Re: [dmarc-ietf] Do is need a new ptype? Was Re: New authentication method, DNSWL

Alessandro Vesely <vesely@tana.it> Mon, 21 October 2019 18:11 UTC

Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6FC8B120105 for <dmarc@ietfa.amsl.com>; Mon, 21 Oct 2019 11:11:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1152-bit key) header.d=tana.it
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LqWDaqEQSsZX for <dmarc@ietfa.amsl.com>; Mon, 21 Oct 2019 11:11:54 -0700 (PDT)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 955FC1200F7 for <dmarc@ietf.org>; Mon, 21 Oct 2019 11:11:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1571681511; bh=MYEdgU+BQ6vZqbi05bYuxsxRi8VeXvCX4MYZXQKh/7c=; l=1986; h=To:Cc:References:From:Date:In-Reply-To; b=DMh71cSTalY+v93fCh90KISmktflqAcqyu3Epr8ebu/BCCf6zUxTTM7cKUrvHXnfC n8pHwVb0wtUI1voO/B8B4KNRqmteaaQy8WlYKSIqFIeF0E9DbXDIPencGDNwxWcq6W dq59GVCUzxtjyPSGg8y8xLx6fKvQdOygPK37MPcyp5kYgueCyhFsQMLZzuiL+
Authentication-Results: tana.it; auth=pass (details omitted)
Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k) by wmail.tana.it with ESMTPA id 00000000005DC081.000000005DADF4E7.000076BF; Mon, 21 Oct 2019 20:11:51 +0200
To: Tim Wicinski <tjw.ietf@gmail.com>
Cc: IETF DMARC WG <dmarc@ietf.org>
References: <e580ada3-d9b5-0e5b-9ac3-eade41ac92d2@tana.it> <CAL0qLwa5yR5dVzkDSD48MDgpUa11+ri=KOwrNSqOxi8fB2i6PA@mail.gmail.com> <eabefc6b-7542-1a46-4272-b786433ed0b5@tana.it> <4783309.BXR8ZdE9c3@l5580> <CAL0qLwb5FAaYZ7AX_H=aeUFkv8cvY+xd1bQ5uCDp4tmrbx2CQg@mail.gmail.com> <7a21b80b-e6bb-d8b9-cf63-601a8d1e47e7@tana.it> <C1E711A8-F3A6-4A20-B71D-53FA773A61D9@kitterman.com> <aca25d30-3b01-4eaf-6d0b-3bae6f3f796b@tana.it> <CABuGu1ogeUjW181MMOv3kApZR5njMMH6_84EnHxF0tDq6bhBkA@mail.gmail.com> <db4b1289-31cc-9b9e-bb5c-01bf8d6a37b3@tana.it> <CAL0qLwZcBGL8syD8FyOUkVqMzsmj4=uYM0NaSU2O3hte02AZVg@mail.gmail.com> <e45b7175-713e-da69-cc18-d0e4b59410c3@tana.it> <CADyWQ+G+LFKPPRFtkZfLfHmqUbQyrUVQBuZW6bByzqHjJzuy0A@mail.gmail.com>
From: Alessandro Vesely <vesely@tana.it>
Openpgp: preference=signencrypt
Message-ID: <eab92876-c2c7-8125-f060-fd73bf8aa757@tana.it>
Date: Mon, 21 Oct 2019 20:11:51 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <CADyWQ+G+LFKPPRFtkZfLfHmqUbQyrUVQBuZW6bByzqHjJzuy0A@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/PDQKldkn9eGwvklH3IhQ233lTK0>
Subject: Re: [dmarc-ietf] Do is need a new ptype? Was Re: New authentication method, DNSWL
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Oct 2019 18:11:57 -0000

Hi Tim,

The I-D linked below provides for yes, no (not signed), or na (for not
applicable).  The expired case should perhaps map to "no"?  The lookup only
sets an AD bit...


Best
Ale

On Mon 21/Oct/2019 19:49:03 +0200 Tim Wicinski wrote:
> 
> Alessandro
> 
> There are a couple of different combinations of dnssec valid/invalid/expired
> you would want to account for. 
> 
> Tim
> 
> 
> On Mon, Oct 21, 2019 at 10:54 AM Alessandro Vesely <vesely@tana.it
> <mailto:vesely@tana.it>> wrote:
> 
>     On Wed 07/Aug/2019 17:16:29 +0200 Murray S. Kucherawy wrote:
>     >
>     >> If the definition of ptype smtp were "a parameter of the SMTP session used
>     >> to relay the message" it would be perfect.  I'd propose that policy.iprev
>     >> be deprecated and smtp.remote-ip used instead>>
>     >
>     > Given that RFC8601 was published just last month, it'll probably be a while
>     > before this happens.
> 
> 
>     Wouldn't an accepted erratum be enough to change the wording in the IANA page?
> 
> 
>     About the new ptype, a reviewer suggested to also use it to report whether the
>     query supported DNSSEC.  No DNSWL that I know supports it.  However, I know
>     some DKIM filters report that feature either as a comment or as a reason in the
>     dkim= methodspec.  Using the new ptype might make that clearer.  Consider:
> 
>         Authentication-Results: example.com <http://example.com>;
>           dkim=pass dns.sec=yes header.i=@example.org <http://example.org>
>     header.b=j5aQ3SJv
> 
>     What you think?
> 
>     https://tools.ietf.org/html/draft-vesely-authmethod-dnswl-11#section-2
> 
> 
>     Best
>     Ale
>     -- 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
>     _______________________________________________
>     dmarc mailing list
>     dmarc@ietf.org <mailto:dmarc@ietf.org>
>     https://www.ietf.org/mailman/listinfo/dmarc
> 
> 
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>