRqVH37e0G@localhost> <CALaySJJbPFBAV_7mZaARYWuMzuX+74r2Cm0jD+z92_iuFRn_MQ@mail.gmail.com> <25736.57534.195344.782189@fireball.acr.fi> <1ec42959-977a-9ce0-907a-83a5eb2b6ef2@tana.it> <25739.5435.550786.601699@fireball.acr.fi> <25739.33240.127804.524371@fireball.acr.fi> <5d9a0b0f-8777-2494-d779-376c6ab8b37d@tana.it> <xtudkqv5sqxs4c2nnilna5lf4b266br4xwdjwoq4fdyjpgzjln@xdb5rldfeini> <3087d0fa-91b4-62b4-fc64-a705c7f0b672@taugh.com>
Message-ID: <20c657558712f8fde2c69b5fedbbef89@junc.eu>
X-Sender: me@junc.eu
Organization: junc.eu
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/8Xajc_cmM85SqNSEXkpR3xECiFA>
Subject: Re: [dmarc-ietf] easier DKIM, DMARC2 & SPF Dependency Removal
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Jun 2023 01:02:41 -0000

John R Levine skrev den 2023-06-20 02:25:
> On Mon, 19 Jun 2023, Patrick Ben Koetter wrote:
>> I suggest that we do not only drop SPF, but also come up with better 
>> ways
>> (simplification, tools, exchange formats) to implement DKIM in order 
>> to allow
>> for a smooth transition.
> 
> I'm scratching my head here.  On my system I publish and rotate DKIM
> keys completely automatically.  The only manual config is to edit the
> list of domains when I add or remove one from my mail server.  It's
> not totally trivial but it's not that hard.
> 
> I suppose we could encourage people to implement ed25519 signatures
> since the keys are small and more likely to fit in a single TXT record
> string for provisioning crudware that doesn't handle multiple strings,
> but beyond that, what do you have in mind?

i see it as a problem, not as a solution, would we want all to be forced 
to accept new algo ?, will old be depricated ?, yes retorisk question i 
know, but be carefull, metacpan Mail::DKIM does not yet have it, but 
there is patches waiting so maybe it comes ?

imho there would be more forward to see amavisd-new do ARC-Seal/ARC-Sign 
then to see it support one more algo in dkim, i know this is maybe just 
me ?

v2.23.0 | Report a Bug | By Email