[dmarc-ietf] Spirit of RFC8601 section 5 for invalid A-R headers

Damian Lukowski <rfc@arcsin.de> Fri, 03 April 2020 16:10 UTC

Return-Path: <rfc@arcsin.de>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F00183A1A36 for <dmarc@ietfa.amsl.com>; Fri, 3 Apr 2020 09:10:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=arcsin.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L1LH0ywimqpU for <dmarc@ietfa.amsl.com>; Fri, 3 Apr 2020 09:10:22 -0700 (PDT)
Received: from sigil.arcsin.de (sigil.arcsin.de [46.38.233.110]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9920F3A1A05 for <dmarc@ietf.org>; Fri, 3 Apr 2020 09:10:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=arcsin.de; h= content-language:content-type:content-type:mime-version:date :date:message-id:subject:subject:from:from:x-amavis-category; s= dkim01; t=1585930211; x=1587744612; bh=fdEP2Av6SKktwCMn3xMchUjrs d0A4puC/owwqPXyvgo=; b=F1fTL/2gN3Pbt2AutgCD9Q3BzW7+QQ+xdC6nT4u4K pXp2SegcFl6zEU6SLJWDaU0mK7Plj+wbrSGot6q0fu90s7oNsQ8pFQN/WIQTw/ZD EVRbY+3QhbK4dV5F8u+9RcAFoFWVlA15U/3jIQzh3+kDbcneyI5rkuwKyY6D+vCl tc=
X-Amavis-Category: sigil.arcsin.de; category=CleanTag
From: Damian Lukowski <rfc@arcsin.de>
Autocrypt: addr=damian.lukowski@credativ.de; prefer-encrypt=mutual; keydata= mQENBFBpf4EBCADX2KZo3C61n0ZMslgS/4a8rvylTXKQTtalxzHXRrV11ksNR8gtVsxRPBTd lwcNnEgADLatuHLZ63ks1T1ePHKDa8zQtCqmvbYAtoKMm8lB91VlSkxcO5gEObU29uud37QB s26wzZ35uS3jvtgSFijeI3ukLYsMh2EPa4MdzRojVXBXaTiDmU4mw+ei3P9g/NjlD48R2qr8 ATC1hu8LZ1ln/1BZ579uIjVbtyHeRNTcBQCMdo0KU8/ax6zP1GGSuJiMk4QvO7LCx0NzjcOV DXzWFT5OBK0KYacaDqIvOFNot/E+lVl5B66t3/4cGfzpCaWwGwXcRKgqotcDwn7YVE4dABEB AAG0LURhbWlhbiBMdWtvd3NraSA8ZGFtaWFuLmx1a293c2tpQGNyZWRhdGl2LmRlPokBOAQT AQIAIgUCUGl/gQIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQyMoDfzgSmvQ+cwgA ghoIZUHSUfsDaFAI4dmEbO4XFshUj5h/GDMT67vTF1pHlt19Rv+QUuXdQCCO7EVYqzC0TOro zZk4ckwHixWrkjsumbF3OlYc9bevL63ohXu3qclVFU+Vl3vIOmigV+FA50xKcdJw1zWqki8N p8wbTIsI8F1BQtDo1Ix5MS/aDWyc4VvzNRuKet1VXtGoQedVI5cU1heHYqFZdTafHXVodxF+ hd59rGvWTXeIHMBnI5+UlReOHmFGhF5efyqJIkCLNRnnYg9RaPyLTIlw2suotEle82b7n2tg /hOEegp620zjPmyiVZjvFFD1nUoeGnWHMjJWrKCb9p8QP3rV7UwzErkBDQRQaX+BAQgAszVi k9XvjuXcRerQELFjWLS129X1zhNShunC5Bp1FghtnbmdwPIT6Ep7VhEFSB+43PX7raR8dzvY FmDV6WlH9cimWV/3c3LSJr41tzzyObrnj/cjBzzMYjS2Ls5ficU8lp1+nNyN1Ns0YB4VWwpC zSGsHTaUbIVv1e82216Lvp80ektbGm2vra7aLac6ZKM0/wtuephHZn2w6xUJRADMo79Dxzjz iXr1Eg5YCvO2TIu305eq2Mgshbq9F429JJs4iKiGOdanBlVwtklP0LkM6s2Az2ahgprnbgZD NwshFb5oP9GGTBlzTSkxzHJIx1CVkofyApOtm90Rn8/Peme4iQARAQABiQEfBBgBAgAJBQJQ aX+BAhsMAAoJEMjKA384Epr0sy8IANUKmPlMYzTh61WXNHDcFF0w9jmgx8zrICtdnGG8J1Uf jCVnwsS3YGfeMVVIiecfkEDsrtwun9iij99pUeo9YAbqZlMXRQ19GPq+AdDrWSc1kX4QlV8l 7vzhUMw5Nj74OJQWGEkxtV1fVYs0MEyN7hqQG5TCOANKItzTmNaCHadHsSUjU6LKFzu4q6Wb Vophv18+PVBBr/Hiu9Kt0P3OBAkuoWPzgGdXh6bXstffO6jsNM1/kA1YW0I4khx8OCd5lNgq 3ij3hMZo9Z8dTBzTD5bFlKf3uzzNXl3YQbTs4+zl00QMG1HQJu6abazC5VXAvoLtXHdC+9HP nFVi+roC++Y=
To: dmarc@ietf.org
Message-ID: <e2bd3117-2217-1206-0c0c-f06a35d49dca@arcsin.de>
Date: Fri, 3 Apr 2020 18:09:44 +0200
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------5EB62139E98E18D557E76293"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/Pf83FTxwy0qsoBRwuYfqzUEe6jY>
Subject: [dmarc-ietf] Spirit of RFC8601 section 5 for invalid A-R headers
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Apr 2020 16:10:24 -0000

RFC8601 sec 5 states:

> any MTA conforming to
> this specification MUST delete any discovered instance of this header
> field that claims, by virtue of its authentication service
> identifier, to have been added within its trust boundary but that did
> not come directly from another trusted MTA.

In my opinion, a header that does not conform to the specified
authres-header-field in the RFC, is not an Authentication-Results
header, has no authentication service identifier, and as such cannot
claim anything in the context of the RFC. So suppose there is a mail
system with an UTF-8-non-ASCII authserv-id. When creating its own A-R
headers, it puts the authserv-id into quotes, because it cannot use it
without them, as discussed in the separate thread.

What should the system do with an A-R header of an inbound message that
incorporates the system's authentication service identifier without
using quotes, but that otherwise would be syntactically correct?

Again in my opinion, the system needs to keep the header, but what is
the RFCs intention?