[dmarc-ietf] Ticket #42 - Expand DMARC reporting URI functionality

John R Levine <johnl@taugh.com> Tue, 01 December 2020 22:21 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA33F3A0596 for <dmarc@ietfa.amsl.com>; Tue, 1 Dec 2020 14:21:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=kcaF2EUT; dkim=pass (2048-bit key) header.d=taugh.com header.b=THpAd0Nb
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2sFkPkSY02VY for <dmarc@ietfa.amsl.com>; Tue, 1 Dec 2020 14:21:50 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC38B3A0639 for <dmarc@ietf.org>; Tue, 1 Dec 2020 14:21:49 -0800 (PST)
Received: (qmail 79393 invoked from network); 1 Dec 2020 22:21:48 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:subject:mime-version:content-type:content-id; s=1361d.5fc6c1fc.k2012; i=johnl-iecc.com@submit.iecc.com; bh=BXeCkYHRtkPgHxm0Y1slQVGNjbPHQqz3Fi/NmSI197M=; b=kcaF2EUTZOZ1VgqI68M+AsMcHhcXr0cRSq+AzExoQ/6R9/cRe5qcY+B5XUAZ9+ewY0bJx75o8ZkJnsOKeWPkSbRoPsoMrTJ8+/FOyj2OsZIECwVa1BNaeeNeS/wJ0pFUmMQvgQoCdVNBZT6o009+//oV31zmigrDPb6U1u/ZHlV4RYYbeF5BWeLGlQVdE/t8k7JhK3wEwxzHn9mnYDfaEtZcaSjJmXdRDb9MqWE0qZiUYi0lAce+VjV80q8eJ9om/6Jiy1gsarObkY5qQwWRGiM82Zh5YQESsoVdEL28LtaRSAL48BNX/gpvEi0cFdXvx+AWpFwvUbgNR9WvkTDPOA==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:subject:mime-version:content-type:content-id; s=1361d.5fc6c1fc.k2012; olt=johnl-iecc.com@submit.iecc.com; bh=BXeCkYHRtkPgHxm0Y1slQVGNjbPHQqz3Fi/NmSI197M=; b=THpAd0Nb5ZisKT1O7zGAHOx0f4DyZP96b5dbO88JxWXb7t2zBH0qroluSwLCb2OI+3nJVEK0p2RcOT+0LA/ugbB1M2TeL45hmWQsjQk6tNoaZOgiQxOaTicUpvbdhhxbj7zIUTmoJrWM/ayo33Ad9pLHqJL8sG82RK4Q8yOTTs+I4yKHGs6E5vJgwRntIMibXMgtTj+HET9kHDDRqAKqAtgJqNFWcoH4xR6zYgECk2R3ofb0D8AkFG+sRWfc7nsN7dF6KV10xZwwPULMlIT/u5dU77wak07rpiujikidZGS+c8p33kZNr1VVGEF+Mg580gopcjySQTY5hgm7rAy8ZQ==
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPSA (TLS1.3 ECDHE-RSA AES-256-GCM AEAD, johnl@iecc.com) via TCP6; 01 Dec 2020 22:21:48 -0000
Date: 1 Dec 2020 17:21:48 -0500
Message-ID: <eb3d06f-c89f-2511-3528-d421473e4d42@taugh.com>
From: "John R Levine" <johnl@taugh.com>
To: dmarc@ietf.org
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0-1471237373-1606861035=:99975"
Content-ID: <39247d61-9dd8-50e1-6316-a9ecc3923af@iecc.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/DvMTzIy_u6HeK2ptGX9x1oy74kQ>
Subject: [dmarc-ietf] Ticket #42 - Expand DMARC reporting URI functionality
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Dec 2020 22:21:52 -0000

We would like to close this ticket by Dec 15, two weeks from now, so short 
trenchant comments are welcome.

Ticket #1 is about https reporting.  Early drafts of the DMARC spec had a 
poorly defined http report which we took out.  I propose we add back https 
reporting similar to that for mta-sts, with a POST of the gzipped report 
to the HTTPS URI.

R's,
John

================================================================

Right now, reporting only functions via mailto: but other
functionality had been previously discussed. Does the group wish to
extend reporting mechanisms?

See: ​https://mailarchive.ietf.org/arch/msg/dmarc/iKpLKGdneTs85ioOiG_RwR5Vssc/

Changed by johnl@…

We can adapt the approach MTA-STS uses in RFC 8460.

If rua= has an https URI, the reporter uses HTTP POST to that URI with
the report as an uncompressed or gzipped XML file as the POST body.
The media type is the same as is used in mail reports, application/xml
or application/gzip. Reports SHOULD be gzipped. If we keep the !size
hack, they MUST be no larger than the size limit.

I suppose failure reports could be posted the same way with the same
message type as if mailed, but they're not usually very big and I
don't think there are many generated.