Re: [dmarc-ietf] Fwd: I-D Action: draft-ietf-dmarc-psd-10.txt
"Chudow, Eric B CIV NSA DSAW (USA)" <eric.b.chudow.civ@mail.mil> Sun, 21 February 2021 16:49 UTC
Return-Path: <eric.b.chudow.civ@mail.mil>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4AF993A0C70 for <dmarc@ietfa.amsl.com>; Sun, 21 Feb 2021 08:49:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.667
X-Spam-Level:
X-Spam-Status: No, score=-2.667 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.57, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mail.mil
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HNam87nrdVPV for <dmarc@ietfa.amsl.com>; Sun, 21 Feb 2021 08:49:45 -0800 (PST)
Received: from UPDC19PA20.eemsg.mail.mil (UPDC19PA20.eemsg.mail.mil [214.24.27.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 14BB33A0C6F for <dmarc@ietf.org>; Sun, 21 Feb 2021 08:49:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mail.mil; i=@mail.mil; q=dns/txt; s=EEMSG2018v1a; t=1613926185; x=1645462185; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=r7qjRHv+2MfozIeS6ucmLV6An249kmKrVUnNk87O9Hc=; b=jpRGXX1leHNA+Bspp0dwDdoSoqwEhlJW9gYTZadGKeeKHpg5iO6WxA3v 5EaJ8/lxwJaaSre5uEA0RgrQAHWTga12sPzuhJFRAJJpJ08MmXUpl1DkC BT9Jf/HOnASjHgbQdxOJTK5dU41k5G3ak4OG6uv8NfDYqF+OpkglQxR3D BsJzwtPH2uqC690C6d6ba84Li3roTbERPwa73kLisc/lQJxFpfvr0A8MH lUNURRerGj1y/r8ssx450AtadxqxS8DaUsq9NCHTc0/YstoDsbu+kruI2 6SkytquWJPUDBwufA0EQA4zrfJY22fDoQDFG3PjPIgi1BvWuq0d4GAmBV Q==;
X-EEMSG-check-017: 181979386|UPDC19PA20_ESA_OUT02.csd.disa.mil
X-IronPort-AV: E=Sophos;i="5.81,195,1610409600"; d="scan'208";a="181979386"
Received: from edge-mech02.mail.mil ([214.21.130.231]) by UPDC19PA20.eemsg.mail.mil with ESMTP/TLS/DHE-RSA-AES256-SHA; 21 Feb 2021 16:49:41 +0000
Received: from UMECHPAOS.easf.csd.disa.mil (214.21.130.162) by edge-mech02.mail.mil (214.21.130.231) with Microsoft SMTP Server (TLS) id 14.3.498.0; Sun, 21 Feb 2021 16:49:26 +0000
Received: from UMECHPA7D.easf.csd.disa.mil ([169.254.6.57]) by umechpaos.easf.csd.disa.mil ([214.21.130.162]) with mapi id 14.03.0509.000; Sun, 21 Feb 2021 16:49:24 +0000
From: "Chudow, Eric B CIV NSA DSAW (USA)" <eric.b.chudow.civ@mail.mil>
To: 'Douglas Foster' <dougfoster.emailstandards@gmail.com>
CC: "'Murray S. Kucherawy'" <superuser@gmail.com>, 'IETF DMARC WG' <dmarc@ietf.org>
Thread-Topic: [dmarc-ietf] Fwd: I-D Action: draft-ietf-dmarc-psd-10.txt
Thread-Index: AQHXB5ET6UmKpEsHj0KnyPYuL27pUKpizr6Q
Date: Sun, 21 Feb 2021 16:49:24 +0000
Message-ID: <553D43C8D961C14BB27C614AC48FC03128186461@UMECHPA7D.easf.csd.disa.mil>
References: <161144436332.13490.10651420808048876097@ietfa.amsl.com> <CADyWQ+EhD0nz71dLtUFwb9V_6uuen-k6E5fpvrCg3ZYzfr2JSw@mail.gmail.com> <ba38a9e4-7f43-c747-2d90-f35de22a8399@gmail.com> <CAL0qLwZJaEBrXdE9JOZNOJAgR7iEzfMA86Csi2sNtE5JC7ROUQ@mail.gmail.com> <c5cd9239-b204-255a-48a3-1cdccf18464a@gmail.com> <CAL0qLwYrcg__sewPO+EWfJf-5uoHcnQpFqtw-QoXxngHTJvkAA@mail.gmail.com> <e0a4c5eb-b047-67fe-8d76-e5beb921e5ae@gmail.com> <CAH48ZfyZmBp91WjfnNb0W35m+5wFGBonG+hoe2RCK_3N3xd6Xw@mail.gmail.com>
In-Reply-To: <CAH48ZfyZmBp91WjfnNb0W35m+5wFGBonG+hoe2RCK_3N3xd6Xw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [214.21.44.12]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/CHd9A_0LWsW_N6sSLXUbjxhI-H0>
Subject: Re: [dmarc-ietf] Fwd: I-D Action: draft-ietf-dmarc-psd-10.txt
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Feb 2021 16:49:47 -0000
I think it's getting better, but I wouldn't call them Internet Naming Authorities. Should we just call them higher-level entities? Also, while the biggest help that PSD DMARC would make is for non-existent organizational domains, it can also help with other domains that haven't expressed a DMARC policy, so the abstract shouldn't only discuss unregistered domains. How about this: -- DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a scalable mechanism by which a mail-originating organization can express policy preferences for validation and disposition of messages which purport to come from owned domains, as well as requesting feedback reporting about those message validation and disposition actions. These features allow the Domain Owner to detect and inhibit domain name abuse. DMARC is designed for use by individual Domain Owners or organizational Domain Owners for their domains and sub-domains. Consequently, DMARC preferences by higher-level entities that have Organizational Domains below them in the DNS hierarchy cannot be specified for sub-domains in their purview. Those higher-level entities have an interest in detecting and inhibiting domain name abuse for domain names within their section of the DNS tree, and message recipients have an interest in preventing deception by entities using those domain names as well. Since its deployment in 2015, use of DMARC has shown a clear need for the ability to express policy preferences for these domains. Domains at which higher-level entities accept registrations by multiple organizations or other separate entities are referred to as Public Suffix Domains (PSDs). This document describes an extension to DMARC to enable DMARC functionality for PSDs. It also addresses implementations that consider a domain on a Public Suffix List to be ineligible for DMARC enforcement. This document also describes an extension to DMARC to specify separate, often stricter, policy preferences for non-existent sub-domains. -- Thanks, -Eric ___________________________________ Eric Chudow DoD Cybersecurity Mitigations 410-854-5735, eric.b.chudow.civ@mail.mil From: Douglas Foster <dougfoster.emailstandards@gmail.com> Sent: Saturday, February 20, 2021 9:01 AM To: Dave Crocker <dcrocker@gmail.com> Cc: Murray S. Kucherawy <superuser@gmail.com>; IETF DMARC WG <dmarc@ietf.org> Subject: Re: [dmarc-ietf] Fwd: I-D Action: draft-ietf-dmarc-psd-10.txt This wording attempts to address the objections by giving "registration" a specific context. I also rewrote some of it for readability. - - DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a scalable mechanism by which a mail-originating organization can policies and preferences for validation and disposition of messages which purport to come from owned domains, as well as requesting feedback reporting about those message validation and disposition actions. These features allow the domain owner to detect and inhibit domain name abuse. DMARC is designed for use by domain owners. Consequently it has no applicability for domains that have no owner because the domain has never been registered with an Internet Naming Authority. Those authorities have an interest in detecting and inhibiting abuse of the name registration process, and message recipients have an interest in preventing deception by entities using unregistered organization domain names. Domains at which Internet Naming Authorities perform registration are referred to as Public Suffix Domains (PSDs). This document describes an extension to DMARC to enable DMARC functionality for PSDs. This document also seeks to address implementations that consider a domain on a public Suffix list to be ineligible for DMARC enforcement.
- [dmarc-ietf] I-D Action: draft-ietf-dmarc-psd-10.… internet-drafts
- [dmarc-ietf] Fwd: I-D Action: draft-ietf-dmarc-ps… Tim Wicinski
- Re: [dmarc-ietf] Fwd: I-D Action: draft-ietf-dmar… Dave Crocker
- Re: [dmarc-ietf] Fwd: I-D Action: draft-ietf-dmar… Murray S. Kucherawy
- Re: [dmarc-ietf] Fwd: I-D Action: draft-ietf-dmar… Dave Crocker
- Re: [dmarc-ietf] Fwd: I-D Action: draft-ietf-dmar… Murray S. Kucherawy
- Re: [dmarc-ietf] Fwd: I-D Action: draft-ietf-dmar… Barry Leiba
- Re: [dmarc-ietf] Fwd: I-D Action: draft-ietf-dmar… Dave Crocker
- Re: [dmarc-ietf] Fwd: I-D Action: draft-ietf-dmar… Douglas Foster
- Re: [dmarc-ietf] Fwd: I-D Action: draft-ietf-dmar… Chudow, Eric B CIV NSA DSAW (USA)
- Re: [dmarc-ietf] Fwd: I-D Action: draft-ietf-dmar… Steven M Jones
- Re: [dmarc-ietf] Fwd: I-D Action: draft-ietf-dmar… Murray S. Kucherawy
- Re: [dmarc-ietf] Fwd: I-D Action: draft-ietf-dmar… Barry Leiba
- Re: [dmarc-ietf] Fwd: I-D Action: draft-ietf-dmar… Ken O'Driscoll
- Re: [dmarc-ietf] Fwd: I-D Action: draft-ietf-dmar… Dave Crocker
- Re: [dmarc-ietf] Fwd: I-D Action: draft-ietf-dmar… Douglas Foster
- Re: [dmarc-ietf] Fwd: I-D Action: draft-ietf-dmar… Dave Crocker
- Re: [dmarc-ietf] Fwd: I-D Action: draft-ietf-dmar… ned+dmarc
- Re: [dmarc-ietf] Fwd: I-D Action: draft-ietf-dmar… Douglas Foster
- Re: [dmarc-ietf] Fwd: I-D Action: draft-ietf-dmar… Ken O'Driscoll
- Re: [dmarc-ietf] Fwd: I-D Action: draft-ietf-dmar… Alessandro Vesely
- Re: [dmarc-ietf] Fwd: I-D Action: draft-ietf-dmar… Barry Leiba
- Re: [dmarc-ietf] Fwd: I-D Action: draft-ietf-dmar… Dave Crocker
- Re: [dmarc-ietf] Fwd: I-D Action: draft-ietf-dmar… Kurt Andersen (b)
- Re: [dmarc-ietf] Fwd: I-D Action: draft-ietf-dmar… Dave Crocker
- Re: [dmarc-ietf] Fwd: I-D Action: draft-ietf-dmar… Murray S. Kucherawy
- Re: [dmarc-ietf] Fwd: I-D Action: draft-ietf-dmar… Tim Wicinski
- Re: [dmarc-ietf] Fwd: I-D Action: draft-ietf-dmar… Barry Leiba
- Re: [dmarc-ietf] Fwd: I-D Action: draft-ietf-dmar… Tim Wicinski