Re: [dmarc-ietf] PSDs in draft-ietf-dmarc-psd

"John Levine" <johnl@taugh.com> Thu, 27 June 2019 10:52 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4BF82120234 for <dmarc@ietfa.amsl.com>; Thu, 27 Jun 2019 03:52:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.749
X-Spam-Level:
X-Spam-Status: No, score=-1.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=AwJpdlCc; dkim=pass (1536-bit key) header.d=taugh.com header.b=W1xNsGry
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d_nmuZ3Akx9u for <dmarc@ietfa.amsl.com>; Thu, 27 Jun 2019 03:52:21 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5EE91120137 for <dmarc@ietf.org>; Thu, 27 Jun 2019 03:52:21 -0700 (PDT)
Received: (qmail 94464 invoked from network); 27 Jun 2019 10:52:19 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=170fd.5d149fe3.k1906; i=johnl-iecc.com@submit.iecc.com; bh=au+FHp/c38eh9YjI4vKmIyRiVXbMuP09Z8uVCOlOb9E=; b=AwJpdlCcrAiVUPq29z6Y2GzcSoklWkbzvxwb8a8UqZk+ze1o4oQIiYiB2/PNHd0Vv6XJphbqTHhfON0PcQ9xJgO9jrZxqSUwuXzetv10Cnq3O5GuS68bTBP9WdWEU+b8ftTiW52Co9F8L6ISmneWDH5z0sj14hoYCgTiPqTUAeOSWoZ3pS5RBMuNtN+33AMGsTevSTn02Ljv+svXPyK51J3wslg34rlyHSgePGDj5FLWBk0Ytk1w9SHToVGaFm0y
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=170fd.5d149fe3.k1906; olt=johnl-iecc.com@submit.iecc.com; bh=au+FHp/c38eh9YjI4vKmIyRiVXbMuP09Z8uVCOlOb9E=; b=W1xNsGryIqlYgflfxqRjxyKZj9j+HTeHZ6DgByzGWrGmyrrqv7zK9VhVcXSfpcoeIsZK32gcfRPG8YfayBUnpEbBqRxff2EDTJOpzp1WllJs5FcFQVjPEsNRXB5YnrEDpjlD9pur01I3BhBkRua9dyiQ50aBdT+KtndFVz7UBlO9p6n8qm+3IFJGOuwZBonujk6640K6raQHGLq8DvQ7pPWEbpBSH4cMfheDxtbRo6I4QiejLin6yHKb1fHQ23Sp
Received: from ary.local ([199.91.196.51]) by imap.iecc.com ([64.57.183.75]) with ESMTPSA (TLS1.2 ECDHE-RSA AES-256-GCM AEAD, johnl@iecc.com) via TCP; 27 Jun 2019 10:52:19 -0000
Received: by ary.local (Postfix, from userid 501) id 48BA5201676392; Thu, 27 Jun 2019 11:52:16 +0100 (+01)
Date: 27 Jun 2019 11:52:16 +0100
Message-Id: <20190627105217.48BA5201676392@ary.local>
From: "John Levine" <johnl@taugh.com>
To: dmarc@ietf.org
Cc: superuser@gmail.com
In-Reply-To: <CAL0qLwYzTVRMHUucfcYPNvxwX6Dd10qGN7A=6CyQ5q12GcAq+Q@mail.gmail.com>
Organization: Taughannock Networks
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/F_O23g8a5Q5NjFQAvtZmsIAiE30>
Subject: Re: [dmarc-ietf] PSDs in draft-ietf-dmarc-psd
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Jun 2019 10:52:23 -0000

>I concur.  Does anyone know of such a policy statement from ICANN?  I don't
>recall it being present in, say, any of the DNS RFCs, but there are so many
>of those now...

Hi from ICANN 65 in Marrakech.

The gTLD registry contracts say directly or indirectly what's allowed
in each TLD zone.  Here's the language in the base registry agreement
that the new TLDs all use:

https://newgtlds.icann.org/sites/default/files/agreements/agreement-approved-31jul17-en.html#exhibitA.1

For the older TLDs, notably .com, the contract refers to Consensus Policies,
which are at https://www.icann.org/resources/pages/registrars/consensus-policies-en

One of those policies is the Registry Services Evaluation Policy
(RSEP) which is at
https://www.icann.org/resources/pages/registries/rsep/policy-en

Here's the list of RSEP requests:

https://www.icann.org/resources/pages/rsep-2014-02-19-en

Adding a dmarc record to individual TLD would need an RSEP, for which
an RFC would likely be helpful but probably not essential.  The RSEP
process for things that are not politically controversial is not
particularly hard.

Adding them to all of the TLDs could be a new consensus policy, or
maybe a change to the base agreement.  How to do that is above my
pay grade.

R's,
John