IETF Logo Mail Archive

Re: [dmarc-ietf] Second WGLC for draft-ietf-dmarc-psd: Definition of NP

"Murray S. Kucherawy" <superuser@gmail.com> Sun, 22 November 2020 01:05 UTC

Return-Path: <superuser@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F11BA3A0AB7 for <dmarc@ietfa.amsl.com>; Sat, 21 Nov 2020 17:05:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id csaDn7A7PgU7 for <dmarc@ietfa.amsl.com>; Sat, 21 Nov 2020 17:05:10 -0800 (PST)
Received: from mail-ua1-x92b.google.com (mail-ua1-x92b.google.com [IPv6:2607:f8b0:4864:20::92b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 24B913A0AB6 for <dmarc@ietf.org>; Sat, 21 Nov 2020 17:05:10 -0800 (PST)
Received: by mail-ua1-x92b.google.com with SMTP id r23so4497443uak.0 for <dmarc@ietf.org>; Sat, 21 Nov 2020 17:05:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=0jT5ouao6GQa9GMRX6Q0i55r5w6I1R7EMgbt1pcUCok=; b=qr/7qro0m1oCgPuphGZ5GouhjSxyIoSyScg8yaowe8SbihhBSh53hs9WuG3iElpvVV pNMUrvqglgV70odLLb0CwJlzaM8NU6TaXw7OZ83d4ucVTD4D+Ui6EAYACQVz05lT+glj 4RBMXD5288dbntSfxeDuOdFFwPF0NLq4qpraZEc1Tg8SyHggiVIN/uZg79YVt5AU6TXl 25QX24ruKT6H38NPZSZ4J8U96BkGVXXQ6o5LIkuNVVeqPpr9/3SvW0BWuCOMq171kidu CCD5Ot+P/wz0YLO7KzWiH3nYm+2D56whmF6+eW55RmzchBXMvmRCYiby9I9kKxOYGhVt v1Tw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=0jT5ouao6GQa9GMRX6Q0i55r5w6I1R7EMgbt1pcUCok=; b=hriauAZH7l6YPMzby23fs8YkDV4hnDfdTQoxRMZjTGLEbb3xQAXl3oxN8NJWV9enJf oPvS67BIdza3XSN5YCcVOuSYdDhW9TJ35M5VyKttIIK+pFVXuOIVJuDfuki+JwkWoOep NGoaGiDQpGjbs9CbhKZUC69Xus3xDOiSKVUsO2CpMhMg14zqiSM/m1nEUI3cWEyxBGJ8 3AWNh34vhtfa/3QxrA3q82evwZpsLjkl970HqqYcWpy4kltJJT40xKPP1PTx4Ko4bSY5 LANjaAPWQznGsF9fVdc8pf7eITgjZD6YL7t0EBr2pbXouuR8C3VEV2GIDif6ugNqYO3V KdRQ==
X-Gm-Message-State: AOAM530PQYXcBOGEg7hrGjLu+BSJTIQbsc8D4+H48z8jgnaseI9bnhzA pJLEeeyb2QC1N1321vifTxbDn7UWGKsrByT/R00=
X-Google-Smtp-Source: ABdhPJwUna8YwVLL7WwEJts4MrKpuCRR7y5YB6UotRdBvaqUkENs4XRtbrIcJc7EXBrKBIkmp21lE7eqEmzP55EQ8sA=
X-Received: by 2002:ab0:b3:: with SMTP id 48mr17826784uaj.101.1606007108967; Sat, 21 Nov 2020 17:05:08 -0800 (PST)
MIME-Version: 1.0
References: <553D43C8D961C14BB27C614AC48FC03128116494@UMECHPA7D.easf.csd.disa.mil> <20201120040420.B3F4727A02FB@ary.qy> <553D43C8D961C14BB27C614AC48FC03128116528@UMECHPA7D.easf.csd.disa.mil> <000001d6bf45$0f62cc30$2e286490$@bayviewphysicians.com> <b6f2bf756f9146daafa717c2645ed58d@bayviewphysicians.com> <CAL0qLwYmRWwLOB7wnPBbChX-fZ3B2xFH5C_Bzh6qLZ9LiTzy5Q@mail.gmail.com> <52963338956e4396b746beccd2f0b78f@bayviewphysicians.com> <CAL0qLwZGbTwnZ8Bk=drM_FA6mZR4KcAHrJB3T93VMobsUGY0Mg@mail.gmail.com>
In-Reply-To: <CAL0qLwZGbTwnZ8Bk=drM_FA6mZR4KcAHrJB3T93VMobsUGY0Mg@mail.gmail.com>
From: "Murray S. Kucherawy" <superuser@gmail.com>
Date: Sat, 21 Nov 2020 17:04:56 -0800
Message-ID: <CAL0qLwYgTiHW5XXt3PTUMOiSHV0wUt_fRLyZS7D5v1ZH_WUCNg@mail.gmail.com>
To: Doug Foster <fosterd@bayviewphysicians.com>
Cc: "dmarc@ietf.org" <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000003ca15d05b4a7abe4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/P0_F7LGU7APRcBf5zNNA0-bmXjE>
Subject: Re: [dmarc-ietf] Second WGLC for draft-ietf-dmarc-psd: Definition of NP
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Nov 2020 01:05:12 -0000

On Sat, Nov 21, 2020 at 5:02 PM Murray S. Kucherawy <superuser@gmail.com>
wrote:

> On Sat, Nov 21, 2020 at 3:12 PM Douglas E. Foster <fosterd=
> 40bayviewphysicians.com@dmarc.ietf.org> wrote:
>
>> - If unregistered domains are tolerated, PSD for DMARC helps address the
>> problem of a unauthorized domains underneath a public suffix, such as "
>> example.uk".  But what DMARC policy will solve the problem of an invalid
>> TLD, such as "example.q"?
>>
>
> Why is this a DMARC problem that needs solving?
>
> - If unregistered domains are tolerated, then a limited-scope tree walk
>> becomes unusable.   A spammer would be able to  fabricate a few levels of
>> non-existent subdomains, and suddenly PayPal.com becomes a domain tree with
>> no detectable DMARC policy.
>>
>
> You're going to have to give us an example of what you're imagining here.
> Presumably fabricating a few levels of non-existent subdomains of
> paypal.com would look like foo.bar.baz.paypal.com; a simple tree walk
> then would be to look for records in these places:
>
> foo.bar.baz.paypal.com
> bar.baz.paypal.com
> baz.paypal.com
> paypal.com
>
> I would expect a policy to be present at least at "paypal.com", so the
> walk stops there.  How is that "unusable"?
>

Someone in DNSOP, I think, proposed doing the tree walk in the other
direction.  The reason: If you're going to get an NXDOMAIN, it is more
likely to come earlier, and it's dispositive that way.  For instance, if
the above sequence is reversed, you would probably get an NXDOMAIN at the
second query ("baz.paypal.com") and then you know you don't need to look
any further.

-MSK

v2.23.0 | Report a Bug | By Email