Re: [dmarc-ietf] WGLC review of draft-ietf-dmarc-dmarcbis-30
Scott Kitterman <sklist@kitterman.com> Sun, 31 March 2024 16:44 UTC
Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9CA9AC14F71E for <dmarc@ietfa.amsl.com>; Sun, 31 Mar 2024 09:44:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.098
X-Spam-Level:
X-Spam-Status: No, score=-7.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b="OUbtEr+O"; dkim=pass (2048-bit key) header.d=kitterman.com header.b="oApssCSB"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9Buntvky23ck for <dmarc@ietfa.amsl.com>; Sun, 31 Mar 2024 09:44:30 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 07E82C14F71D for <dmarc@ietf.org>; Sun, 31 Mar 2024 09:44:29 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) by interserver.kitterman.com (Postfix) with ESMTPS id 22156F80275; Sun, 31 Mar 2024 12:44:18 -0400 (EDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903e; t=1711903443; h=date : from : to : subject : in-reply-to : references : message-id : mime-version : content-type : content-transfer-encoding : from; bh=3PnY++sm2XS4xAC2/py9JfQa/qcI+rfP3D48T8TbCVE=; b=OUbtEr+OQEOsbVyhcggVppd8SFew0+EeHu3IdocRtJDCZjCxJcZWCYn35ZRK3qm6dXPAf wm4sg/N8ci/ucGnBQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903r; t=1711903442; h=date : from : to : subject : in-reply-to : references : message-id : mime-version : content-type : content-transfer-encoding : from; bh=3PnY++sm2XS4xAC2/py9JfQa/qcI+rfP3D48T8TbCVE=; b=oApssCSBNxe+uyd31ab2lBwWcwOlH8qMpvckBJxJwxyzsFYKI8sWeSdbZwHizLZRS7H6C +1wedGLWtSQv8GC1V3Uyk8fItvKU6HLjj1WSm3LYvcX0VbG/s82Ob7tle6sr3kMvUOPPMxp t0efrgo2xyoiAGnbA14olvduVNyXHzUKx71yuK0wVN+BpxStTRbQjI4vVb92SutM+PIDTTg JO4bOUXqYttaYm+qy1DOjeT9eqOsR3UqsiL29im8GUnH1zYs6s19FmNqp0Upm4TjIMX5lig tmaJV+z+UUaDVxPWap2lONfTF+iUmoecvU6c0Ks3IQf+/FecnEEZvze8W/Hg==
Received: from [127.0.0.1] (unknown [50.186.163.153]) by interserver.kitterman.com (Postfix) with ESMTPSA id C578BF80156; Sun, 31 Mar 2024 12:44:02 -0400 (EDT)
Date: Sun, 31 Mar 2024 16:43:53 +0000
From: Scott Kitterman <sklist@kitterman.com>
To: dmarc@ietf.org
In-Reply-To: <CEC36155-584E-46FD-AE3E-AB511CBD843F@bluepopcorn.net>
References: <F5158C76-BD86-4540-965D-F0D8664B6CD9@bluepopcorn.net> <85761761-ad6a-2a19-da82-344ed52c2391@iecc.com> <B4365E6E-00DF-425E-9974-6EE1DE057319@bluepopcorn.net> <4d462513-6c1a-c1da-d62c-68d41bba6465@iecc.com> <CEC36155-584E-46FD-AE3E-AB511CBD843F@bluepopcorn.net>
Message-ID: <EF69D6A7-F83F-4328-A304-A6A6C91B1E5F@kitterman.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/LlSUreN2f9h-JJHfK7u5kONYBuk>
Subject: Re: [dmarc-ietf] WGLC review of draft-ietf-dmarc-dmarcbis-30
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 31 Mar 2024 16:44:34 -0000
On March 31, 2024 3:20:41 PM UTC, Jim Fenton <fenton@bluepopcorn.net> wrote: > > >On 30 Mar 2024, at 17:22, John R. Levine wrote: > >>>>> Entities other than domains: Public suffixes aren’t (necessarily) domains, >>>> >>>> Of course they're domains. What else could they be? The things that are out of scope are IP addresses, ASNs, magic tokens in the messages, stuff like that. >>> >>> I’m probably being pedantic here: is “gov” a domain? >> >> Let's check: >> >> $ dig gov soa >> >> ; <<>> DiG 9.10.6 <<>> gov soa >> ;; global options: +cmd >> ;; Got answer: >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63612 >> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 >> >> ;; OPT PSEUDOSECTION: >> ; EDNS: version: 0, flags:; udp: 1232 >> ;; QUESTION SECTION: >> ;gov. IN SOA >> >> ;; ANSWER SECTION: >> gov. 300 IN SOA a.ns.gov. dns.cloudflare.com. 1711843800 3600 900 604800 300 >> >> Yup, it's a domain. > >I stand corrected on that. > >>> Mine wasn’t a good example. There are a few public suffixes that have more than 5 labels. Presumably that means there are registered domains that are 6 levels down, and my reading of the tree walk is that a policy published there would never be seen. But who knows if they’re actually sending email. >> >> There aren't any in the PSL. That's where the limit of 5 came from. We've had people say there are deeper ones; if there are it wouldn't be hard to bump up the limit from 5 to whatever. > >Might be worth bumping up. Examples: > >execute-api.cn-north-1.amazonaws.com.cn >cn-northwest-1.eb.amazonaws.com.cn > >(Amazon seems to have most of the really long ones) My recollection is that we concluded these types of PSL entries weren't relevant for DMARC. In any case, since Amazon controls everything below .com.cn in these examples, if they were so inclined, they can put a psd=y record wherever they need to. This is not a good example for raising the threshold. If anything, it's an example of why getting away from the PSL is a good idea. Scott K
- Re: [dmarc-ietf] WGLC review of draft-ietf-dmarc-… John R. Levine
- Re: [dmarc-ietf] WGLC review of draft-ietf-dmarc-… Alessandro Vesely
- Re: [dmarc-ietf] WGLC review of draft-ietf-dmarc-… John R. Levine
- [dmarc-ietf] WGLC review of draft-ietf-dmarc-dmar… Jim Fenton
- Re: [dmarc-ietf] WGLC review of draft-ietf-dmarc-… Alessandro Vesely
- Re: [dmarc-ietf] WGLC review of draft-ietf-dmarc-… Jim Fenton
- Re: [dmarc-ietf] WGLC review of draft-ietf-dmarc-… John R. Levine
- Re: [dmarc-ietf] WGLC review of draft-ietf-dmarc-… Jim Fenton
- Re: [dmarc-ietf] WGLC review of draft-ietf-dmarc-… Murray S. Kucherawy
- Re: [dmarc-ietf] WGLC review of draft-ietf-dmarc-… Jim Fenton
- Re: [dmarc-ietf] WGLC review of draft-ietf-dmarc-… John R. Levine
- Re: [dmarc-ietf] WGLC review of draft-ietf-dmarc-… Scott Kitterman
- Re: [dmarc-ietf] WGLC review of draft-ietf-dmarc-… Jim Fenton
- Re: [dmarc-ietf] WGLC review of draft-ietf-dmarc-… Scott Kitterman
- Re: [dmarc-ietf] WGLC review of draft-ietf-dmarc-… Alessandro Vesely
- Re: [dmarc-ietf] WGLC review of draft-ietf-dmarc-… John R. Levine
- Re: [dmarc-ietf] WGLC review of draft-ietf-dmarc-… Scott Kitterman
- Re: [dmarc-ietf] WGLC review of draft-ietf-dmarc-… Seth Blank
- Re: [dmarc-ietf] WGLC review of draft-ietf-dmarc-… Scott Kitterman
- Re: [dmarc-ietf] WGLC review of draft-ietf-dmarc-… Seth Blank
- Re: [dmarc-ietf] WGLC review of draft-ietf-dmarc-… Alessandro Vesely