Re: [dmarc-ietf] Ruminating the tree walk
Alessandro Vesely <vesely@tana.it> Sun, 03 April 2022 11:27 UTC
Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 14DE53A1BBB
for <dmarc@ietfa.amsl.com>; Sun, 3 Apr 2022 04:27:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.109
X-Spam-Level:
X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001,
RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001,
T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral
reason="invalid (unsupported algorithm ed25519-sha256)"
header.d=tana.it header.b=Z2j887lP; dkim=pass (1152-bit key)
header.d=tana.it header.b=DTF0QiOi
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 6mfGEhk5Be6O for <dmarc@ietfa.amsl.com>;
Sun, 3 Apr 2022 04:27:14 -0700 (PDT)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id C51573A1BB8
for <dmarc@ietf.org>; Sun, 3 Apr 2022 04:27:12 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=tana.it;
s=epsilon; t=1648984928;
bh=uXWQlR8D2Nby7JLLu5irbtin7K6OkK4y0Y88vE8qL4g=;
h=Date:Subject:To:References:From:In-Reply-To;
b=Z2j887lPg5udEH3pEV8+/K+2Pyne8yzy8srES1JC4HhZheJf5WytVXMA0Qg6wXpsA
DauQitoFX39r99xGsqYBA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta;
t=1648984928; bh=uXWQlR8D2Nby7JLLu5irbtin7K6OkK4y0Y88vE8qL4g=;
h=Date:To:References:From:In-Reply-To;
b=DTF0QiOiS0GrzoRdwgB/KBcNGjfw3mOhr9snVIcnPS+ktSHl6nR1btftaiAGaNQyl
bpoMhZCOEDn5ta9coUeGM/637UYG+oDjHhINha272dYLei2VpbKrw3ZAcxUC0ZMFzF
95hyDKYXggoe97y4GAUqNP068U9muoWYesaWTMkITHh1Cq7je2FN2FRf2MHwQ
Author: Alessandro Vesely <vesely@tana.it>
Received: from [172.25.197.111] (pcale.tana [172.25.197.111])
(AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3, 128bits,
ECDHE_RSA_AES_128_GCM_SHA256) by wmail.tana.it with ESMTPSA
id 00000000005DC0F3.0000000062498360.00005D87; Sun, 03 Apr 2022 13:22:08 +0200
Message-ID: <995e74ff-9a40-72c7-3d3f-9b5fd196573e@tana.it>
Date: Sun, 3 Apr 2022 13:22:08 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
Thunderbird/91.6.2
Content-Language: en-US
To: dmarc@ietf.org
References: <164789584226.30456.9564261134406099481@ietfa.amsl.com>
<CAH48ZfydWRgbMTpifJT_Md+muYnm3TeP+-9ULxcoEoB1oVYD7Q@mail.gmail.com>
<aef95e07-bc42-7a13-8f89-080397ef85cf@tana.it> <3890985.9lyzESmaKy@zini-1880>
Authentication-Results: tana.it; auth=pass (details omitted)
From: Alessandro Vesely <vesely@tana.it>
In-Reply-To: <3890985.9lyzESmaKy@zini-1880>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/9DhhLvdFu7ifL34mI7knYxM9ftg>
Subject: Re: [dmarc-ietf] Ruminating the tree walk
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting,
and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>,
<mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>,
<mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Apr 2022 11:27:22 -0000
On Sun 03/Apr/2022 01:35:16 +0200 Scott Kitterman wrote: > On Wednesday, March 23, 2022 6:59:08 AM EDT Alessandro Vesely wrote: >> Hm... >> >> On Wed 23/Mar/2022 03:08:35 +0100 Douglas Foster wrote: >>> During my ruminations last night, I gained some clarity around that >>> question and wanted to highlight those conclusions. They simplify the >>> alignment search significantly: >>> >>> - If the common substring is shorter than the Organizational Domain, then >>> the names are not aligned and the candidate domain can be ignored. >>> >>> - Otherwise, if any candidate domain is a parent of (or equal to) the FROM >>> domain, then and we have alignment and DMARC PASS. The secondary tree >>> walk is not needed and no further evaluation is required. >>> >>> - If several candidate names are child domains of the FROM address, then >>> only the shortest string needs to be evaluated with a secondary tree >>> walk. If it is aligned, further evaluation is not required. If it is >>> not aligned because of an organizational boundary, all other child >>> domains are also excluded. >> >> That and the deeper-than-5 optimization Doug posted on a separate message. >> >> I know the document is already longish. However, collecting these >> observations in an appendix may be helpful for developers, and maybe also >> for general understanding of the intricacies involved in the tree walk, >> including proper usage of the psd= flag. > > I think we do need to add some additional clarity, which I plan to draft, but > let's not go overboard. We are trying to describe a protocol, not a > implementation specification. So far, in my experience, the extra code > required to address short cuts like this is not justified by the improved > 'efficiency'. I don't think these need to be in the document. I agree that the efficiency is determined more by having a dedicated caching resolver than by the algorithm. And the importance of setting up DNS will never be stressed enough. I was thinking rather to a walk through the tree walk (no pun intended), to be read by domain owners and programmers alike, to help understanding what's good, what's bad, what's normal and what's exceptional. Having such an appendix permits the actual algorithm to be stated in a concise, formal expression. The last description, for example, uses two steps, 2 and 7, to advise to discard non-DMARC records. Step 8 repeats the directive already given in step 3. That language is neither formal nor friendly. Best Ale --
- [dmarc-ietf] I-D Action: draft-ietf-dmarc-dmarcbi… internet-drafts
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dma… Douglas Foster
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dma… Scott Kitterman
- [dmarc-ietf] 5.5.4. Publish a DMARC Policy for th… Alessandro Vesely
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dma… Douglas Foster
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dma… Scott Kitterman
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Scott Kitterman
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dma… Douglas Foster
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dma… Douglas Foster
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dma… Douglas Foster
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dma… Douglas Foster
- [dmarc-ietf] Ruminating the tree walk Alessandro Vesely
- Re: [dmarc-ietf] Ruminating the tree walk Douglas Foster
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dma… Scott Kitterman
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dma… Scott Kitterman
- Re: [dmarc-ietf] Ruminating the tree walk Scott Kitterman
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Scott Kitterman
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… John Levine
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Alessandro Vesely
- Re: [dmarc-ietf] Ruminating the tree walk Alessandro Vesely
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Douglas Foster
- Re: [dmarc-ietf] Ruminating the tree walk Barry Leiba
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… John R Levine
- Re: [dmarc-ietf] Ruminating the tree walk Douglas Foster
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Alessandro Vesely
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Douglas Foster
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Scott Kitterman
- Re: [dmarc-ietf] Ruminating the tree walk Scott Kitterman
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Scott Kitterman
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Todd Herr
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… John R Levine
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Alessandro Vesely
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… John R Levine
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… John Levine
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Alessandro Vesely
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Alessandro Vesely
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… John R Levine
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Scott Kitterman
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Scott Kitterman
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Scott Kitterman
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Scott Kitterman
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… John Levine
- Re: [dmarc-ietf] PSD vs org, 5.5.4. Publish a DMA… John R Levine
- Re: [dmarc-ietf] PSD vs org, 5.5.4. Publish a DMA… Scott Kitterman
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Alessandro Vesely
- Re: [dmarc-ietf] PSD vs org, 5.5.4. Publish a DMA… Alessandro Vesely
- Re: [dmarc-ietf] PSD vs org, 5.5.4. Publish a DMA… John Levine