Re: [dmarc-ietf] Benjamin Kaduk's Discuss on draft-ietf-dmarc-rfc7601bis-04: (with DISCUSS and COMMENT)

Benjamin Kaduk <kaduk@mit.edu> Mon, 21 January 2019 14:48 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 97415130DC4; Mon, 21 Jan 2019 06:48:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mit.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1xLMpU5H6cv2; Mon, 21 Jan 2019 06:48:25 -0800 (PST)
Received: from NAM01-SN1-obe.outbound.protection.outlook.com (mail-eopbgr820128.outbound.protection.outlook.com [40.107.82.128]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 82B8E12DDA3; Mon, 21 Jan 2019 06:48:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=r+arsYU3W8q0Wda3rkZt0CnePgLKrYX2vsHUchYXn9k=; b=dWvyQd4Xmd8/TpbnRDA3fK6/PQL163pz1heC+oWYMzQF0ZNUnH36YDMr/emAK3AWplOLoaiOT1hxYLnDNoZ5zJVHGmI6z1q+2q7/StcYQZQtTcS++Hs9g0mQ4IgAJfWTAEKqQXZO7xobKOh7pwhLuikjmT1REAUjHuZNTlRHaS8=
Received: from DM5PR0102CA0003.prod.exchangelabs.com (2603:10b6:4:9c::16) by BN6PR01MB3202.prod.exchangelabs.com (2603:10b6:404:d6::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1537.26; Mon, 21 Jan 2019 14:48:22 +0000
Received: from DM3NAM03FT050.eop-NAM03.prod.protection.outlook.com (2a01:111:f400:7e49::208) by DM5PR0102CA0003.outlook.office365.com (2603:10b6:4:9c::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1537.24 via Frontend Transport; Mon, 21 Jan 2019 14:48:22 +0000
Authentication-Results: spf=pass (sender IP is 18.9.28.11) smtp.mailfrom=mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of mit.edu designates 18.9.28.11 as permitted sender) receiver=protection.outlook.com; client-ip=18.9.28.11; helo=outgoing.mit.edu;
Received: from outgoing.mit.edu (18.9.28.11) by DM3NAM03FT050.mail.protection.outlook.com (10.152.82.252) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1558.11 via Frontend Transport; Mon, 21 Jan 2019 14:48:21 +0000
Received: from kduck.mit.edu (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x0LEmIIw004779 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 21 Jan 2019 09:48:20 -0500
Date: Mon, 21 Jan 2019 08:48:18 -0600
From: Benjamin Kaduk <kaduk@mit.edu>
To: "Murray S. Kucherawy" <superuser@gmail.com>
CC: The IESG <iesg@ietf.org>, Tim Draegen <tim@dmarcian.com>, IETF DMARC WG <dmarc@ietf.org>, <draft-ietf-dmarc-rfc7601bis@ietf.org>, <dmarc-chairs@ietf.org>
Message-ID: <20190121144817.GB81907@kduck.mit.edu>
References: <154280871768.11502.10059395575461348698.idtracker@ietfa.amsl.com> <CAL0qLwZb_=N+nEQQqvqURKvz9yM1bMZfyhrXcqVf0rm90qpcsQ@mail.gmail.com> <20190106172729.GL28515@kduck.kaduk.org> <CAL0qLwbmcEVgVcJTBU26gmVGaWV4Gy0fYArY80ZcDYf=wF-UKg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAL0qLwbmcEVgVcJTBU26gmVGaWV4Gy0fYArY80ZcDYf=wF-UKg@mail.gmail.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:18.9.28.11; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(396003)(376002)(136003)(346002)(39860400002)(2980300002)(189003)(199004)(33656002)(106002)(58126008)(16586007)(54906003)(6916009)(39060400002)(1411001)(356004)(53546011)(93886005)(88552002)(55016002)(7696005)(76176011)(47776003)(8676002)(46406003)(6246003)(36906005)(229853002)(246002)(316002)(786003)(305945005)(8936002)(1076003)(26826003)(104016004)(86362001)(106466001)(23726003)(11346002)(336012)(446003)(426003)(53416004)(2906002)(4326008)(26005)(126002)(186003)(14444005)(476003)(956004)(5024004)(75432002)(486006)(97756001)(50466002)(478600001)(18370500001); DIR:OUT; SFP:1102; SCL:1; SRVR:BN6PR01MB3202; H:outgoing.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-auth-1.mit.edu; MX:1; A:1;
X-Microsoft-Exchange-Diagnostics: 1; DM3NAM03FT050; 1:LLZj8/AjPfhqAwfAAewTE0R66HMMAdaf2XprTJ3iYxnzuiZ7pPm3d3nGGEBk44DpyXZbM/4GGLIPCHXmSZ/Dm2+WYu17c7aVArrow365cDeZM7BMhPQuxrWROQEXFTLA7kkJawjIHwWcOl/dI9+TQQ==
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: caf8c354-c926-493a-b2a1-08d67faf7da7
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600109)(711020)(4608076)(4709027)(2017052603328)(7153060); SRVR:BN6PR01MB3202;
X-Microsoft-Exchange-Diagnostics: 1; BN6PR01MB3202; 3:ohcvAXnnhRomNMVew1xwIHxw2rMWXwVFniMHRfuiHKQkbsia6OHM+U92G/S8u0g8UeMIpPYccVtsnNtACiw2+DmCli3M0jwWGFMaE1vgsexqNgznwOp0UoATiWMqIt2UYiJ91dPhiZ8Oozbb3nws3GycJif/B17irEZ8W4Ir6mFZj9AWpygcWKv03UQclhu5NHcxUYkIRk/BG3NkKM9R9yprvMAWZ5+I0Fkkzt2WQzqHu6FWuRyf+Kb5AOZ0ka8ZMfIZ7s/9r/ggFakD/JqqvxVwTWsVwfDiFkHTQTyLDsBVQW2eEIE+C0OXYBHJ7gOAmzDCQpZWFx3rwv8azKZVYzkHinP80k5vKaw/t2GUHZglG/T/E/RUais1lu2rlAbK; 25:hDOtP0m4QO4hPj6tCkPYapEc8QI3WEOO6Vuj/C0xQgQIhr43ZipAKh9AF2+bIdJEmiw3yHlimh9b3V8laBl/SyXt9orZmUZhErvPQrr1Zl8zPkKIeQusOQYELASEnthHR9xYksl31DJV1Ukw92Gkgobq9FEwslo1Ulx95jktRiDJUfskldVqzRBf2eHPHv1ExiAdSFcc4+3TkhxhUNAju/sUgt1gEZ6ORBctrZOfQaPVTg/9uc7xRSqxGUJ+pkVlU1mC86LrtlHtH2o02maO/hsOBa4hV7I8atXH5Z/oZT7lsHeoMng/SqCcGadrkAiMQTi9hf9iOgXec4Pg2SUl4Q==
X-MS-TrafficTypeDiagnostic: BN6PR01MB3202:
X-Microsoft-Exchange-Diagnostics: 1; BN6PR01MB3202; 31:A3/HML2gF6KFlSvRBJfSQrM/iI+j4zvGkchhe5kGyKJS90sF+twmHEVlYa29EHCopClXEjtWTR8wOHu/68Xal5qkt3uuq4EEBmywjDIOfVZ/ca8yGV+ESLNSw/mLKVeen6ovTDJmCO9VyFtVyXZ9zJqARnRprn8/eXRNYS9S5PUTcOigFv5Pe4Ydh1/rI6MjQlO95BGzqwfP6HG8Vw4jymS8CRMbQ0zyyOJlnvDexGw=; 20:7Ae+wfZg+uuXkAgh1tpp3I4aDxT7atndW9afvALSKZEefGZeIMb6puOVLOIztF+BO3a0JS1H2wdk9uwofF/gLYjYqL1rGIbvcOaWohFJJvMbf51hzwuLhEXVqv1u1V+ChWjfCFxDlZlSbUu5a7BA73DbF7Ocg9JDasY3db0a/tt19GgDfdMQSYUoBfRGE6SsZCS+ELfS/VrV0wVxVlsGYXTfYb0kFry/ZjyDdUw7mMNcOGFEwnyz4RI4tVpqn1d/DiibAmwVONoKNkRAR9m6Ogjc5oylHOKZAkPV/KusLaiQUNEPGwxMsxGKtYj87N5Y8SBNVM2ABPU6Ay+6J9hOcZawJyM6/iVbjA1CecDqSOtAvd3pw0aC5hPEOQ2cp3H5mSdiSyDgAsRFkdmR18CYnSPU3CBiG2WM7LYMI20vtwNV52b6z4tl68sHy+LhVzSa5xZoHaa0V86wFonMyiQ/18HtKdyFSQFgwSyCEyTnocZWxkMg2HUFoyqm31PRsQbRzNRxXfWKDzlgWNAMSE5EHssKWrZYDiUV84IAeWzmMKmv5O5vPVGN8EVmRmiqDpNgc9YwpZWc0K/egjhTOcozmMdSIWvsx7ozk0lNxIn+I2A=
X-Microsoft-Antispam-PRVS: <BN6PR01MB3202667E467768B8B0416ED1A09F0@BN6PR01MB3202.prod.exchangelabs.com>
X-Microsoft-Exchange-Diagnostics: 1; BN6PR01MB3202; 4:ri7Sy8uKr37gINIU2EA02dAIHHGGE3Ypo0lD2Nl0FuouHOouKGy2jQ+WOk/EIZlJGIquH3N2pxdbUldr62dSt1hr1TWjjWH4PX1SvarfEKH0G6smLnfvmgCPjTtxWfaY72WHeGt0Z765u12ql+JGAWnkJzW6hnKWkywnVLlrHhMxsu/0RHanxyLuaMiSNpAArB/MdZkIzE+fdjkP72GcZPbpOWKkc2AAP8d/g508L7RMr+DBaUHGaAvI1W+QueOzt4jzQtf8MPTecWBgVHpgwUzR/otCnjUKzjl3JIJ7u7y652oFwjEFiPMAzB2nMB0R
X-Forefront-PRVS: 0924C6A0D5
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BN6PR01MB3202; 23:PmAhWCCEgQfh+zU+EXAxsqUejep8FtrOhVnuOvhvm?= =?us-ascii?Q?lpK/D/lDqVIPlZSA6DJtQx955c74ZvU91BBVEBK0projk2tlXsbBt+9UgZzT?= =?us-ascii?Q?SRVdU5/lFqdUXrs9TMpb1JExmuzXBYf5c345kDgFkycgrsc7Q1/grGr1+iq2?= =?us-ascii?Q?4a/tCXaIFCbzJo0AqKtGjT7a1k248vhlKHjCrT3SNNIoK02skQE+Es7alS8z?= =?us-ascii?Q?uWGIm9wWu58N7h/0EvvzfSaBVoGvBphU2zfkx7aEr30JmCEAzmyOVCZRLfZZ?= =?us-ascii?Q?IDmHjZ8m5Rqzp6BdN+3uqLWqnQ0U9UcQ/CUBWR8oEV45ZxwMnC4/cHdJC5A/?= =?us-ascii?Q?e+knw2BzrDTw1pH9VYDtXEPPf/FdX950LRB+FbX3mNaYFLzltojMDlPo8rUq?= =?us-ascii?Q?WDkcHQQCQa/oEScuYHooyNxUP0P9D8DIcjj/8g9B7zAMWoLXpFm4Lc1m7bNH?= =?us-ascii?Q?88pP1p802EFIHa7TpNg4UdaytBu2axOekfcpdgRC+2IjyqheWvRhgpPHHN+l?= =?us-ascii?Q?7WRxktG9uulonX7HsNphTcP9nEI8+qnxOZJppVce5byRoak/wblx8uD8Xe9w?= =?us-ascii?Q?wzLy/gUXKcLgKYPMf5pMj7o66SW7GrpBd7D535MXU0RIqyMSPsfAHzJ9UKOe?= =?us-ascii?Q?ekmTsFgrXfepgNLpXOUXl4XzmEb32kZ0vTlmgimMXrv2nrzJ5clBNeBjEpbH?= =?us-ascii?Q?zdPlYGabrLib6+d191DaBBfx+6VdrHPFnrrOcBBlkQpjYDZGcPKIloJIteCg?= =?us-ascii?Q?558+yyErtsCTd/cdX2weVH6cApKeRFphut4jt41lNcIpu/hL2igDDjvGR6A7?= =?us-ascii?Q?kUBsyDfeZPMsHnEN2TqN3gdJmtpVMSwaqkGRBHrr0GNdQ2cK+2owwPCxLC1/?= =?us-ascii?Q?pqkVl3xkGB7Y9yQtLife/5cc5GL8CBfQF90FsMwdPqJ1QvScFX87I6AOtCOv?= =?us-ascii?Q?BcL5oIUx+19+Zg8pB74cresRoXGQqzVUOYmJc6jhC0FUa+DXjLKpyBffCH4K?= =?us-ascii?Q?iqgURl46qTW/+InEWQsoguJ+gzUlAbMgPzf8nQVSiRQXiPDYIFh/9ToRdN/x?= =?us-ascii?Q?izqYiGbmpMmPssYPCvloVS8xUFAgLUN8FAK2KIFr9Pu7uDE2PJTGUF0SvSya?= =?us-ascii?Q?79gPDCvhduz7b4QsfQLqudSizpmvM+4+L7t1fAnDEvjhEgliDoIql+MJWgvc?= =?us-ascii?Q?CPomJo/frwLrSh7ZrzhMBeGdUCr/S9QzFXwOw2iU2mZ9j09oWp2X99pYsNmg?= =?us-ascii?Q?+vMuFq1iuK+R7Jxew6Kp33BlzQBqKIzlL1zWNT/qTuts47HAQ7kH/2F8tT9m?= =?us-ascii?Q?aQziiehVYLwOnAAno/9snQ=3D?=
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: Cog1nUs4wKKbTlulqbVSldwYYar3i3PDGv9XRNlMhcJXqakqwIgGRfMyQwwN1rrR3FPfMW0SASsbCPWq5OWWf4DkZVG2gbu7sZytzVXIcqB5vFmr9CExO7x2nDfcgRtfidUM6N5uTQ6elA/pKwckt7fsSAdI+Eu4gcNxKWRvdm5+6GW6iKfHCV718iR2DDP2nfgyNgt3uq1YWlCSBnLqJuawM03W0BEDpi1QZiFR5olVW8dNaZMS/xY8oILR/BqJq7zoMWPi6LG++yf5ri1Y8QU1NNQ0Id3k3L1zkTuAyOmwS276Ty4HgzdyfpzrScHPGzOYks19ESSTruSgbDaXt9iVUBA5jn15MxxmrbpYd6WG86+Kf4qwOAG4taPVIMEpX2r7dijbdjtjUjzfiJjs/9vv5gGyE4ytSt3C6r7y70c=
X-Microsoft-Exchange-Diagnostics: 1; BN6PR01MB3202; 6:SONux1QCcNEEhNbZqW9U6K5zI3xHh3q1eteYyX8gqYAdHnjE3CbYPtys34rDPEuj1XC6jeXv5+VfHV5PrS2cgYBtQyGD+dTz/+cKcwS+LhhjvckQCkOpWE8YC4y1au2tld8da3pHmTV9EOly2noDpk8vxaQhJ+0mcysNEjM55pcoMBFsuOwBr1mGM2SN7WAi2Z7/LvSEOhne86gRQPJ/wd4xYSLyHo02RUoFe2Sa2KyTAdnVvQUN0TFJj7Or7oPxfQTzxv8nDEtvq8XJ9h2JrdgY/+4Gkx+fAkMxF2/ZZ2DmvOt9MHcimULa4OLPJbiQsAaKLUjtbki0v0vfGaAcnLxdCv+4TkcKJLBlCJ5rDdTU+fYM7C/OQaIwcgBoUuAaFlVVeof4elvaBF4Mh6fgLL0P/ZQTmHJ/Z2lnFdZZSgaVsqPiygKn0u5ff4sVD/no/pTH/GFwPHwMsXgl6Ml/Zw==; 5:ZOOIBGsHsTvR8tbOAth9/ZHdgypvlMw0P6bcDEwLGk0wKtnbeYgomolfyV45QLITIUraTST1JVVA30bCYmTWgfBm2Jb2fJ4Wvlarv5FyF0GLUeYKPj7UUV245UooDmHno9aXRLMv6gJ0js0Vivfhhc9VxniO//4kfzU4fDcu5u3fkaCRZOjE12FJbSm2YyHmmalbMfmVFHh54jV7bCojyQ==; 7:oVsLL5c7kzjPA/OPL6NHIawJadnzhcHxU3+aeuRJ/SsDvq2x2fjLqsFOn4lzhVUZ3Gh4mSTGRs4vl+IL/5zh0Kt1HIAFJxuyeq7Kf2CeywMYq8xs5iuhSP93c/VnZkL7XfFcl1eaybRmPqvEsmfABA==
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jan 2019 14:48:21.8806 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: caf8c354-c926-493a-b2a1-08d67faf7da7
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=64afd9ba-0ecf-4acf-bc36-935f6235ba8b; Ip=[18.9.28.11]; Helo=[outgoing.mit.edu]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR01MB3202
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/Q4IBifZeG0xlbYD1KLflkVYNqmo>
Subject: Re: [dmarc-ietf] Benjamin Kaduk's Discuss on draft-ietf-dmarc-rfc7601bis-04: (with DISCUSS and COMMENT)
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jan 2019 14:48:30 -0000

On Mon, Jan 21, 2019 at 02:25:45AM -0500, Murray S. Kucherawy wrote:
> On Sun, Jan 6, 2019 at 12:27 PM Benjamin Kaduk <kaduk@mit.edu> wrote:
> 
> > > Section 2.3
> > > >
> > > >    body:  Information that was extracted from the body of the message.
> > > > [...]
> > > >       interest.  The "property" is an indication of where within the
> > > >       message body the extracted content was found, and can indicate an
> > > >       offset, identify a MIME part, etc.
> > > >
> > > > I'm not seeing where it's specified how the "property" gives an offset.
> > > > I see other descriptions below about specific header fields and SMTP
> > > > verbs and such, though.
> > >
> > >
> > > That's text from the 2009 version of this work.  Those were speculative
> > at
> > > the time and haven't yet materialized, at least not in standardized use.
> >
> > Are you proposing to leave the text unchanged regardless?
> >
> 
> I know the use case exists, because I wrote that text when I worked for a
> company that was likely to make use of it, but it appears that hasn't
> happened in the deployed universe.  So now we have a registry entry for the
> "body" ptype which isn't deprecated, but possibly no live uses of it.  The
> working group didn't discuss taking any action to either "fix" or bolster
> this, as its focus was elsewhere (specifically the changes needed to
> support the DMARC/ARC work).
> 
> I'm inclined to leave it as-is, possibly with a remark capturing what I
> just said here.  If no uses of it appear before someone decides to revise
> this again, we can formally deprecate it.

Okay.

> > Section 3
> > > >
> > > >    of the validity of the connection's identity using DNS.  It is
> > > >    incumbent upon an agent making use of the reported "iprev" result to
> > > >    understand what exactly that particular verifier is attempting to
> > > >    report.
> > > >
> > > > Does that in practice constrain "iprev" usage to within a single ADMD?
> > > >
> > >
> > > I would imagine so.
> >
> > This is just the COMMENT section, so do what you will, but I would consider
> > mentioning this property of "iprev" more explicitly.
> >
> 
> Actually, on second thought, it doesn't: ADMD #1 could attach an "iprev"
> result that ADMD #2 could decide it trusts.  That is, sort of, the ARC
> model -- you decide whose external results you're going to believe.

Part of that seems to be having a side agreement between ADMD #1 and ADMD
#2 about the semantics in use in order for the trust to be meaningful.  But
I guess we don't need an IETF standard for that to be possible.

> About to post the new version.

Thanks.

-Benjamin