IETF Logo Mail Archive

Re: [dmarc-ietf] Doing a tree walk rather than PSL lookup

John Levine <johnl@taugh.com> Tue, 24 November 2020 17:21 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 24E133A0A2C for <dmarc@ietfa.amsl.com>; Tue, 24 Nov 2020 09:21:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.049
X-Spam-Level:
X-Spam-Status: No, score=0.049 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=FeavMwqi; dkim=pass (2048-bit key) header.d=taugh.com header.b=LQeFbyyC
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oTbmXxB_6QBq for <dmarc@ietfa.amsl.com>; Tue, 24 Nov 2020 09:21:44 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 890D93A0A29 for <dmarc@ietf.org>; Tue, 24 Nov 2020 09:21:44 -0800 (PST)
Received: (qmail 69193 invoked from network); 24 Nov 2020 17:21:43 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=10e45.5fbd4127.k2011; bh=82E23BdelowRJCxiiFrxW4KXIW2lSD37jXzPyOV7kCw=; b=FeavMwqi/Fw1NPM62e9jCIvKI4AcN0wwhNpcOLG2HoC36Ri8e5diEF3eVhGa1NqUm/duRYEWo4Rq3epYvbT1X+H3oTtzUd6D2WvkjqV1Lk1MqonIDQwxKdGMYbLHN6pH4jrIqwGfdvEJp524YNYAGBFZx1nfyFQQMhZ34cNU4HVztVpvT6Gl4PbJvGu41LkVLRo0y7yDf6jJKVq9OeVlF6UJNGQRjh05nPsjHkn+dd2VPRqO1mUeIFZH3gTnp3SFnnKeVOU6/ljwb18ho9HeiJi5ILgmK7s/qkbBVI3AshH3azp89Hv8sJ6CzSiVhEw5b0b+NLbzkPOVjvDM5iCYjw==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=10e45.5fbd4127.k2011; bh=82E23BdelowRJCxiiFrxW4KXIW2lSD37jXzPyOV7kCw=; b=LQeFbyyCTpVd/AWz5VEJHoKWmIUIeNLLTyR9RfEd2EQ7qwIA6fR8cn/hS6XGKayCEkPIrvmhcXKIWuNA5jYQ4io842N/nfOiZ8ckA+oCtZNcjAs20o9c1k4zTOLemWo5rKPeY6VPcudnw+1JZU0s33bXvBuRnTA+sk3ImcMK5cBqRDrPayVQNTVrY/xqeWYnoAPZsZv+Vu7EOFfXr2CxZnwTbmuWnRk+a39cTM+K0beZf2c5rD9UIhYF+ewK0T73OyzxKbAtYEZAKOLr/E8yfMEC0yeCLeh1gC+/z5q3pOvPLKBbDBif83HNEqOtujCCnBus9mbE9Zm+fiHOU2a4Nw==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 24 Nov 2020 17:21:42 -0000
Received: by ary.qy (Postfix, from userid 501) id 3721027E0851; Tue, 24 Nov 2020 12:21:41 -0500 (EST)
Date: Tue, 24 Nov 2020 12:21:41 -0500
Message-Id: <20201124172142.3721027E0851@ary.qy>
From: John Levine <johnl@taugh.com>
To: dmarc@ietf.org
Cc: jesse.thompson@wisc.edu
In-Reply-To: <9ab0d7b9-2e35-f64b-02ea-a111c10acabd@wisc.edu>
Organization: Taughannock Networks
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/GJkXr4XLixzmwHjG59tab7Pn7LM>
Subject: Re: [dmarc-ietf] Doing a tree walk rather than PSL lookup
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Nov 2020 17:21:46 -0000

In article <9ab0d7b9-2e35-f64b-02ea-a111c10acabd@wisc.edu> you write:
>So if acme.example publishes aspf=s adkim=s 
>It does not prevent finance.acme.example from publishing aspf=r adkim=r
>Which would align widgets.acme.example with finance.acme.example even if the intent was to only align
>delegated-esp.finance.acme.example with finance.foo.example

With the tree walk, I was thinking that if the tree walk finds a _dmarc record, that acts
as the organizational domain, so finance.acme.example can only allow alignment with itself
or its descendants.

This is different from the way that OD works now, but the questions are is it worse, and what
will break if we do it.

R's,
John

v2.23.0 | Report a Bug | By Email