Re: [dmarc-ietf] Ruminating the tree walk
Douglas Foster <dougfoster.emailstandards@gmail.com> Mon, 04 April 2022 02:03 UTC
Return-Path: <dougfoster.emailstandards@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id BFF8D3A1DF7
for <dmarc@ietfa.amsl.com>; Sun, 3 Apr 2022 19:03:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 3AF5pm35heM8 for <dmarc@ietfa.amsl.com>;
Sun, 3 Apr 2022 19:03:29 -0700 (PDT)
Received: from mail-ot1-x329.google.com (mail-ot1-x329.google.com
[IPv6:2607:f8b0:4864:20::329])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 6103C3A18F4
for <dmarc@ietf.org>; Sun, 3 Apr 2022 19:03:29 -0700 (PDT)
Received: by mail-ot1-x329.google.com with SMTP id
88-20020a9d0ee1000000b005d0ae4e126fso4348688otj.5
for <dmarc@ietf.org>; Sun, 03 Apr 2022 19:03:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=mime-version:references:in-reply-to:from:date:message-id:subject:to;
bh=RX8YQua7WLW8OECoa0L2GHJHDH7BCVAPf7mEOgiljDY=;
b=jdPQ1ljpwoa1ZbXnzcXC/XOIiKbpwZlx9QWB9lvTqZZVn2BCkkD4S9I6UT/SF+Ahqs
kgNs7OmQjOegnmmQIIzhENraGI68GF1fw+SJm5JoCaT6WugbWao5ntIrTGq5nfrRYSTL
cEjmZkoRW4k7DIHBvETP3G8VOjoBbNmEt2eGcfLtZfcybQT/3zgQCivtpjYVgI2kc2TX
XAJgHBIdrbKCjMmzDVReXJXmCl6OHD9pjaO68SxJ5jVkQk2psUNzzejVI2rZuUFk3af+
1fUpE21TAACKKe9z+ZaTkS1MF8plwkFJsqH+FKu1nuaKSZ3cLySotZHsFpYJT+UCpyZc
AHdg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to;
bh=RX8YQua7WLW8OECoa0L2GHJHDH7BCVAPf7mEOgiljDY=;
b=Tdn2QjahxjfqFWZFwOMz0ewvhK3saYIY4d0R5qKRR8KIMNWb6mJ/sUDOqsaDGzVgJv
AwAiV4wOeSmAp+Xh/+xjn0BVWmN+/X5Sq8U8lgdfPohNY7Se4rPwCEW7/4t2EYXN8Fjl
ccpzSBUjkSkaIvip1RR+riIjJPiqjZ6IwHlAtmmGiWYPm+6KlOjkaGe3D81FKgrmpVyf
sfnig5/5pnj7bKFVMgTMJDcei1Ff/GVwmgdFXVOC2Bl6fielZvF5aMhGH3GfeDoR31IH
PCHR2fCIogSLzhqI0TClwuV3s3i9SOimAdZo6Gh44ZFXGE9oMGAbvA/+Pv8HwUmfPYj7
Nzzg==
X-Gm-Message-State: AOAM531HkOSghdvIf6lqjRO055fkEBMq/9YKcVv9bbD23DwnmQIozYO0
++/EENt2+QqQq+x5cEE2/zZsBnbWkWJr5Vr+k8bjv4wt
X-Google-Smtp-Source: ABdhPJyHSzAap+BH0H4QeILtsTQ6Fdm+6tVQj5nevfOfh+IhGQKZjct81uqADi2fx4E3EYKQllqQMKNg4ML5lwfjnXQ=
X-Received: by 2002:a9d:5d0e:0:b0:5af:5a2d:9b43 with SMTP id
b14-20020a9d5d0e000000b005af5a2d9b43mr11289027oti.268.1649037808081; Sun, 03
Apr 2022 19:03:28 -0700 (PDT)
MIME-Version: 1.0
References: <164789584226.30456.9564261134406099481@ietfa.amsl.com>
<CAH48ZfydWRgbMTpifJT_Md+muYnm3TeP+-9ULxcoEoB1oVYD7Q@mail.gmail.com>
<aef95e07-bc42-7a13-8f89-080397ef85cf@tana.it> <3890985.9lyzESmaKy@zini-1880>
<995e74ff-9a40-72c7-3d3f-9b5fd196573e@tana.it>
<CALaySJ+x57TPsxPQXV5sVBz_wF4QYzX2ip0pGqfYyF7bwoPvEQ@mail.gmail.com>
In-Reply-To: <CALaySJ+x57TPsxPQXV5sVBz_wF4QYzX2ip0pGqfYyF7bwoPvEQ@mail.gmail.com>
From: Douglas Foster <dougfoster.emailstandards@gmail.com>
Date: Sun, 3 Apr 2022 22:03:18 -0400
Message-ID: <CAH48ZfzeL6K0X9pg9QpyZ+dy96ceC9vKc_bYMbZkcZCyHJfAFg@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c59eb005dbca88d6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/I_ZOWiyB4LpcViXJUSja5FqWqqs>
Subject: Re: [dmarc-ietf] Ruminating the tree walk
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting,
and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>,
<mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>,
<mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Apr 2022 02:03:35 -0000
The problem remains that the tree walk only provides a reliable result if it has complete information about private registries, and we have no way of knowing if the tree walk provides that information. Because these processes are voluntary opt-in mechanisms, we cannot assume that all private registries will publish the appropriate indicators. To solve the problem, we need an indicator from the organization. that it either (a) contains no private registries, (b) contains private registries and the registration point is tagged with an indicator, or (c) contains private registries but tagging is incomplete or not usable. For (c), the organization boundary cannot be determined reliably so only strict alignment can be used (or the PSL could be consulted.) This private-registry status indicator would need to be on the PSD-registered organization domain policy. The most efficient way to find a PSD-registered organization policy is top down, as Scott originally proposed. Doug On Sun, Apr 3, 2022 at 9:11 AM Barry Leiba <barryleiba@computer.org> wrote: > An alternative here is a pointer to one or two open-source implementations > that readers can refer to if they want to. That keeps the document tight > while providing access to implementation examples. > > Barry > > On Sun, Apr 3, 2022 at 7:27 AM Alessandro Vesely <vesely@tana.it> wrote: > >> On Sun 03/Apr/2022 01:35:16 +0200 Scott Kitterman wrote: >> > On Wednesday, March 23, 2022 6:59:08 AM EDT Alessandro Vesely wrote: >> >> Hm... >> >> >> >> On Wed 23/Mar/2022 03:08:35 +0100 Douglas Foster wrote: >> >>> During my ruminations last night, I gained some clarity around that >> >>> question and wanted to highlight those conclusions. They simplify the >> >>> alignment search significantly: >> >>> >> >>> - If the common substring is shorter than the Organizational Domain, >> then >> >>> the names are not aligned and the candidate domain can be ignored. >> >>> >> >>> - Otherwise, if any candidate domain is a parent of (or equal to) the >> FROM >> >>> domain, then and we have alignment and DMARC PASS. The secondary tree >> >>> walk is not needed and no further evaluation is required. >> >>> >> >>> - If several candidate names are child domains of the FROM address, >> then >> >>> only the shortest string needs to be evaluated with a secondary tree >> >>> walk. If it is aligned, further evaluation is not required. If it is >> >>> not aligned because of an organizational boundary, all other child >> >>> domains are also excluded. >> >> >> >> That and the deeper-than-5 optimization Doug posted on a separate >> message. >> >> >> >> I know the document is already longish. However, collecting these >> >> observations in an appendix may be helpful for developers, and maybe >> also >> >> for general understanding of the intricacies involved in the tree walk, >> >> including proper usage of the psd= flag. >> > >> > I think we do need to add some additional clarity, which I plan to >> draft, but >> > let's not go overboard. We are trying to describe a protocol, not a >> > implementation specification. So far, in my experience, the extra code >> > required to address short cuts like this is not justified by the >> improved >> > 'efficiency'. I don't think these need to be in the document. >> >> >> I agree that the efficiency is determined more by having a dedicated >> caching >> resolver than by the algorithm. And the importance of setting up DNS >> will >> never be stressed enough. >> >> I was thinking rather to a walk through the tree walk (no pun intended), >> to be >> read by domain owners and programmers alike, to help understanding what's >> good, >> what's bad, what's normal and what's exceptional. >> >> Having such an appendix permits the actual algorithm to be stated in a >> concise, >> formal expression. The last description, for example, uses two steps, 2 >> and 7, >> to advise to discard non-DMARC records. Step 8 repeats the directive >> already >> given in step 3. That language is neither formal nor friendly. >> >> >> Best >> Ale >> -- >> >> >> >> _______________________________________________ >> dmarc mailing list >> dmarc@ietf.org >> https://www.ietf.org/mailman/listinfo/dmarc >> > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc >
- [dmarc-ietf] I-D Action: draft-ietf-dmarc-dmarcbi… internet-drafts
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dma… Douglas Foster
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dma… Scott Kitterman
- [dmarc-ietf] 5.5.4. Publish a DMARC Policy for th… Alessandro Vesely
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dma… Douglas Foster
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dma… Scott Kitterman
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Scott Kitterman
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dma… Douglas Foster
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dma… Douglas Foster
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dma… Douglas Foster
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dma… Douglas Foster
- [dmarc-ietf] Ruminating the tree walk Alessandro Vesely
- Re: [dmarc-ietf] Ruminating the tree walk Douglas Foster
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dma… Scott Kitterman
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-dma… Scott Kitterman
- Re: [dmarc-ietf] Ruminating the tree walk Scott Kitterman
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Scott Kitterman
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… John Levine
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Alessandro Vesely
- Re: [dmarc-ietf] Ruminating the tree walk Alessandro Vesely
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Douglas Foster
- Re: [dmarc-ietf] Ruminating the tree walk Barry Leiba
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… John R Levine
- Re: [dmarc-ietf] Ruminating the tree walk Douglas Foster
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Alessandro Vesely
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Douglas Foster
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Scott Kitterman
- Re: [dmarc-ietf] Ruminating the tree walk Scott Kitterman
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Scott Kitterman
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Todd Herr
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… John R Levine
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Alessandro Vesely
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… John R Levine
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… John Levine
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Alessandro Vesely
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Alessandro Vesely
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… John R Levine
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Scott Kitterman
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Scott Kitterman
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Scott Kitterman
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Scott Kitterman
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… John Levine
- Re: [dmarc-ietf] PSD vs org, 5.5.4. Publish a DMA… John R Levine
- Re: [dmarc-ietf] PSD vs org, 5.5.4. Publish a DMA… Scott Kitterman
- Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy fo… Alessandro Vesely
- Re: [dmarc-ietf] PSD vs org, 5.5.4. Publish a DMA… Alessandro Vesely
- Re: [dmarc-ietf] PSD vs org, 5.5.4. Publish a DMA… John Levine