IETF Logo Mail Archive

Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC Records Can Be CNAMEs

Scott Kitterman <sklist@kitterman.com> Thu, 14 March 2024 21:38 UTC

Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD265C14CE38 for <dmarc@ietfa.amsl.com>; Thu, 14 Mar 2024 14:38:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b="eNUDNqp1"; dkim=pass (2048-bit key) header.d=kitterman.com header.b="oqMbJrGD"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YreaE6xR8FEX for <dmarc@ietfa.amsl.com>; Thu, 14 Mar 2024 14:38:16 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [IPv6:2604:a00:6:1039:225:90ff:feaa:b169]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 667CBC14F5E8 for <dmarc@ietf.org>; Thu, 14 Mar 2024 14:38:16 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [IPv6:2604:a00:6:1039:225:90ff:feaa:b169]) by interserver.kitterman.com (Postfix) with ESMTPS id 9504AF802A5; Thu, 14 Mar 2024 17:38:03 -0400 (EDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903e; t=1710452268; h=date : from : to : subject : in-reply-to : references : message-id : mime-version : content-type : content-transfer-encoding : from; bh=dVxTO//wcGII4ynHRPJpk4XitFL5hXxcj+DN0zp+QMM=; b=eNUDNqp1tl5SiqJZRL6s9tcycDyZ+GAvI+TqIb+N6ukIpEzaglWIyFjox4SLiFT9SfpP8 VKe+3BlMqEkPNInCg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903r; t=1710452268; h=date : from : to : subject : in-reply-to : references : message-id : mime-version : content-type : content-transfer-encoding : from; bh=dVxTO//wcGII4ynHRPJpk4XitFL5hXxcj+DN0zp+QMM=; b=oqMbJrGDBZL4clntqz9YmmtbITWGgEUt9950NXZ7JHWwPGX2u1a5Q9i4mPF2Fw1jK86/Y YrSGcGQL1SENehpajvm9tr3MNsH7U8UI6CPIRplbTvy+5dDyOMYElMuXt1vMTQQ3nr+0g0k 8ZPUSBdj/4NV5kuHpKembrs3RKbslXgPugMtHJHime6XVTIfJYCUUGw59SGf6qwPKXNs1n/ CeZf8ZCpZo44Hx79SnssYqShxIpsoJg+h3X8+JOJI7c0mguWokUpDozcmDq5zRvUu7UEbVr MczWZV36NRmtxg8nLSaNxwCFMTUsejZD8JTFgCJGIhF6RgptRzbH1LS9D3PA==
Received: from [127.0.0.1] (mobile-166-170-34-122.mycingular.net [166.170.34.122]) by interserver.kitterman.com (Postfix) with ESMTPSA id 9345FF80245; Thu, 14 Mar 2024 17:37:48 -0400 (EDT)
Date: Thu, 14 Mar 2024 21:37:43 +0000
From: Scott Kitterman <sklist@kitterman.com>
To: dmarc@ietf.org
In-Reply-To: <CAHej_8=+fHDstBHCzS54cr5dmGo=XfyXy0wzaS6gY6WokpF_Lg@mail.gmail.com>
References: <CAHej_8kip_p+n56=Y5WuVG2M_+HXHj51fyY3k6dx-itJRZkCpQ@mail.gmail.com> <B18FD596-D342-4569-8A23-3E01B137DDDA@kitterman.com> <CAHej_8=+fHDstBHCzS54cr5dmGo=XfyXy0wzaS6gY6WokpF_Lg@mail.gmail.com>
Message-ID: <C8B77604-F4CF-451F-96A2-0AB472784EC3@kitterman.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/8p-iSeKpGL7IXRSZJC_kubQupcM>
Subject: Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC Records Can Be CNAMEs
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Mar 2024 21:38:20 -0000


On March 14, 2024 8:38:17 PM UTC, Todd Herr <todd.herr=40valimail.com@dmarc.ietf.org> wrote:
>On Thu, Mar 14, 2024 at 4:34 PM Scott Kitterman <sklist@kitterman.com>
>wrote:
>
>>
>> I think this is correct.  I think it's obviously enough correct that I'm
>> surprised anyone was confused.
>>
>> Do we know what the theory was that led people to think otherwise?
>>
>> Seems to me we don't really need this, but maybe there's a reason.
>>
>>
>The reasons given were:
>
>   1. https://www.rfc-editor.org/rfc/rfc5863#section-4.1
>   2. https://datatracker.ietf.org/doc/html/rfc6376#section-7.5
>   3. Neither RFC 7489 nor DMARCbis contain the phrase "CNAME", so if it's
>   not explicitly mentioned...
>
>Granted, the first two citations are in regards to DKIM records, not DMARC
>records, but those were the reasons given.
>
Thanks.  

CNAMES have been used for DKIM since DKIM has existed.  I don't think any of those things say don't use CNAMES.

I think we don't need to say anything.  Explaining how DNS works is out of scope.  This kind of thing is a distraction which makes the document more complex and confusing.

Scott K

v2.23.0 | Report a Bug | By Email