Re: [dmarc-ietf] Benjamin Kaduk's Discuss on draft-ietf-dmarc-rfc7601bis-04: (with DISCUSS and COMMENT)

Benjamin Kaduk <kaduk@mit.edu> Mon, 21 January 2019 14:48 UTC

Received-SPF: Pass (protection.outlook.com: domain of mit.edu designates 18.9.28.11 as permitted sender) receiver=protection.outlook.com; client-ip=18.9.28.11; helo=outgoing.mit.edu;
Date: Mon, 21 Jan 2019 08:48:18 -0600
From: Benjamin Kaduk <kaduk@mit.edu>
To: "Murray S. Kucherawy" <superuser@gmail.com>
CC: The IESG <iesg@ietf.org>, Tim Draegen <tim@dmarcian.com>, IETF DMARC WG <dmarc@ietf.org>, draft-ietf-dmarc-rfc7601bis@ietf.org, dmarc-chairs@ietf.org
Message-ID: <20190121144817.GB81907@kduck.mit.edu>
References: <154280871768.11502.10059395575461348698.idtracker@ietfa.amsl.com> <CAL0qLwZb_=N+nEQQqvqURKvz9yM1bMZfyhrXcqVf0rm90qpcsQ@mail.gmail.com> <20190106172729.GL28515@kduck.kaduk.org> <CAL0qLwbmcEVgVcJTBU26gmVGaWV4Gy0fYArY80ZcDYf=wF-UKg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAL0qLwbmcEVgVcJTBU26gmVGaWV4Gy0fYArY80ZcDYf=wF-UKg@mail.gmail.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jan 2019 14:48:21.8806 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: caf8c354-c926-493a-b2a1-08d67faf7da7
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=64afd9ba-0ecf-4acf-bc36-935f6235ba8b; Ip=[18.9.28.11]; Helo=[outgoing.mit.edu]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR01MB3202
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/Q4IBifZeG0xlbYD1KLflkVYNqmo>
Subject: Re: [dmarc-ietf] Benjamin Kaduk's Discuss on draft-ietf-dmarc-rfc7601bis-04: (with DISCUSS and COMMENT)
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jan 2019 14:48:30 -0000

On Mon, Jan 21, 2019 at 02:25:45AM -0500, Murray S. Kucherawy wrote:
> On Sun, Jan 6, 2019 at 12:27 PM Benjamin Kaduk <kaduk@mit.edu> wrote:
> 
> > > Section 2.3
> > > >
> > > >    body:  Information that was extracted from the body of the message.
> > > > [...]
> > > >       interest.  The "property" is an indication of where within the
> > > >       message body the extracted content was found, and can indicate an
> > > >       offset, identify a MIME part, etc.
> > > >
> > > > I'm not seeing where it's specified how the "property" gives an offset.
> > > > I see other descriptions below about specific header fields and SMTP
> > > > verbs and such, though.
> > >
> > >
> > > That's text from the 2009 version of this work.  Those were speculative
> > at
> > > the time and haven't yet materialized, at least not in standardized use.
> >
> > Are you proposing to leave the text unchanged regardless?
> >
> 
> I know the use case exists, because I wrote that text when I worked for a
> company that was likely to make use of it, but it appears that hasn't
> happened in the deployed universe.  So now we have a registry entry for the
> "body" ptype which isn't deprecated, but possibly no live uses of it.  The
> working group didn't discuss taking any action to either "fix" or bolster
> this, as its focus was elsewhere (specifically the changes needed to
> support the DMARC/ARC work).
> 
> I'm inclined to leave it as-is, possibly with a remark capturing what I
> just said here.  If no uses of it appear before someone decides to revise
> this again, we can formally deprecate it.

Okay.

> > Section 3
> > > >
> > > >    of the validity of the connection's identity using DNS.  It is
> > > >    incumbent upon an agent making use of the reported "iprev" result to
> > > >    understand what exactly that particular verifier is attempting to
> > > >    report.
> > > >
> > > > Does that in practice constrain "iprev" usage to within a single ADMD?
> > > >
> > >
> > > I would imagine so.
> >
> > This is just the COMMENT section, so do what you will, but I would consider
> > mentioning this property of "iprev" more explicitly.
> >
> 
> Actually, on second thought, it doesn't: ADMD #1 could attach an "iprev"
> result that ADMD #2 could decide it trusts.  That is, sort of, the ARC
> model -- you decide whose external results you're going to believe.

Part of that seems to be having a side agreement between ADMD #1 and ADMD
#2 about the semantics in use in order for the trust to be meaningful.  But
I guess we don't need an IETF standard for that to be possible.

> About to post the new version.

Thanks.

-Benjamin

[dmarc-ietf] Benjamin Kaduk's Discuss on draft-ie… Benjamin Kaduk
Re: [dmarc-ietf] Benjamin Kaduk's Discuss on draf… Murray S. Kucherawy
Re: [dmarc-ietf] Benjamin Kaduk's Discuss on draf… Benjamin Kaduk
Re: [dmarc-ietf] Benjamin Kaduk's Discuss on draf… Murray S. Kucherawy
Re: [dmarc-ietf] Benjamin Kaduk's Discuss on draf… Benjamin Kaduk
Re: [dmarc-ietf] Benjamin Kaduk's Discuss on draf… John Levine