IETF Logo Mail Archive

Re: [dmarc-ietf] The description of psd=n

Scott Kitterman <sklist@kitterman.com> Tue, 05 March 2024 20:48 UTC

Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7DAEAC14F5E5 for <dmarc@ietfa.amsl.com>; Tue, 5 Mar 2024 12:48:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b="NWzvPvQ+"; dkim=pass (2048-bit key) header.d=kitterman.com header.b="TD4f9kdl"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1UZ9E5XvXNjS for <dmarc@ietfa.amsl.com>; Tue, 5 Mar 2024 12:48:09 -0800 (PST)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CFABCC15154D for <dmarc@ietf.org>; Tue, 5 Mar 2024 12:48:02 -0800 (PST)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) by interserver.kitterman.com (Postfix) with ESMTPS id 3D680F801FB; Tue, 5 Mar 2024 15:47:51 -0500 (EST)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903e; t=1709671656; h=date : from : to : subject : in-reply-to : references : message-id : mime-version : content-type : content-transfer-encoding : from; bh=Lv3ih0nuvCQne1hYF/sx8sZ4V9pCpQ+W28PsrLqyPsQ=; b=NWzvPvQ+4JQvWQPkaMCaBtZLSpqTSWHrSjhlMbe6ebs8xIhnYupEgMVk5GrGrGXfwSt/j bOnS/ew0/VyVyFnCw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903r; t=1709671656; h=date : from : to : subject : in-reply-to : references : message-id : mime-version : content-type : content-transfer-encoding : from; bh=Lv3ih0nuvCQne1hYF/sx8sZ4V9pCpQ+W28PsrLqyPsQ=; b=TD4f9kdl9oqjyXlj5BHfRlztsCsfoTocrsoLwK35Ls+cJceU90uM7+eUwgKMB86ZYpuJs 8082lIdGsgGiE/q0dztl2vPQv3nZgq9dY8FJXg+6VVbGlBek7r8+dYFNMavi9/fzBRqgxVQ mNB9PhN8PHiWTj4di4wCV8/XX/NbFYNkWPmwxilQBchMgmtHQnNsl1KqLcJTud8xacdYiTH hZtMYgrd7Y12QnmfA0qDfvFMZXCjszGJyb5D0iQneKckzi3EA8T3Yx2mfr0XwTGbVBqRscN bi117VnMvkcTJRkF8mb92gyuARxDh7soz7YgduhiUUzzYczvdRe6cQSBZAPg==
Received: from [127.0.0.1] (mobile-166-171-57-193.mycingular.net [166.171.57.193]) by interserver.kitterman.com (Postfix) with ESMTPSA id 72737F801F2; Tue, 5 Mar 2024 15:47:36 -0500 (EST)
Date: Tue, 05 Mar 2024 20:47:30 +0000
From: Scott Kitterman <sklist@kitterman.com>
To: dmarc@ietf.org
In-Reply-To: <CAHej_8kUrK_u0V16vedgG3s91VXfszzt1_gC7V24mRj-MNPkzg@mail.gmail.com>
References: <courier.0000000065E6FDF1.00005F05@wmail.tana.it> <CAHej_8mNavBYt7_zcit2PnxaQ9pijjMSvyOCw=UZon3VM+6jSQ@mail.gmail.com> <8BD3FAC1-F9E6-4B93-8D27-6036BBDE2327@kitterman.com> <CAHej_8kUrK_u0V16vedgG3s91VXfszzt1_gC7V24mRj-MNPkzg@mail.gmail.com>
Message-ID: <F182FE1C-77B5-40EE-9066-0D92AD9A24FD@kitterman.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/PwgDjutA4BjzT5wyELKsNEK8Ym4>
Subject: Re: [dmarc-ietf] The description of psd=n
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Mar 2024 20:48:13 -0000


On March 5, 2024 8:10:46 PM UTC, Todd Herr <todd.herr=40valimail.com@dmarc.ietf.org> wrote:
>On Tue, Mar 5, 2024 at 1:30 PM Scott Kitterman <sklist@kitterman.com> wrote:
>
>>
>>
>> On March 5, 2024 2:47:47 PM UTC, Todd Herr <todd.herr=
>> 40valimail.com@dmarc.ietf.org> wrote:
>> >On Tue, Mar 5, 2024 at 6:12 AM Alessandro Vesely <vesely@tana.it> wrote:
>> >
>> >> Hi,
>> >>
>> >> Section 5.3, in the format description of psd:
>> >>
>> >>        n:  The DMARC policy record is published for a PSD, but it is the
>> >>           Organizational Domain for itself and its subdomain.  There is
>> >>           no need to put psd=n in a DMARC record, except in the very
>> >>           unusual case of a parent PSD publishing a DMARC record without
>> >>           the requisite psd=y tag.
>> >>
>> >> Perhaps a "not" is missing between "is" and "published"?  I'd just say
>> >> the
>> >> domain is not a PSD /and/ it is the Organizational Domain for itself and
>> >> its subdomain.
>> >>
>> >>
>> >You may be correct in your assertion here; I'll wait for others to weigh
>> in.
>> >
>> >In the meantime, Issue 126 has been opened to track this.
>> >
>>
>> I think it's missing a not, but is overwise fine.
>>
>>
>John Levine commented directly on issue 126
><https://github.com/ietf-wg-dmarc/draft-ietf-dmarc-dmarcbis/issues/126>,
>indicating that he believes the text should read (emphasis added by me):
>
>       n:  The DMARC policy record is published for a PSD, but it is NOT the
>          Organizational Domain for itself and its subdomain.  There is
>          no need to put psd=n in a DMARC record, except in the very
>          unusual case of a parent PSD publishing a DMARC record without
>          the requisite psd=y tag.
>
>I think this is the correct place to put the 'not', as it's consistent with
>the second sentence here, as well as this text from the following sections:
>
>4.8 Organizational Domain Discovery - "If a valid DMARC record contains the
>psd= tag set to 'n' (psd=n), this is the Organizational Domain, and the
>selection process is complete."
>
>11.8 Determination of Organizational Domain for Relaxed Alignment -  "If a
>PSD domain publishes a DMARC record without the appropriate psd=y tag,
>organizational domain owners can add psd=n to their organizational domain's
>DMARC record so that the PSD record will not be incorrectly evaluated to be
>the organizational domain."
>
I agree.

Scott K

v2.23.0 | Report a Bug | By Email