Re: [dmarc-ietf] PSD simplification

Dave Crocker <dhc@dcrocker.net> Wed, 12 December 2018 18:00 UTC

Return-Path: <dhc@dcrocker.net>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 559BD131195 for <dmarc@ietfa.amsl.com>; Wed, 12 Dec 2018 10:00:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dcrocker.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EYoxrxZpGyQ1 for <dmarc@ietfa.amsl.com>; Wed, 12 Dec 2018 10:00:06 -0800 (PST)
Received: from simon.songbird.com (simon.songbird.com [72.52.113.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2241013119D for <dmarc@ietf.org>; Wed, 12 Dec 2018 10:00:06 -0800 (PST)
Received: from [192.168.1.168] (76-218-8-128.lightspeed.sntcca.sbcglobal.net [76.218.8.128]) (authenticated bits=0) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id wBCI0w0Y009460 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 12 Dec 2018 10:00:58 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dcrocker.net; s=default; t=1544637658; bh=5u/We6+Dfca00hVxBXf3hFP1UgLJWFSgVZiMNcEjkO8=; h=Subject:To:Cc:References:From:Reply-To:Date:In-Reply-To:From; b=RF5AUjlGzxEV4U+yJ0+ZAB5z53QpHK9V3205edRehjDJpKxeSHA1aC736rRImfD8h QrdUc/kLrNqESaZdLiGUxZEaBW30dUXPums8aUZtn3RjYxbp4dU8r5lXLOXk/7UrWY GSXS3Dqkp2g9ptyBRiuCjXZ65plQL/pP9WsVMGMM=
To: John R Levine <johnl@taugh.com>
Cc: dmarc@ietf.org
References: <20181212165914.36A76200B6363D@ary.qy> <67d0e491-9e87-0219-cb94-e8e897daeff9@dcrocker.net> <alpine.OSX.2.21.1812121239060.8453@ary.qy>
From: Dave Crocker <dhc@dcrocker.net>
Reply-To: dcrocker@bbiw.net
Organization: Brandenburg InternetWorking
Message-ID: <34f1d56b-d6c4-6fec-1a94-0355c9404c92@dcrocker.net>
Date: Wed, 12 Dec 2018 09:59:59 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.3.3
MIME-Version: 1.0
In-Reply-To: <alpine.OSX.2.21.1812121239060.8453@ary.qy>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/NroYPWZB7MHqPp8e69ddccuy83Y>
Subject: Re: [dmarc-ietf] PSD simplification
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Dec 2018 18:00:08 -0000

On 12/12/2018 9:47 AM, John R Levine wrote:
> On Wed, 12 Dec 2018, Dave Crocker wrote:
>> 3. Given queries for MX record, don't we already have massive exposure 
>> of this privacy-related info in DNS activity?  How would this be so 
>> much more (and/or worse)?
> 
> Particularly with large passive DNS databases, you're right.  I believe 
> that Scott's point was that we can try not to make it worse.

This is a point worth pressing on.  Hard.

The source of the pressure is that the cost of a queriable registry is 
high.  Very, very high.  So creating one needs to have a very compelling 
justification.  I don't see how this one comes close.


>>>  a lot of mail.  (Real mail, they're the county govermnent.)  This is
>>>  easily addressed by clients ignoring the report advice in the OD
>>>  parent record.
>>
>> What does it mean for a /client/ to ignore the advice in the OD parent 
>> record?  I thought that record was for servers.
> 
> I meant the DNS client, which is likely to be the mail server receiving 
> a message.

Besides retrieving information and passing it up to its caller, the DNS 
client has nothing at all to do with using advice in an OD parent 
record.  Hence my confusion about your text.  So I think you meant "This 
is easily addressed by receivers ignoring the report adivce in the OD 
parent record."

Contrary to many other occasions, I'm not being this picky just for fun. 
  These topics seem to engender confusion in lots of folk and lots of 
discussions, and so I think it important to be very careful about 
terminology and references.


d/

-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net