Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-aggregate-reporting-09.txt
Douglas Foster <dougfoster.emailstandards@gmail.com> Thu, 27 April 2023 11:05 UTC
Return-Path: <dougfoster.emailstandards@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA103C14CE5D for <dmarc@ietfa.amsl.com>; Thu, 27 Apr 2023 04:05:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.094
X-Spam-Level:
X-Spam-Status: No, score=-2.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nv9S0fa1eZwb for <dmarc@ietfa.amsl.com>; Thu, 27 Apr 2023 04:05:02 -0700 (PDT)
Received: from mail-lj1-x230.google.com (mail-lj1-x230.google.com [IPv6:2a00:1450:4864:20::230]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2F94CC14CE53 for <dmarc@ietf.org>; Thu, 27 Apr 2023 04:05:02 -0700 (PDT)
Received: by mail-lj1-x230.google.com with SMTP id 38308e7fff4ca-2a8afef50f2so79798931fa.2 for <dmarc@ietf.org>; Thu, 27 Apr 2023 04:05:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1682593500; x=1685185500; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=cunFlvkO+bzJsR/pMigOZgIW6MQ7g5atk9RWu9pELbE=; b=Q7uwIpLJhAwTC1xbMRavLoZd+Jcvavaq7dqTHAP3e9Fq26XMOe9Wo9hbxomJmAzcJZ VknUGSwE9dnH8BFmub9ukq+w7s1N6zNUUJmcckbcDUIOjDwWDHKq/w4+0ZtZ/NMts9LB Td1+BE7QsNSKICiKdDOGfuh77VkmG7TG3B+HuTbmtEogA2yCbi5bHpLQEJIUWPhqWoSV SnwDYm2dbAM82tfSRlNNQD02hkbIVTUuG8CeC3K6/ihHhmhw5LX79jSXfBFYYHzFcm1p 3BJEmKGKAzuzyPcNI0l5tv3N+xA/NoR9YhR5FGcEocd5E7Ac0yhtp6ly1GgjQx0Gnjhf haDw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1682593500; x=1685185500; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=cunFlvkO+bzJsR/pMigOZgIW6MQ7g5atk9RWu9pELbE=; b=gP2VOI8N3XCbQrew2ETKBmYcjnBwaDHV7PMiRMII/4TpHyOTqPzOtvRVuAd+x51kkU ozK+ogd6yReZEfbunTsTNldVjUCRCM6sYMCI5ojdMmYHMYnYVbiF0OaRKNqs515JzGDK K5VZbfj4trQw+M1QbWd8xMJlY8/TOeO6DH0CaF7vQDkmWZ6F3NaKMajzXUrh0Mkp30OX mLA5kXc2iWgvA6Eewqga/xhdSwKBc+S2l4QmIjtLc5zpshXDOs6F7ln1N44Bgx/7KZSR ns/P3kCfHMaDNlM4MsR24iXKKF+rADQpurm8tiVo44gP939AYA/Z8IXD8RgvigiBxshN jLNQ==
X-Gm-Message-State: AC+VfDymAEEstSbrKFv1K9r2A1kgmjWfN9caSUovicaMT+GbRjlqmXoL QnQOibB5obYCHjkElKS5U/3q06FLndbf0IY0iuvp0Rl1848=
X-Google-Smtp-Source: ACHHUZ7oYgnj8uDTc/xzqzPZm8Kjd+nIp2smmgTFlB0Zp3Cr3gO3+ETsWW14QpiR3Y4jB1muAEUCbUfE60IGe/1CwsQ=
X-Received: by 2002:a2e:6a03:0:b0:2aa:481b:b439 with SMTP id f3-20020a2e6a03000000b002aa481bb439mr492657ljc.21.1682593499810; Thu, 27 Apr 2023 04:04:59 -0700 (PDT)
MIME-Version: 1.0
References: <168237954548.59430.5667500092734033047@ietfa.amsl.com> <MN2PR11MB4351A122FFE05229D0A5A493F7679@MN2PR11MB4351.namprd11.prod.outlook.com> <cd906cf7-187b-4c8d-8aee-aa9e1990d8b4@iecc.com> <CAJ4XoYeVH9JHc=03PkaR_btJ8oBk1YtBvwfY6wKMhUjC1qzC0g@mail.gmail.com> <1f0147d2-26e1-36cb-d3d7-2e669d3f95e3@iecc.com>
In-Reply-To: <1f0147d2-26e1-36cb-d3d7-2e669d3f95e3@iecc.com>
From: Douglas Foster <dougfoster.emailstandards@gmail.com>
Date: Thu, 27 Apr 2023 07:04:47 -0400
Message-ID: <CAH48Zfy_tjzJzrpA_-ifZUSQN_oQtahSAjnARMxd=J1vmKd9WQ@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000db8fbe05fa4f5326"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/OCCLIUKtSFCeqUjwYsf9xnfXsBw>
Subject: Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-aggregate-reporting-09.txt
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Apr 2023 11:05:05 -0000
There are options on TLS failure. Mandatory TLS is actually pretty common, since PCI DSS, HIPAA and GDBR have all been interpreted as requiring TLS on email. For outbound mail, our MTA is configured to drop the connection if encryption cannot be established. I think this configuration option has become pretty common in commercial products. Domains that cannot accept encrypted traffic are handled with secure web relay (Zixmail or one of its many imitators.) In the case of a report recipient that cannot accept TLS traffic, we would simply drop the destination. For inbound mail, my organization has concluded that data security is the responsibility of the sender, so we do accept unencrypted messages. By and large, mandatory TLS will be implemented consistently, rather than on a specific message like a DMARC report, so I don't know how much needs to be said in this document. Doug On Tue, Apr 25, 2023 at 12:29 PM John R. Levine <johnl@iecc.com> wrote: > >> Since the only mechanism is mail and nobody's going to S/MIME encrypt > >> their reports, I suggest just deleting it. > > > > TLS vs not TLS. > > I suppose, but that's not up to the report sender. If I say > "rua=mailto:report@cruddy.org", and the MX for cruddy.org doesn't do > STARTTLS, what are you going to do? > > R's, > John > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc >
- [dmarc-ietf] I-D Action: draft-ietf-dmarc-aggrega… internet-drafts
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-agg… Brotman, Alex
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-agg… Scott Kitterman
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-agg… John R. Levine
- Re: [dmarc-ietf] [EXTERNAL] Re: I-D Action: draft… Brotman, Alex
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-agg… Dotzero
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-agg… John R. Levine
- Re: [dmarc-ietf] [EXTERNAL] Re: I-D Action: draft… Scott Kitterman
- Re: [dmarc-ietf] [EXTERNAL] Re: I-D Action: draft… Alessandro Vesely
- Re: [dmarc-ietf] [EXTERNAL] Re: I-D Action: draft… Scott Kitterman
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-agg… Benny Pedersen
- Re: [dmarc-ietf] [EXTERNAL] Re: I-D Action: draft… Brotman, Alex
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-agg… Scott Kitterman
- Re: [dmarc-ietf] [EXTERNAL] Re: I-D Action: draft… Scott Kitterman
- Re: [dmarc-ietf] [EXTERNAL] Re: I-D Action: draft… Matthäus Wander
- Re: [dmarc-ietf] [EXTERNAL] Re: I-D Action: draft… John R Levine
- Re: [dmarc-ietf] [EXTERNAL] Re: I-D Action: draft… Alessandro Vesely
- Re: [dmarc-ietf] [EXTERNAL] Re: I-D Action: draft… Matthäus Wander
- Re: [dmarc-ietf] [EXTERNAL] Re: I-D Action: draft… Douglas Foster
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-agg… Douglas Foster
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-agg… Hector Santos
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-agg… Douglas Foster