IETF Logo Mail Archive

[dmarc-ietf] Bridging the gap

Douglas Foster <dougfoster.emailstandards@gmail.com> Wed, 15 June 2022 02:40 UTC

Return-Path: <dougfoster.emailstandards@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 626D7C1527AF for <dmarc@ietfa.amsl.com>; Tue, 14 Jun 2022 19:40:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6xH9-wF2hvIW for <dmarc@ietfa.amsl.com>; Tue, 14 Jun 2022 19:40:25 -0700 (PDT)
Received: from mail-oi1-x22e.google.com (mail-oi1-x22e.google.com [IPv6:2607:f8b0:4864:20::22e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D73CDC14792F for <dmarc@ietf.org>; Tue, 14 Jun 2022 19:40:25 -0700 (PDT)
Received: by mail-oi1-x22e.google.com with SMTP id h187so13880719oif.4 for <dmarc@ietf.org>; Tue, 14 Jun 2022 19:40:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:from:date:message-id:subject:to; bh=gqSfZ3o14w1kDKF6ICgFvgY0kKxfKGQJcLg8WPpSkMQ=; b=i+kMRT9sS4rsKk2OIOGgPbF3W0jVzF9sED10kfKHtvsI+iPIMfpRJRvLW8nTyeXSUD Sl/rsR1vLF+K+aoV1zc43EQPp46zhCeZfTOS5ltD2xgkGChsh5Pvz44ddwi8fL85ksTR wKkubKFSjEQ9uJXVoYrfxYdcLAqiOcbU8eTxRTMhY8rEKIM/HDlntgmoDncsArBE/Ffw Zu3pD+gBOBxmDhIhE4CYBJioUUFw7W6h66rGXfB3CjXJ53ybX6R0IgwoxnLeCHABpdSr LxYOZysY8mmUyszkCkjQM+h59jU5tkP3nWH30NVXD//5sDgJd/H84Szb+7dKffgmQCDs TnUg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=gqSfZ3o14w1kDKF6ICgFvgY0kKxfKGQJcLg8WPpSkMQ=; b=PMSU2XQpUWfKpgG2V8sgRNlvsBsvKDqFzNLNGvPnVTuvLaaVywo47AO8pBPPUUo9X2 9Tqct+CeeB34enDAbcKtuXOI44h+syW7uyE/A3gwQeQUlUGxVOxxmWtMUZH2L9msUuM5 4Muun76XpGfnmaj2xE3hCbNrqHlkKkMq4ThXNb86zFo9q1nu3soxmG74Ja/DPdzFfBoL xppJy+1YNpsny10nL+Y1aDcXgh7S3nEAfskahcj/NdmALMzM2bSMxa6JyM606ngwAhCP dkUUYi2Lui3EpX5vz1IVtX5I7Jm+v5IEkYRUlPTMLH51ARmzRuRdzY4CLDX11IBMzsp7 0Ecw==
X-Gm-Message-State: AOAM532QpOGApNorGZc6fiF+o+UDZZ18iz2fhuIMXga7FeL4FYnaOAo5 AcJjixdVfCz5l9GTuZ2NHF7bhOPVlJwwxsdAw7XuxSjsCDw=
X-Google-Smtp-Source: ABdhPJyokE/TAfA0FIs0CsW4K0fuGcgN4Uv00tzewvtL11Tqtue3xoV5Tt4+7RQ8djNQn+p1kvsXkIgREVMJTVcZQuc=
X-Received: by 2002:a54:4d83:0:b0:32e:8929:6619 with SMTP id y3-20020a544d83000000b0032e89296619mr3732539oix.51.1655260824354; Tue, 14 Jun 2022 19:40:24 -0700 (PDT)
MIME-Version: 1.0
From: Douglas Foster <dougfoster.emailstandards@gmail.com>
Date: Tue, 14 Jun 2022 22:40:31 -0400
Message-ID: <CAH48Zfya7iSO0xn5FeKd61eOouP0fnj07r7OD-VVD0Gwn5_Gkg@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000072451805e1737116"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/A7NvFfY30Ba7q03X2bb_HBNqLc8>
Subject: [dmarc-ietf] Bridging the gap
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jun 2022 02:40:26 -0000

I have done a lot of thinking about the current confrontation and how to
bridge it.

The problem seems rooted in our different attitudes toward the PSL.   If
one assumes that the Tree Walk must displace the PSL completely and
quickly, then it becomes necessary to “make do” with incomplete information
about organizational boundaries, even though this introduces unwanted risk
to evaluators.   I believe that the assumption is unnecessary, because the
Tree Walk and the PSL can coexist without harm.  We simply specify that the
Tree Walk algorithm MUST be used when organizational boundary information
is known to be complete and certain, as indicated by specific policy tags,
while the PSL MAY be used when boundary information is uncertain or
incomplete.

The “Must-use-Tree-Walk” indicator provides the domain owner with a remedy
to correct PSL errors, as well as a strategy for avoiding them.    The MUST
indicator also means that DMARCbis-compliant implementations MUST implement
the Tree Walk algorithm, ensuring that the new algorithm becomes deployed
with critical mass.

The “MUST-use-Tree-Walk” assertion is accomplished with a DMARC policy tag
on the organizational domain record, supplemented by DMARC policy tags to
indicate the boundaries of any contained sub-organizations.     Some
processing guidelines will need to be provided to ensure that the
Must-use-Tree-Walk indicator is always found when it is present.

 Doug

v2.23.0 | Report a Bug | By Email