Re: [dmarc-ietf] Final, I hope, tweaks to the tree walk
Scott Kitterman <sklist@kitterman.com> Wed, 29 June 2022 10:41 UTC
Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3DBFC15A74D for <dmarc@ietfa.amsl.com>; Wed, 29 Jun 2022 03:41:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b=z0QcAQ8T; dkim=pass (2048-bit key) header.d=kitterman.com header.b=bofMHeRC
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3TXfd2BitKgj for <dmarc@ietfa.amsl.com>; Wed, 29 Jun 2022 03:40:56 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 80155C159486 for <dmarc@ietf.org>; Wed, 29 Jun 2022 03:40:56 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [IPv6:2604:a00:6:1039:225:90ff:feaa:b169]) by interserver.kitterman.com (Postfix) with ESMTPS id 43F11F802BB; Wed, 29 Jun 2022 06:40:53 -0400 (EDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903e; t=1656499253; h=date : from : to : subject : in-reply-to : references : message-id : mime-version : content-type : content-transfer-encoding : from; bh=t9MmaJTCDMp/E17kNvtD4sHmy4Rbciw8gqOQ7F8HymA=; b=z0QcAQ8TwxAhjlYfvWtWxx/4jIwXIwx0D3vmSIIy/fi1ya8AmBUk27lopNyUVDsA0cvFy E1LiTqwQ8G9SbvNCg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903r; t=1656499253; h=date : from : to : subject : in-reply-to : references : message-id : mime-version : content-type : content-transfer-encoding : from; bh=t9MmaJTCDMp/E17kNvtD4sHmy4Rbciw8gqOQ7F8HymA=; b=bofMHeRCRUaTYQMcVg1BKnnsWG20f52cEatLL1SKenIinNMifQDQ4gEvQL9iFHMhzG+YT CaU+u14hCAheSLr8RxOoXl1kv+ITV5fKkwmCnPuf7BlimvoEx0QtJrMZbuE5zsh46qasDKH 5P5fIQnipF4at1/UWSdmf7M0rx4xY6ctx5oClFL+WWZGBgQS2h+JSDJVVc+M/EDMhrxO9ID SQ2EhK0UoXcRgIaqAJHIQx56K2ymlXyyIq4uuPbEKMu+UsbmgMq4R2n5y7vsXkLa6V/fxTg 83NAUN7tQPNu0N5BalfV+4Q8l+FeZLp/HsUZkYrDXhPEE0aianbrNYdFbMqQ==
Received: from [127.0.0.1] (unknown [198.28.188.2]) by interserver.kitterman.com (Postfix) with ESMTPSA id A9499F801D9; Wed, 29 Jun 2022 06:40:52 -0400 (EDT)
Date: Wed, 29 Jun 2022 10:40:36 +0000
From: Scott Kitterman <sklist@kitterman.com>
To: dmarc@ietf.org
In-Reply-To: <7b584f9f-1e03-93f7-bb8a-0a899dfdfe8c@tana.it>
References: <20220626154211.6893F4452D0F@ary.qy> <2bc4e123-8711-7538-599e-727d8ea9caff@tana.it> <bedf51e9-6fe6-d52b-1083-bac67d8906ea@taugh.com> <be56e041-d588-c8e7-bd37-bf2858773b75@tana.it> <ED978D2A-ADD1-4FFA-B101-239D333019CB@kitterman.com> <7b584f9f-1e03-93f7-bb8a-0a899dfdfe8c@tana.it>
Message-ID: <05C14229-67E4-475E-AD2E-0421E122BEA5@kitterman.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/MSmuOyU8-E6mcNNjYqrgn1-VNRg>
Subject: Re: [dmarc-ietf] Final, I hope, tweaks to the tree walk
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jun 2022 10:41:01 -0000
On June 29, 2022 10:16:00 AM UTC, Alessandro Vesely <vesely@tana.it> wrote: >On Tue 28/Jun/2022 18:46:18 +0200 Scott Kitterman wrote: >> On June 28, 2022 4:33:15 PM UTC, Alessandro Vesely <vesely@tana.it> wrote: >> >>> What can one find continuing the walk after psd=y? >>> >>> For example, let's consider an imaginary bank, com.bank, say. They use that domain as corporate domain, and have a DMARC record. They also delegate zones to local subsidiaries. One of them, uk.com.bank in turn delegates to other banks in the UK and sends mail like uk.com. So you may end up having a DMARC record at each level: >>> >>> bank -> psd=y, >>> com.bank -> psd=n or psd=u (for private use), >>> uk.com.bank -> psd=y. >>> >>> Does our model support that? How else should they set their records up? >> >> I think that's sufficiently obscure that I doubt we care, but I think it is supported just fine. >> >> The only nuance is that in this scenario, mail that is 5322.from uk.com.bank would have to use 5321.mailfrom and DKIM d= uk.com.bank. Subdomains wouldn't align, which I think is fine. > > >However, if you continue the tree walk after uk.com.bank, you'll find the org domain is com.bank. That way, d=whatever.com.bank in a signature would be aligned, which is not correct. Why is it not correct? If it shouldn't be used for alignment, then come.bank should have psd=y. >> The operational distinction between a PSD and a non-PSD is that subdomains of a PSD are different organizations and subdomains of non-PSDs are part of the same organization. I believe that's the correct distinction. > >Yes. If uk.com.bank is a part of com.bank as an organization, then alignment with other subdomains within com.bank is appropriate. If they aren't, then come.bank's record is wrong. I think you have answered the question you asked John regarding why not stop if psd=y in step 2. The current process produces a more logically consistent result than if that constraint were added (in this admittedly contrived case). Scott K
- [dmarc-ietf] Final, I hope, tweaks to the tree wa… John R. Levine
- Re: [dmarc-ietf] Final, I hope, tweaks to the tre… Scott Kitterman
- Re: [dmarc-ietf] Final, I hope, tweaks to the tre… Alessandro Vesely
- Re: [dmarc-ietf] Final, I hope, tweaks to the tre… John Levine
- Re: [dmarc-ietf] Final, I hope, tweaks to the tre… Alessandro Vesely
- Re: [dmarc-ietf] Final, I hope, tweaks to the tre… John R Levine
- Re: [dmarc-ietf] Final, I hope, tweaks to the tre… Alessandro Vesely
- Re: [dmarc-ietf] Final, I hope, tweaks to the tre… Scott Kitterman
- Re: [dmarc-ietf] Final, I hope, tweaks to the tre… John R Levine
- Re: [dmarc-ietf] Final, I hope, tweaks to the tre… Scott Kitterman
- Re: [dmarc-ietf] Final, I hope, tweaks to the tre… Alessandro Vesely
- Re: [dmarc-ietf] Final, I hope, tweaks to the tre… Alessandro Vesely
- Re: [dmarc-ietf] Final, I hope, tweaks to the tre… John R Levine
- Re: [dmarc-ietf] Final, I hope, tweaks to the tre… Alessandro Vesely
- Re: [dmarc-ietf] Final, I hope, tweaks to the tre… Scott Kitterman
- Re: [dmarc-ietf] moving past pad=y? Douglas Foster
- Re: [dmarc-ietf] moving past pad=y? Murray S. Kucherawy
- Re: [dmarc-ietf] Final, I hope, tweaks to the tre… Alessandro Vesely
- Re: [dmarc-ietf] Final, I hope, tweaks to the tre… Scott Kitterman
- Re: [dmarc-ietf] moving past pad=y? Douglas Foster
- Re: [dmarc-ietf] Final, I hope, tweaks to the tre… Scott Kitterman
- Re: [dmarc-ietf] Final, I hope, tweaks to the tre… John Levine
- Re: [dmarc-ietf] Final, I hope, tweaks to the tre… Scott Kitterman