IETF Logo Mail Archive

Re: [dmarc-ietf] The description of psd=n

Scott Kitterman <sklist@kitterman.com> Sat, 16 March 2024 19:13 UTC

Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9FA94C14F5EC for <dmarc@ietfa.amsl.com>; Sat, 16 Mar 2024 12:13:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b="vm695KDJ"; dkim=pass (2048-bit key) header.d=kitterman.com header.b="ryj4tmCF"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CW1A6yvGNp-Z for <dmarc@ietfa.amsl.com>; Sat, 16 Mar 2024 12:13:37 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 872A2C14F5E4 for <dmarc@ietf.org>; Sat, 16 Mar 2024 12:13:37 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) by interserver.kitterman.com (Postfix) with ESMTPS id 88C99F8022F for <dmarc@ietf.org>; Sat, 16 Mar 2024 15:13:20 -0400 (EDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903e; t=1710616385; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from; bh=zD+uFd+TrH2VAsL7vBABb0tcO3weY2BSM4F1uO8kgdY=; b=vm695KDJiSchY1kyKOsi2BzcergkmarrST3WQvbG1Qrt5qtyBsrv0w29s2RaZPIaXDu2J bD6gcbtxjPC7mNMBg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903r; t=1710616385; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from; bh=zD+uFd+TrH2VAsL7vBABb0tcO3weY2BSM4F1uO8kgdY=; b=ryj4tmCFt4FLC1uGPVCKFfQjIfJC2nTsa4h/A7y8xnF6dXVp1E0KDcngLVeS9+xHCVIzr ZdsvyMx5zKywjihzK+Af2UN5mWqhwaS9wnNMF9wNjF8UCkRzX9ndtAHWp2ovqf6smdNi71u ffi2p3GKNelruX83LLqUWPMtP+8xp0BI/tPG5sGelvYHGK0aZTjjEMypNs7vLv9vkxiRtgZ 4ACRzU6GB82Ke7Geqn5tnfgEwt30ee5yjPADZKeaiWJMpZL7KY94ZqZ55mO/vcR7elKn2Yx tyUPQofROkV/WSspgLpHix7uN5LU4jFuOHhbSfzWs6pF0aydphirHKKX0UNA==
Received: from zini-1880.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) by interserver.kitterman.com (Postfix) with ESMTP id 01A6BF80211 for <dmarc@ietf.org>; Sat, 16 Mar 2024 15:13:04 -0400 (EDT)
From: Scott Kitterman <sklist@kitterman.com>
To: dmarc@ietf.org
Date: Sat, 16 Mar 2024 15:13:01 -0400
Message-ID: <2637962.Ch096OxSE4@zini-1880>
In-Reply-To: <d3ad272c-a94e-409f-afd1-9e410c32409c@tana.it>
References: <courier.0000000065E6FDF1.00005F05@wmail.tana.it> <F182FE1C-77B5-40EE-9066-0D92AD9A24FD@kitterman.com> <d3ad272c-a94e-409f-afd1-9e410c32409c@tana.it>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/NB0tbN2XxMsyf7c5pkR_lubWeQg>
Subject: Re: [dmarc-ietf] The description of psd=n
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Mar 2024 19:13:41 -0000

On Wednesday, March 6, 2024 6:04:01 AM EDT Alessandro Vesely wrote:
> On 05/03/2024 21:47, Scott Kitterman wrote:
> > On March 5, 2024 8:10:46 PM UTC, Todd Herr 
<todd.herr=40valimail.com@dmarc.ietf.org> wrote:
> >> On Tue, Mar 5, 2024 at 1:30 PM Scott Kitterman <sklist@kitterman.com> 
wrote:
> >>> On March 5, 2024 2:47:47 PM UTC, Todd Herr 
<todd.herr=40valimail.com@dmarc.ietf.org> wrote:
> >>>> On Tue, Mar 5, 2024 at 6:12 AM Alessandro Vesely <vesely@tana.it> 
wrote:
> >>>>> Section 5.3, in the format description of psd:
> >>>>>         n:  The DMARC policy record is published for a PSD, but it is
> >>>>>         the
> >>>>>         
> >>>>>            Organizational Domain for itself and its subdomain.  There
> >>>>>            is
> >>>>>            no need to put psd=n in a DMARC record, except in the very
> >>>>>            unusual case of a parent PSD publishing a DMARC record
> >>>>>            without
> >>>>>            the requisite psd=y tag.
> >>>>> 
> >>>>> Perhaps a "not" is missing between "is" and "published"?  I'd
> >>>>> just say the domain is not a PSD /and/ it is the
> >>>>> Organizational Domain for itself and its subdomain. >>>>>
> >>>> 
> >>>> You may be correct in your assertion here; I'll wait for others to
> >>>> weigh
> >>> 
> >>> in.
> >>> 
> >>>> In the meantime, Issue 126 has been opened to track this.
> >>> 
> >>> I think it's missing a not, but is overwise fine.
> >> 
> >> John Levine commented directly on issue 126
> >> <https://github.com/ietf-wg-dmarc/draft-ietf-dmarc-dmarcbis/issues/126>,
> >> 
> >> indicating that he believes the text should read (emphasis added by me):
> >>        n:  The DMARC policy record is published for a PSD, but it is NOT
> >>        the
> >>        
> >>           Organizational Domain for itself and its subdomain.  There is
> >>           no need to put psd=n in a DMARC record, except in the very
> >>           unusual case of a parent PSD publishing a DMARC record without
> >>           the requisite psd=y tag.
> >> 
> >> I think this is the correct place to put the 'not', as it's consistent
> >> with
> 
> >> the second sentence here, as well as this text from the following 
sections:
> I thought psd=n means the domain is not a PSD.  Why would the text say
> the opposite?
> 
> >> 4.8 Organizational Domain Discovery - "If a valid DMARC record contains
> >> the
> >> psd= tag set to 'n' (psd=n), this is the Organizational Domain, and the
> >> selection process is complete."
> 
> This says psd=n means the domain IS the org domain.
> 
> >> 11.8 Determination of Organizational Domain for Relaxed Alignment -  "If
> >> a
> >> PSD domain publishes a DMARC record without the appropriate psd=y tag,
> >> organizational domain owners can add psd=n to their organizational
> >> domain's
> >> DMARC record so that the PSD record will not be incorrectly evaluated to
> >> be
> >> the organizational domain."
> 
> Ditto.
> 
> Besides, to say that a record is "published for" may sound as indicating
> who are the target readers of such publication.  Holding that a domain
> owner publishes psd=n in the hope that its PSO will read it and
> consequently amend its own record is not a valid interpretation of the
> text proposed above...
> 
> Shouldn't it be thus:
> 
>        n:  The domain is NOT a PSD, it is the Organizational Domain for
>           itself and its subdomain.  There is no need to put psd=n in a
>           DMARC record, except in the very unusual case of a parent PSD
>           publishing a DMARC record without the requisite psd=y tag.
> 
> Best
> Ale

Yes.  I've reviewed the change in the rev 31 draft in Git and the not was 
added in the wrong place.

Please update rev 31 and then close the issue again.

Scott K

v2.23.0 | Report a Bug | By Email