Re: [dmarc-ietf] Question regarding RFC 8617

Dave Crocker <dcrocker@gmail.com> Thu, 07 November 2019 17:28 UTC

Return-Path: <dcrocker@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48127120977 for <dmarc@ietfa.amsl.com>; Thu, 7 Nov 2019 09:28:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HFqTJYfaXwFg for <dmarc@ietfa.amsl.com>; Thu, 7 Nov 2019 09:28:28 -0800 (PST)
Received: from mail-ot1-x334.google.com (mail-ot1-x334.google.com [IPv6:2607:f8b0:4864:20::334]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C80912097C for <dmarc@ietf.org>; Thu, 7 Nov 2019 09:28:28 -0800 (PST)
Received: by mail-ot1-x334.google.com with SMTP id 94so2694392oty.8 for <dmarc@ietf.org>; Thu, 07 Nov 2019 09:28:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=Db4aXyXqy+JEi2go1c/6O1Y2ewCHXZuFTzQE03+TFsY=; b=CKypHuHv3A02aLV+XGfWeAb8kr2IEn74cMyyShD5Ye6Bfo6zheKzeZVJFQygNFOOqQ C71GwAHwfUJqOfaBjcLYSLOdIpkC5P2JuaNXRptFShN0jsM0BUU7sRc4KJQt4REta1TT gEUMpPD3fj1+GSAofuqVud06ogQ9LtoJmw6zdxBqoAabKtT2f/+aOcA31RZNqW3uGV3F 7BfCcwwlnnjWwUTNyWVmnMoEQh8HakeTIysUdnikiCeP1ibgEnT6VoJLB74gw8WBMGXN V+zQBJmyzfe1Nk7EGBN0Z3oMx6Rj0pSPnvZFRb9OmHceTj3GFGsxC/eW5mxS6d5Dql7H mMaw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=Db4aXyXqy+JEi2go1c/6O1Y2ewCHXZuFTzQE03+TFsY=; b=Nv10WTIA9S0NKRmXZa4uTLhbfyDH1qj+X+cKSoOtIF2ggjLddl6kY15GlBMRnYXBiK K5ONZs0kLCjp8aEeZHGfmBz01XRIABnsZgMtt0yUXMKhBH71Tbz+FciXwiuOkZyC8Onn SO9uRgPwPQja5PWeXxWA4+ed3htnvnqlHhRGR8+fXKLknrDZm13nKibY7w0JCZrnMzT8 FdRf62SjI1b/P5zr/0Y8ajY5DA5RakUcktlcLE/UbV4cLyC9aPZVuIQR59WMrD5tfPeF xGlirfYebDEIvULB/Nbuh3JmCg91qcOA6az6xZ2Ak3kXBOuE7jBnmCSk4/wcppkmdYR3 UN8g==
X-Gm-Message-State: APjAAAW0MjycSdn+UhpfJqxh5I4dbJ0mFXOBUd6gAWONrL4aAm4Bw5nM yKK/KOSURl+sVQO5LZP0Aco=
X-Google-Smtp-Source: APXvYqyWIqlS6CICyhOK44MxSlKy/0vSjiGJQsduoWPAoFUTLNz03f9n8rS7c8yiQXf937wTf1fxVg==
X-Received: by 2002:a05:6830:1611:: with SMTP id g17mr4030861otr.29.1573147707693; Thu, 07 Nov 2019 09:28:27 -0800 (PST)
Received: from ?IPv6:2600:1700:a3a0:4c80:911f:9579:419e:7fa6? ([2600:1700:a3a0:4c80:911f:9579:419e:7fa6]) by smtp.gmail.com with ESMTPSA id w26sm929037otm.28.2019.11.07.09.28.26 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 07 Nov 2019 09:28:26 -0800 (PST)
To: Brandon Long <blong=40google.com@dmarc.ietf.org>, "Kurt Andersen (b)" <kboth@drkurt.com>
Cc: "dmarc@ietf.org" <dmarc@ietf.org>, "Weist, Bill" <William.Weist@iqvia.com>
References: <BN7PR05MB416368F6F754F6B6E0095648FA7F0@BN7PR05MB4163.namprd05.prod.outlook.com> <CABuGu1rsiK0VWXCZXqhLvbO0bULBPZD+JuQ9LqwzMr05MSnLpQ@mail.gmail.com> <CABa8R6vVRT_y_RyL6+vgi9-e4-ySbLUuQewD8kRwSv9U+8w0YQ@mail.gmail.com>
From: Dave Crocker <dcrocker@gmail.com>
Message-ID: <2b25082c-34b2-93f6-9412-6b669652e317@gmail.com>
Date: Thu, 7 Nov 2019 09:28:22 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <CABa8R6vVRT_y_RyL6+vgi9-e4-ySbLUuQewD8kRwSv9U+8w0YQ@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/C2-H8V_8f2tfGS75I_arF1yGLrQ>
Subject: Re: [dmarc-ietf] Question regarding RFC 8617
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Nov 2019 17:28:30 -0000

On 11/6/2019 9:43 AM, Brandon Long wrote:
> What's more, the point of including Subject and other mutable headers is 
> the same as it is for DKIM, those are the headers which are important to 
> the receiver, so they should be validated.


This being a technical list, I'm going to get picky and note that DKIM 
does not 'validate' those fields.

There is a derivative data integrity benefit, between signing and 
validated, for such fields, but that is quite different from any claim 
that the contents of those fields are 'valid'.

Some signing sites have much more stringent uses of DKIM than are 
provided by the standard.  That's fine, of course, but it has nothing to 
do with the standard.  Hence any receive-side reliance on such signer 
data validation is outside the DKIM standard.

d/

-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net