Re: [dmarc-ietf] Thoughts on choosing N
Todd Herr <todd.herr@valimail.com> Wed, 17 April 2024 13:42 UTC
Return-Path: <todd.herr@valimail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 499C4C14F6A0 for <dmarc@ietfa.amsl.com>; Wed, 17 Apr 2024 06:42:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.086
X-Spam-Level:
X-Spam-Status: No, score=-7.086 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iJl22gtG5jEL for <dmarc@ietfa.amsl.com>; Wed, 17 Apr 2024 06:42:41 -0700 (PDT)
Received: from mail-yb1-xb34.google.com (mail-yb1-xb34.google.com [IPv6:2607:f8b0:4864:20::b34]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 15C50C14F60E for <dmarc@ietf.org>; Wed, 17 Apr 2024 06:42:40 -0700 (PDT)
Received: by mail-yb1-xb34.google.com with SMTP id 3f1490d57ef6-dbed179f0faso551925276.1 for <dmarc@ietf.org>; Wed, 17 Apr 2024 06:42:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; t=1713361359; x=1713966159; darn=ietf.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=kCV0BNlVbgQNvuWBzemc3zAJKvnapphB3xgDYbDrlcw=; b=LSDcRfC18X7oY91ZvtmhXes/CeLWm/DIWV8aMX+cNyS1E4UaHhn/sZAx4ogoQyXVNq tF8mZDWofsvxhP5TsboqmRCoNB2JQo9emHLgGsgxjTh3wn3G7h8tIYZqhNtaD0ojsRQA grqEqm5nP3YrAz4AV1djHR+eZH6gBhaE5ALNls+jcZxV+7ESt8pf8K1kkGdjmFPMnczY wocjUu7vyWSo/O3786FvulKQTj4urgF4y252+h61Q8qPq27VOvHBcFX5m3NHzUPgTycz TS7qK3NvPbxnGTJbtAPu0de7HNLE77nQZyYntwX7zNlUS04I5uOmj2fLQ1Uvoo/Wsg3A ThSg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713361359; x=1713966159; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=kCV0BNlVbgQNvuWBzemc3zAJKvnapphB3xgDYbDrlcw=; b=o+j/MwumsV5TDLwKBB1KCMP7ZYvMAnxTmD8tTkmipMErnRm9JQnKeSc2aJNVfP4LU5 C5nfoaR716m7IcLKwN9AUTQvFB7FuQadOTyYtJYs9JLxLx/kpkDtGUtjJrXh/ByNr/I/ iI9+HuwPPVIl1smZMV05ceg/AIShBluHxBVrWPmbfVJ235jTc8fzxBSRY0WKTYXR6lkP /vNLSDLKaza6+84WsBBt9sL94diXsX45oWJqXfPw1hpTAu9S7VQxRZ3tbPTH0vNcJW3x TOYa9cybwyM8xBq/Sii/aRMpavJCvkuqgGqj7/dVG5ne/3wANlMgZfJ9c0MQADm7hB06 M8eg==
X-Gm-Message-State: AOJu0YwjNKI9QlhChGcWus/yh/oObkoJIjdGX6OlS9Xq5InnRaQLCWKP PDmRedtHDJRN+aBVHfuJBIDyhAf+WwItRRcPFAh5vgQqBZJPqXxLVbNj0fJDe01QlAv0GMMhiL4 bVBrB8nXxLh7sWXZz01ijaanifm5M2+exIqCU5zH7HfGvyb+pykU=
X-Google-Smtp-Source: AGHT+IGtPNJlOolq0ysrZETNqIW3kK3vC34rNTnO2gCJDm2InIgMaKxgd1sm68W0FgYCiwhtqpK4oPP6mlspdfExFL4=
X-Received: by 2002:a25:1fc6:0:b0:dc2:3a05:489 with SMTP id f189-20020a251fc6000000b00dc23a050489mr4148399ybf.14.1713361359490; Wed, 17 Apr 2024 06:42:39 -0700 (PDT)
MIME-Version: 1.0
References: <CAOZAAfPwJHKGyLjTkdGDqkMeK4RQX4Fj0rw-Upn0cLZ+cE74aA@mail.gmail.com> <CAH48Zfx-w5LWO5VuK2posywHRF8O1wijTk35H-01e3JaL=V5=A@mail.gmail.com> <CAHej_8kEFqDax7hrSmiDodE-kQf4K6JvinKDqFtqTZXb+g-uzA@mail.gmail.com> <2109607.sSyRYrMuh2@zini-1880>
In-Reply-To: <2109607.sSyRYrMuh2@zini-1880>
From: Todd Herr <todd.herr@valimail.com>
Date: Wed, 17 Apr 2024 09:42:23 -0400
Message-ID: <CAHej_8kHJU9_T4sf7aMAiD-qzmpH8KBOeN=fBawHCBNk2N5y3g@mail.gmail.com>
To: dmarc@ietf.org
Content-Type: multipart/alternative; boundary="000000000000346ab506164b070a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/Hpt7WcYcdqbUzC_s6Xv529ZxUm4>
Subject: Re: [dmarc-ietf] Thoughts on choosing N
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Apr 2024 13:42:45 -0000
On Wed, Apr 17, 2024 at 1:06 AM Scott Kitterman <sklist@kitterman.com> wrote: > > I am confused. > > Under the current (7489) rules a record for _dmarc.c.d.e.f.tld won't be > found > either in this case. Why do we need to support something that is > currently > unsupported? > > We picked n=5 to allow the current org level record to be detected by the > tree > walk. It's true that the tree walk provides some additional flexibility > for > subordinate organizations within what we would call a DMARC org domain > based > on RFC 7489, but that was by no means anything we ever described as a > feature > or a goal. > I don't share your understanding here. I interpret some of the text of https://github.com/ietf-wg-dmarc/draft-ietf-dmarc-dmarcbis/issues/79, "Do away with the PSL and Org Domain entirely; just walk the tree" to at least imply that the tree walk was designed to provide this flexibility, to wit: When DMARC was first developed, there was concern about DNS load and needing to minimize DNS lookups. Operational expertise now shows that this is no longer cause for concern. Short circuiting a tree walk has led to many issues, like a reliance on the PSL, complicated algorithms for Org Domain discovery, many types of domains (PSDs, per https://tools.ietf.org/wg/dmarc/draft-ietf-dmarc-psd/) being unable to utilize DMARC even though they wish to, and larger organizations (such as universities and governments) that are comprised of sub-organizations that use subdomains having material problems getting everything authenticated. All these issues disappear, and DMARC becomes a lot simpler conceptually, if DMARC simply walks the DNS hierarchy for the exact sending domain down to the TLD until it finds a DMARC record, and stops. It's the second paragraph, specifically the "and larger organizations..." bits to which I'm referring here. > Even if some organizations have very deep DNS trees, the fact that some > entity > uses a.b.c.d.e.f.tld doesn't affect DMARC. The record for the top level > of > their organization will still be found. > > In any case, any domain, at any depth in the tree can publish their own > DMARC > record if they need some special thing. The value of N does not affect > that at > all. > > Fair enough. You're correct that a DMARC policy can be published for any specific domain used as the RFC5322.From domain, so perhaps a bit of text in the Tree Walk section describing the really deep use case and the solution for it might be a compromise. -- Todd Herr | Technical Director, Standards & Ecosystem Email: todd.herr@valimail.com Phone: 703-220-4153 This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system.
- Re: [dmarc-ietf] Thoughts on choosing N John Levine
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Alessandro Vesely
- [dmarc-ietf] WGLC editorial review of draft-ietf-… Seth Blank
- Re: [dmarc-ietf] WGLC editorial review of draft-i… John Levine
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Seth Blank
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Douglas Foster
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Alessandro Vesely
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Mark Alley
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Alessandro Vesely
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… John Levine
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Seth Blank
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Murray S. Kucherawy
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Murray S. Kucherawy
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Murray S. Kucherawy
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Richard Clayton
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Seth Blank
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Tero Kivinen
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Alessandro Vesely
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Brotman, Alex
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Dotzero
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Tim Wicinski
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Todd Herr
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Tim Wicinski
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Jim Fenton
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Alessandro Vesely
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Brotman, Alex
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Todd Herr
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Murray S. Kucherawy
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… John Levine
- Re: [dmarc-ietf] ARC, was WGLC editorial review o… Alessandro Vesely
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Tim Wicinski
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Laura Atkins
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Dotzero
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Scott Kitterman
- Re: [dmarc-ietf] WGLC editorial review of draft-i… Scott Kitterman
- Re: [dmarc-ietf] the long march, WGLC editorial r… John R. Levine
- Re: [dmarc-ietf] the long march, WGLC editorial r… Scott Kitterman
- Re: [dmarc-ietf] SPF follies, WGLC editorial revi… Neil Anuskiewicz
- Re: [dmarc-ietf] the long march, WGLC editorial r… Murray S. Kucherawy
- Re: [dmarc-ietf] Thoughts on choosing N Douglas Foster
- Re: [dmarc-ietf] Thoughts on choosing N Alessandro Vesely
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N Todd Herr
- Re: [dmarc-ietf] Thoughts on choosing N Murray S. Kucherawy
- Re: [dmarc-ietf] Thoughts on choosing N Douglas Foster
- Re: [dmarc-ietf] Thoughts on choosing N John Levine
- Re: [dmarc-ietf] Thoughts on choosing N Douglas Foster
- Re: [dmarc-ietf] Thoughts on choosing N John Levine
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N (choose 6) Douglas Foster
- Re: [dmarc-ietf] Thoughts on choosing N Todd Herr
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N John Levine
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N Todd Herr
- Re: [dmarc-ietf] Thoughts on choosing N Alessandro Vesely
- Re: [dmarc-ietf] Thoughts on choosing N John Levine
- Re: [dmarc-ietf] Thoughts on choosing N Neil Anuskiewicz
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N Scott Kitterman
- Re: [dmarc-ietf] Thoughts on choosing N Douglas Foster
- Re: [dmarc-ietf] Thoughts on choosing N Alessandro Vesely