IETF Logo Mail Archive

Re: [dmarc-ietf] Ticket #55 - Clarify legal and privacy implications of failure reports

ned+dmarc@mrochek.com Mon, 28 December 2020 15:23 UTC

Return-Path: <ned+dmarc@mrochek.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 575F03A0C23 for <dmarc@ietfa.amsl.com>; Mon, 28 Dec 2020 07:23:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mrochek.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ItAt0QSyAyDn for <dmarc@ietfa.amsl.com>; Mon, 28 Dec 2020 07:23:22 -0800 (PST)
Received: from mauve.mrochek.com (mauve.mrochek.com [98.153.82.211]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EFD213A0C22 for <dmarc@ietf.org>; Mon, 28 Dec 2020 07:23:21 -0800 (PST)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01RTP8ICCY8000DL1N@mauve.mrochek.com> for dmarc@ietf.org; Mon, 28 Dec 2020 07:18:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mrochek.com; s=201712; t=1609168695; bh=FbHvFrfAFv5yLjPxC7hAVdlaGAVR3hCrAP8qDKMutDI=; h=From:Cc:Date:Subject:In-reply-to:References:To:From; b=BLyV6INSsqnJ9XKAGZjo+EmfkzEkUsK+j9EEtzkPHpjtQqVjOnE5HLduCClmyx2re w+lJ49wSFuZXJ8GR9nq4k7bbEqjOgUdkMOggspIr0yNZ38Hn7MUVSvv1XSBrg+rwV7 WrmPwSCho6uTzfNgZuPBgxrm/zYRPW35KS74NSEY=
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-type: TEXT/PLAIN; CHARSET="US-ASCII"; Format="flowed"
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01RTJOWYX49S004QVR@mauve.mrochek.com> (original mail from NED@mauve.mrochek.com) for dmarc@ietf.org; Mon, 28 Dec 2020 07:18:08 -0800 (PST)
From: ned+dmarc@mrochek.com
Cc: John R Levine <johnl@taugh.com>, Tim Wicinski <tjw.ietf@gmail.com>, IETF DMARC WG <dmarc@ietf.org>
Message-id: <01RTP8I70EYI004QVR@mauve.mrochek.com>
Date: Mon, 28 Dec 2020 06:54:24 -0800
In-reply-to: "Your message dated Sat, 26 Dec 2020 11:47:26 +0100" <5d150251-427c-5c44-a0c3-ad2e7f24b692@tana.it>
References: <20201218023900.E73B82ACBB2B@ary.qy> <a8281e16-9417-5189-df73-79ea0a865fbd@tana.it> <c713b9ae-a364-1ae0-e79-55f61624aa3d@taugh.com> <3034face-b6fc-0ce2-fa1b-f59210bd6f5b@tana.it> <46339b38-3b24-bcb7-5e73-8a97038ed69@taugh.com> <3997c81d-3b30-0823-a752-fb1d60a44593@tana.it> <74a5c37-19a6-6f6f-a51d-6e5cca5b29e8@taugh.com> <CAJ4XoYdXWTgADpdL1eJuYGnpSY038vj-FW_x1f2rEp1JL0r2oA@mail.gmail.com> <01RTICXKLL3E0085YQ@mauve.mrochek.com> <c5f7413e-52c1-6710-16e5-63f59d2c24b9@taugh.com> <CAL0qLwYDeV9CmFg9qCCGPse00JV30WRiSC4orC-EitK=hiahgA@mail.gmail.com> <a79dd75-4d73-d1dc-d6b1-272de866b950@taugh.com> <CAL0qLwZXu3FxH7QGBS7PGbeDwfDTGmC=rbPEQidVV4eDJNHLUA@mail.gmail.com> <CAJ4XoYeK2cJb+easc=mqCi4ap1932LmbDdfxM1dFZKrdo2a2mw@mail.gmail.com> <acfe3d9e-97eb-50ee-26a2-568fdd8359dd@taugh.com> <CADyWQ+GJ62jt=dL9Gzuw_O7USNbS=86BqAzu8Rdv9sCb5OpCdw@mail.gmail.com> <d4a00be5-bd61-0c05-3431-8d56b39a3550@tana.it> <8813331f-f5e4-faa5-c6d-11212fc25797@taugh.com> <5d150251-427c-5c44-a0c3-ad2e7f24b692@tana.it>
To: Alessandro Vesely <vesely@tana.it>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/BmNKIfD4ihs62dvEtvksPM9E0GI>
Subject: Re: [dmarc-ietf] Ticket #55 - Clarify legal and privacy implications of failure reports
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Dec 2020 15:23:23 -0000

> On Thu 24/Dec/2020 19:55:07 +0100 John R Levine wrote:
> >> On Thu 24/Dec/2020 03:39:03 +0100 Tim Wicinski wrote:
> >>> I Believe I agree with the current version, but can someone post what we
> >>> think is the final text?
> >
> > See below, with the two changes mentioned before and Mr Copy Edit's minor
> > tightening up which I hope are not controversial.
> >
> > Ale said:
> >> I posted it here:
> >> https://github.com/ietf-wg-dmarc/draft-ietf-dmarc-failure-reporting
> >
> > Hold it. I don't recall that we agreed to break failure reports into a separate
> > document.


> The fact that draft-ietf-dmarc-failure-reporting-00 exists on IETF datatracker
> seems to confirm WG consensus.

I'm not ethusiastic about the split, but if that's what people want then so be
it. I will say that my experience has been that doing so is usually more work
and provides less benefit than you'd expect.

That said, the adoption of something as a WG document, especially one with an
intended status of <none> and in the absence of a corresponding charter update,
doesn't really mean much. 

I also don't see where the discusssion leading to the WG consensus on the
split occurred on the mailing list. Perhaps you could point me at it?


> But see also:
> https://mailarchive.ietf.org/arch/msg/dmarc/2DsSazvE9QxFjVSeg_mdNlRMETM


> > It makes more work and I see no agreement to change anything beyond the
> > security paragraph.  In particular, we have nothing to offer on what one
> > might or might not redact.


> I still think it'd be a good idea to mention RFC 6590...

Why? RFC 6589 documents a generic approach to partial information hiding. It
does not specify how to apply this technique to DMARC failure reports, and
doing so effectively requires a careful assessment of what needs to be hidden
and what does not, and that in turn drags in all of the specifics we need to
avoid in a base document of this sort.

Indeed, as things stand, since the intent of RFC 6589 is to preserve some
information, we can't even say it solves any particular problem with DMARC
failure reports.

				Ned

P.S. I hadn't looked at RFC 6589 before, and I  have to say I find its
standards-track status to be nothing short of astonishing. How on earth do you
assess interoperability?

v2.23.0 | Report a Bug | By Email