IETF Logo Mail Archive

Re: [dmarc-ietf] "psd=" tag early assignment

Douglas Foster <dougfoster.emailstandards@gmail.com> Sat, 09 July 2022 12:31 UTC

Return-Path: <dougfoster.emailstandards@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C94DC14CF07 for <dmarc@ietfa.amsl.com>; Sat, 9 Jul 2022 05:31:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NN5ttFuKlExI for <dmarc@ietfa.amsl.com>; Sat, 9 Jul 2022 05:31:23 -0700 (PDT)
Received: from mail-oa1-x33.google.com (mail-oa1-x33.google.com [IPv6:2001:4860:4864:20::33]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 006F9C14F73B for <dmarc@ietf.org>; Sat, 9 Jul 2022 05:31:22 -0700 (PDT)
Received: by mail-oa1-x33.google.com with SMTP id 586e51a60fabf-10be0d7476aso1778554fac.2 for <dmarc@ietf.org>; Sat, 09 Jul 2022 05:31:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=7YQdkCZmurzB6ylOn/SUQF6QZNaAa62VBitKrFj0/4g=; b=oydxYhU+ZWWvHzwFsWwfZj4Nzfeic4yhAEuJ1iSf8VDhbmIhPh9OdZuo9Cp5qKKP8k oZmbv7aRTG7udVMrbYY+0bJvHD6bxpZwD1jk84RLVc2kmhhKdHxTvtrPVv4ffXtYBlnk Qw5n9BtE7VT4ynVe/etkNu1kvhO4vXunUQSyuN0niLEuaAmk46R/cS07JE5tzbvpkooC h9nytV+K/otgM/1PLDT0DauUy+jdI8TBTM5oTsDINU5QboCTn566dq1xJmCez1D6iauu kfXGGn8xelEn6agQasMBGmmQMKtEbMEJsMNmbuIkK0kNW/yX/uet6Dbcu488tDRqFCCe dwTg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=7YQdkCZmurzB6ylOn/SUQF6QZNaAa62VBitKrFj0/4g=; b=w/rwtO0J654sQ3pF1h3aroJ4OGxhlMZG1+ySOgf6Y33JBBer22JqvHmZscLo6YpTpO oxHZm6HgEUPvQ3IdYY270HCVeLYPZIpTqJQsmdMLWYD9KwvEzMveIpb9eX8rVPsNTEyH jSVQwmd4eycMe6CR1x+C5aKuNMsaL/4N6mNAyu5cbPjzm03PjMDISP6G4w34Uivg4rHr H/eZ4rPxw60KHwDRL7HH6WYvdMoQ/HSpk3QKOUqwBSjfbC/jhVAOpuYxCJscjUW/e0UM e7t04mQ80a2p+q3nUtpzrMVzFP4W/k4zZBJQqstDJWTnfxx+BkNCZPkbq7sye3DbLjYG W6SA==
X-Gm-Message-State: AJIora8uI0W7uvV19K1mTzadzo05X4fjZeTqDMJUnmLsFWFr8IxmDIX6 EpreAxwXu0y6h6t7B6X3BOLk+ScuB6c6gxdzxwY=
X-Google-Smtp-Source: AGRyM1thv24bwfqcjl4faZFca/XBb5mzk644wcQVHy1i/cJADz0sI6MjffoWffdc7CMecRiyVSTN5CICt7qFOVEm6SE=
X-Received: by 2002:a05:6870:ac14:b0:10c:1d60:d4d2 with SMTP id kw20-20020a056870ac1400b0010c1d60d4d2mr2602774oab.58.1657369881779; Sat, 09 Jul 2022 05:31:21 -0700 (PDT)
MIME-Version: 1.0
References: <b87b71c5-c4bc-b963-06eb-dd94cca1340d@tana.it> <20220707203257.0602A45178AF@ary.qy> <CAH48Zfwvbkeq8CzXeb959Ehv-Gc9KxBc-Q5Op25oU1GGNF=NQg@mail.gmail.com> <CAL0qLwYNVZSBYnBWx7ASHGO00_FrUB1NW=vrNHji+K3F0NrOPw@mail.gmail.com> <CALaySJKNvatCE25T0ZAJ8eZqxNHxgW2q1N9qDoWfZqmaC+rjcg@mail.gmail.com>
In-Reply-To: <CALaySJKNvatCE25T0ZAJ8eZqxNHxgW2q1N9qDoWfZqmaC+rjcg@mail.gmail.com>
From: Douglas Foster <dougfoster.emailstandards@gmail.com>
Date: Sat, 09 Jul 2022 08:31:11 -0400
Message-ID: <CAH48ZfzGjKgocq15gUa-wR=rwSBCTKAA33t1oNAYjts5i6i9DQ@mail.gmail.com>
To: Barry Leiba <barryleiba@computer.org>
Cc: "Murray S. Kucherawy" <superuser@gmail.com>, IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000010a12705e35e7fce"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/E6xXKUN5aBT-Cu3qoxvCaY0iljA>
Subject: Re: [dmarc-ietf] "psd=" tag early assignment
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 09 Jul 2022 12:31:23 -0000

I see no personal attack.   John was clear, and has been clear, that he has
no intention of documenting any limitations or risks associated with the
tree walk, because in his judgement, they are not important.   My concern
is about a document that creates a new vulnerability, then fails to
document it.  The private registries DO create complexities for the tree
walk, complexities that have been trivialized instead of being mitigated.

But if you wish to endorse the current document.  Let's do so honestly:

"The tree walk is vulnerable to false PASS if certain combinations of
present and missing data occur.   Even though this has happened in the
past, it is the firm opinion of some work group members that this will not
ever occur in the future.   Therefore the details of a non-problem are of
no interest to DMARC participants."

My issue is with the document.

Doug


On Fri, Jul 8, 2022 at 2:50 PM Barry Leiba <barryleiba@computer.org> wrote:

> >> So John has confirmed that it is his intent to hide any information
> about private registries, because the
> >> private registries create complexity for his algorithm which he does
> not wish exposed.
> >
> > I submit that equating "this is not worth explaining as it's a corner
> case" to "we should hide this detail
> > because I don't want anyone to know about it" is logically absurd as
> well as baldly antagonistic.
>
> Agreed, and thanks, Murray.
>
> Doug, I've called out others for similar things, and you get it here:
> Please do not attribute bad intent to other participants, and please
> do not put things in terms of accusations or in ways that seem only to
> pour tar.
>
> A response such as, "John, I strongly disagree: I think it's really
> important to talk about at least some uncommon cases in order to make
> the situation clear.  Discussing private registries in one of those
> important cases, as they create complexities for the algorithm that
> need to be shown," gives your technical opinion without being
> insulting or inflammatory.
>
> Barry
>

v2.23.0 | Report a Bug | By Email