Re: [dmarc-ietf] Is From spoofing an interoperability issue or not?
Alessandro Vesely <vesely@tana.it> Sun, 23 April 2023 10:10 UTC
Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 99B5AC14CE55 for <dmarc@ietfa.amsl.com>; Sun, 23 Apr 2023 03:10:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=tana.it header.b="1XTvfKkY"; dkim=pass (1152-bit key) header.d=tana.it header.b="DCs1Ychz"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i8dEagSB4wgr for <dmarc@ietfa.amsl.com>; Sun, 23 Apr 2023 03:10:40 -0700 (PDT)
Received: from wmail.tana.it (wmail.tana.it [94.198.96.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 06F4CC14CE38 for <dmarc@ietf.org>; Sun, 23 Apr 2023 03:10:38 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=tana.it; s=epsilon; t=1682244636; bh=0xNDgPGSTZVcmu2AG9eSTv5BaDFXk3V2UbLxCtVMics=; h=Author:Date:Subject:To:References:From:In-Reply-To; b=1XTvfKkY/4ks6w2xNKRMaeZ9kDWcIFa7FeM7sQ9J9GbHd8S6qMd7MFnHt86f/Mgmn OtzqjZIMtJEUMujv2WRBQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1682244636; bh=0xNDgPGSTZVcmu2AG9eSTv5BaDFXk3V2UbLxCtVMics=; h=Date:Subject:To:References:From:In-Reply-To; b=DCs1YchzEnKqksHx9S+5vblGlZlk7tnx1MLCwrUJEMmEHQhAj6Z9R+5RRODBe250q Ip4buBnKdNJwBT7O6mS3YvOr5hQp/IEr8N3LuCTnflOd3c6xCpFvVtfCLQw5a7ue32 hZKn+Qu5jis1aXLrkWLGTORph1BWl9IxcJ96YflXzt4/7TqmIRsE9SVwUZtEr
Original-Subject: Re: [dmarc-ietf] Is From spoofing an interoperability issue or not?
Author: Alessandro Vesely <vesely@tana.it>
Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3, 128bits, ECDHE_RSA_AES_128_GCM_SHA256) by wmail.tana.it with ESMTPSA id 00000000005DC0CE.000000006445041C.00006A27; Sun, 23 Apr 2023 12:10:36 +0200
Message-ID: <a31a3a91-1fe1-40b0-ae4c-0e76520e722c@tana.it>
Date: Sun, 23 Apr 2023 12:10:35 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.9.0
Content-Language: en-US, it-IT
To: dmarc@ietf.org
References: <0abf9711-ca1c-bfcf-afb2-15e16b9de149@tana.it> <20230420153727.DB568C106CE9@ary.qy> <CAJ4XoYeyoOYeXW1QN+yeMbxt4SF7Kn2Xi=FP7VmX4MhKiDi9hQ@mail.gmail.com> <C3D9E708-EDC7-43BC-AE5E-DF4FFAECCC2B@kitterman.com> <7e2ae4c0-6ebf-4539-55b9-e5d85765a024@tana.it> <185759A8-10CD-40F8-89C8-FE774B077F52@kitterman.com>
Authentication-Results: tana.it; auth=pass (details omitted)
From: Alessandro Vesely <vesely@tana.it>
In-Reply-To: <185759A8-10CD-40F8-89C8-FE774B077F52@kitterman.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/9IU_7PdbeBShVx-7o1mYEdgRBQc>
Subject: Re: [dmarc-ietf] Is From spoofing an interoperability issue or not?
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Apr 2023 10:10:46 -0000
On Fri 21/Apr/2023 18:43:30 +0200 Scott Kitterman wrote: > On April 21, 2023 3:57:54 PM UTC, Alessandro Vesely <vesely@tana.it> wrote: >>On Fri 21/Apr/2023 05:41:03 +0200 Scott Kitterman wrote: >>> On April 20, 2023 4:18:08 PM UTC, Dotzero <dotzero@gmail.com> wrote: >>>> On Thu, Apr 20, 2023 at 11:38 AM John Levine <johnl@taugh.com> wrote: >>>>> It appears that Alessandro Vesely <vesely@tana.it> said: >>>>> >>>>>> IMHO at least an appendix should say that if you can't do anything better you have to rewrite From: with examples of legitimate display-phrase, expanding a bit the first bullet in Section 11.4. That can also be a good place to explain the kind of damage DMARC causes. >>> >>>>> Absolutely not. This sort of thing is utterly outside the scope of our job and wasting time on it just further delays our already extremely late work. >>>> >>>> +1 >>>> >>>> There are many things John and I may disagree on but he clearly understands why avoiding scope creep (and bad ideas) is important. >>> >>> Definitely agree with both of you on this. >> >>Eeeh, what an uprising! I just proposed a couple of paragraphs, not a new rocket science theory. >> >> As for the badness, why wouldn't a concise but detailed explanation be better than obscure forbiddings and dark forebodings, such as MUST NOT be used by humans or interoperability will break down? >> >> BTW, what's the outcome of that discussion? > > That, specifically is a question for the chairs, so no idea. My recollection is that Barry said a Proposed Standard can get away without MUST NOT. Had we been we aiming at full standard directly before? > There are a nearly infinite set of few paragraphs we could write that would make things clearer. If we ever want to finish this, some of them need to be out of scope. Fully agreed. However, I think we must select out of that "nearly infinite set" the paragraphs that explain the MLM issue and other interoperability damage, which includes From: rewriting. Meanwhile, digressions about ATPS and similar schemes can help casting some light on future evolution. From: rewriting cannot be the final solution; it is a temporary hack. Digressions don't slow down the publication, as discussions about actual text quickly prevail. They are just a mean to help convergence toward a common vision of the future. Best Ale --
- [dmarc-ietf] Is From spoofing an interoperability… Laura Atkins
- Re: [dmarc-ietf] Is From spoofing an interoperabi… Scott Kitterman
- Re: [dmarc-ietf] Is From spoofing an interoperabi… Dotzero
- Re: [dmarc-ietf] Is From spoofing an interoperabi… Douglas Foster
- Re: [dmarc-ietf] Is From spoofing an interoperabi… Laura Atkins
- Re: [dmarc-ietf] Is From spoofing an interoperabi… Laura Atkins
- Re: [dmarc-ietf] Is From spoofing an interoperabi… Scott Kitterman
- Re: [dmarc-ietf] Is From spoofing an interoperabi… Hector Santos
- Re: [dmarc-ietf] Is From spoofing an interoperabi… John Levine
- Re: [dmarc-ietf] Is From spoofing an interoperabi… Dotzero
- Re: [dmarc-ietf] Is From spoofing an interoperabi… Alessandro Vesely
- Re: [dmarc-ietf] Is From spoofing an interoperabi… Hector Santos
- Re: [dmarc-ietf] Is From spoofing an interoperabi… Jesse Thompson
- Re: [dmarc-ietf] Is From spoofing an interoperabi… John Levine
- Re: [dmarc-ietf] Is From spoofing an interoperabi… Laura Atkins
- Re: [dmarc-ietf] Is From spoofing an interoperabi… Scott Kitterman
- Re: [dmarc-ietf] Is From spoofing an interoperabi… John Levine
- Re: [dmarc-ietf] Is From spoofing an interoperabi… Alessandro Vesely
- Re: [dmarc-ietf] Is From spoofing an interoperabi… Jesse Thompson
- Re: [dmarc-ietf] Is From spoofing an interoperabi… Douglas Foster
- Re: [dmarc-ietf] Is From spoofing an interoperabi… John Levine
- Re: [dmarc-ietf] Is From spoofing an interoperabi… Dotzero
- [dmarc-ietf] About UAID User Agent Identity. Hector Santos
- Re: [dmarc-ietf] Is From spoofing an interoperabi… Hector Santos
- Re: [dmarc-ietf] Is From spoofing an interoperabi… Scott Kitterman
- Re: [dmarc-ietf] Is From spoofing an interoperabi… Alessandro Vesely
- Re: [dmarc-ietf] Is From spoofing an interoperabi… Scott Kitterman
- Re: [dmarc-ietf] Is From spoofing an interoperabi… Alessandro Vesely
- [dmarc-ietf] Two basic Issues to address to help … Hector Santos
- Re: [dmarc-ietf] Two basic Issues to address to h… Dotzero
- Re: [dmarc-ietf] Two basic Issues to address to h… Hector Santos
- Re: [dmarc-ietf] Two basic Issues to address to h… Alessandro Vesely
- Re: [dmarc-ietf] Two basic Issues to address to h… Hector Santos