Re: [dmarc-ietf] OT: Yet another addition to dmarc-rfc7601bis-00
"Murray S. Kucherawy" <superuser@gmail.com> Tue, 20 March 2018 01:11 UTC
Return-Path: <superuser@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7767312D95C for <dmarc@ietfa.amsl.com>; Mon, 19 Mar 2018 18:11:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CBAz1HzAgkkG for <dmarc@ietfa.amsl.com>; Mon, 19 Mar 2018 18:11:53 -0700 (PDT)
Received: from mail-lf0-x229.google.com (mail-lf0-x229.google.com [IPv6:2a00:1450:4010:c07::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC466124C27 for <dmarc@ietf.org>; Mon, 19 Mar 2018 18:11:52 -0700 (PDT)
Received: by mail-lf0-x229.google.com with SMTP id e5-v6so24210753lfb.7 for <dmarc@ietf.org>; Mon, 19 Mar 2018 18:11:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=LCIYg4ILZ+LgqFnEZSPoOrfTgvNy4/lf9S/GJMkgXpw=; b=hLsp+QMbRGvZe04qCOIQn7w2B3jbU4Kle9YJuPuslLppW92SidP4RuQyuOckjYFHEX /Wg3t++XtACmdDTtxCXbqYCwQ9uIDFPlRJsgl9KSl8KAxmCZMLqXaZfkTejw+TTWqiTE KH0ira/mTdQcBhK/6iNg+4JAhs5xK2/KSZJLa8NSSMtAwCSQo2dFXC0up01s7l8uIbJK EdMFil47pqGdT452oIF2tSjZl1lDdqXjCSZ5cQSbsalWuuWM+STxyhOPe8olfcW+MBzL Iw3YS60kxE9LDP/lveQcwHaSfIi6r7BaVNO8cx9iLB7rpXyk9X+z5Wa+RfgH6idZ0eEU NluA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=LCIYg4ILZ+LgqFnEZSPoOrfTgvNy4/lf9S/GJMkgXpw=; b=oStBto0cMrvL9VeJADts3AH9uYWeRdYh8wirOrBqNfw8lZa1gbiXOEcIEZBze81JmF 0fY/+cHH9RS3ZeF7ZnVx1l9pFoOGQ/LLRnlafiF5ky766+rrUo7KTWUNkLIla0Mw2LeR cb3tsCqbpvXfujYePivwlzN8Nb0fbs+Jf80PsJiBrp5LJLGXAh6sPr/Dym6/214TZjra T/0SHvQtXtT4ejG2WzLbgffdgnMupZ2yhrrVelupl8ejRclsh/Ik+x3tdfh6qsOG8EFt iGsWC1gLSy7vK9eT/zE5cxGa0UL8CLd5AJG+lnuGfWcl4GKbabIOr7+6ltMp34NHDowR D+JA==
X-Gm-Message-State: AElRT7GZuX0iKN8sPjE7cB88gPh0XGe27szkGKZeZsl7KjDE0pznaXuG xMvtKsNkFugMPJIyjuQxJ6vWIqdYUOLG3hLE/7Sv6TcJ
X-Google-Smtp-Source: AG47ELsfWn9qFB8nPx3suV/2nVtBjIO3QDpr0kOpHb8iKIvYTHSA4HigdajFAmWVQMsG9icSMUyb/lrN5ZiKMDhYfEA=
X-Received: by 10.46.80.90 with SMTP id v26mr9770211ljd.140.1521508310879; Mon, 19 Mar 2018 18:11:50 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.46.66.82 with HTTP; Mon, 19 Mar 2018 18:11:50 -0700 (PDT)
In-Reply-To: <99872af2-5f67-7690-a24a-b8eec2a5db16@tana.it>
References: <98102864-2dee-c133-f625-7b66976f7519@tana.it> <CAL0qLwZxcfTH4gdGfJM9wL9YdTCzSLJ57by5B_OYntjTgLq_2w@mail.gmail.com> <99872af2-5f67-7690-a24a-b8eec2a5db16@tana.it>
From: "Murray S. Kucherawy" <superuser@gmail.com>
Date: Tue, 20 Mar 2018 01:11:50 +0000
Message-ID: <CAL0qLwYUut1QvP7Avvb1WwjjZpLEGA5iYXFxzE1-=0uMPQtiZQ@mail.gmail.com>
To: Alessandro Vesely <vesely@tana.it>
Cc: dmarc@ietf.org, Matthias Leisi <matthias@leisi.net>
Content-Type: multipart/alternative; boundary="f403045fc1bc64949b0567cdc264"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/FgMLYI0zPKaE3qmuN0scc8Dwrnk>
Subject: Re: [dmarc-ietf] OT: Yet another addition to dmarc-rfc7601bis-00
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Mar 2018 01:11:55 -0000
On Mon, Mar 19, 2018 at 5:29 PM, Alessandro Vesely <vesely@tana.it> wrote: > On Sun 18/Mar/2018 13:43:56 +0100 Murray S. Kucherawy wrote: > > On Sun, Mar 18, 2018 at 11:25 AM, Alessandro Vesely <vesely@tana.it > > <mailto:vesely@tana.it>> wrote: > > > > Would it be possible to insert a dnswl method in the new spec? > > [...] > > > > > > I'd prefer to do this as its own document. The current one is feeling > very > > "kitchen sink" already, and this change has more meat to it than the > others > > that have been requested. > > A-R's spec has been a medley of methods since its first appearance. I deem > that's very practical, especially compared to an unreferenced, obscure > document. Not to mention the cost of issuing an extra RFC just for that > method. I posted the xml so as to minimize editorial work on your side, in > case you change your mind. > There are some that have been part of the base A-R specs (DKIM, SPF) but some that have not (VBR, SMIME, RRVS). I think this one warrants a separate specification. You already have the draft. > I have a few things I'd like to see done differently in your expired > draft: > > > > * "dnswl" is specifically a whitelist; should we also register "dnsbl"? > Or do > > we really need two distinct entries for the same mechanism? > > My feeling is that dnsbl is not an authentication of any kind. For lists > like, > for example, Spamhaus SBL, a positive lookup does not identify a sender > domain. > In addition, MTAs are already plenty of options about whether and how to > drop > relevant messages. What would be a use case for dnsbl? > I don't see a difference. If you don't do a flat accept on a dnswl hit and instead want to provide the information to some inner agent that can evaluate it, then you have to accept the idea that someone might want to do the same thing on a dnsbl hit (or a DKIM failure, or an SPF failure, etc.). > > * I think "policy.txt" is under-specified. A downstream agent shouldn't > be > > expected to know how to decode this, and it can change from one > implementation > > to the next. > > Rfc5782 doesn't say much on TXT records from white lists. FWIW, > Courier-MTA > implementation needs an additional setting to query ANY or TXT rather than > just > A[*]. I set that because the specific dnswl I use often conveys the domain > name in the TXT record, which is consistent with other A-R methods. > One of the purposes of A-R since the beginning is to spare downstream agents from having to do any more parsing. Passing a raw TXT reply is antithetical to that purpose. What would you do with this downstream? Should the spec recommend that all lists do so? I added Section 3 in an > attempt to accomplish that: > https://tools.ietf.org/rfcdiff?url2=draft-vesely-authmethod-dnswl-07.txt > > > * Why repeat "policy.ip" for multiple replies, rather than > comma-separating the > > various replies? > > No reason, easily changed. > You added "Multiple entries MAY be arranged in a comma-separated list", but I don't think that contributes to interoperability. You should be normative here. -MSK
- [dmarc-ietf] OT: Yet another addition to dmarc-rf… Alessandro Vesely
- Re: [dmarc-ietf] OT: Yet another addition to dmar… Alessandro Vesely
- Re: [dmarc-ietf] OT: Yet another addition to dmar… Murray S. Kucherawy
- Re: [dmarc-ietf] OT: Yet another addition to dmar… Alessandro Vesely
- Re: [dmarc-ietf] OT: Yet another addition to dmar… Murray S. Kucherawy
- Re: [dmarc-ietf] OT: Yet another addition to dmar… Alessandro Vesely