Re: [dmarc-ietf] Comment on draft-ietf-dmarc-psd

Brandon Long <blong@google.com> Tue, 10 December 2019 00:41 UTC

Return-Path: <blong@google.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75D0912006E for <dmarc@ietfa.amsl.com>; Mon, 9 Dec 2019 16:41:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.499
X-Spam-Level:
X-Spam-Status: No, score=-17.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MvDa8MNzXiXM for <dmarc@ietfa.amsl.com>; Mon, 9 Dec 2019 16:41:41 -0800 (PST)
Received: from mail-vk1-xa2d.google.com (mail-vk1-xa2d.google.com [IPv6:2607:f8b0:4864:20::a2d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 63886120020 for <dmarc@ietf.org>; Mon, 9 Dec 2019 16:41:41 -0800 (PST)
Received: by mail-vk1-xa2d.google.com with SMTP id w67so1378256vkf.1 for <dmarc@ietf.org>; Mon, 09 Dec 2019 16:41:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=WhVsFQTtLYPF2fvCLHzbO2zDf2lhHf+/+rLyZ2RdvLM=; b=dVv+dZnuaCxSUtn6aaVSQR/0JGFHUwA58g2QP62XT8iOWA+BCXN7P+BXgYurNXqEZV lpB2ShbNHEUPaJOp7V4FtIdpS2Dct33odflgMI5MUwZEaxxzW53fDDvXS6UfcdfTlYqj xqFOXAreLyAlX7MYrEBGdw2/0NA1iUJS76K8nwTakXL4MObHFsYIDdQD5lDG1jGDQ+z+ a39UZQWoa1qHxtq5UTJJbECgMahrt8QgvLa/KSOkEgph02/IWJ2QbKTJ25NB/Oftris6 i9zsXCaVjS8jPiWuM1RDJ1PaM83fBRQXdOBvYNpAC1ATXAdKIMp5UnugALF5CvVDD8HD 2bQQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=WhVsFQTtLYPF2fvCLHzbO2zDf2lhHf+/+rLyZ2RdvLM=; b=n7FASlj7HzfiLoRXYzG9kO+bm1HXqetcTe9W6L/NIo0LOZ/VM21iaob21IpU66bRrE JCbmyV1dJ5tsa+YrsSPf/qGmedXRS9cCzmBh/R9s2ojsMMlWYU9BAsgqwU+iFYj3ewQq 1S9iqdGE1jCemc8f/NlTJRYLexZd5yLqfH8ds2Rw3kdJNghGkje9DE4E42xHTMBj7b4U djZ0U/57ER8mw0ZVLo6r3Yeg3v6UeDJ6F7eOBcBnLY7X9u1ei93lQ7BQR4xoOT/aViUe 5C2OAvO2lZ8PuTaFcnVKLJ0O38PdDTbxiE9sHi7ZEK6TFrxMGi+41jb39cIvXU9gUjXD kXeg==
X-Gm-Message-State: APjAAAUl3tvUjMrTL8lkPR75AD3LTB0LvrW5gLhAvpf7i9P0FdyTn/yN 5d5+gA/5WbseEndPEMSNVJJL2Dp4QQAcPc8pSDB5
X-Google-Smtp-Source: APXvYqwCyMQfZLY52RcPnF+VTiKvKzFs/fqPwMe0CUnQmpkOilSozYgefynYoeKbotZJCCWb9GVTCy+TRKPYsxSAz1g=
X-Received: by 2002:a1f:7dcd:: with SMTP id y196mr16229091vkc.29.1575938499782; Mon, 09 Dec 2019 16:41:39 -0800 (PST)
MIME-Version: 1.0
References: <728d7df1-d563-82f4-bfb3-a65a75fdd662@gmail.com> <CAL0qLwacbAT04tckpPcRcnOt=1QByOBeJ7uDf6rNK6NRwtxZYg@mail.gmail.com> <ffa2bf72-3024-237b-86ae-9cc04babeec6@gmail.com> <74a0ea49-7a46-4eb6-c297-cd703f63bd1b@gmail.com> <CAL0qLwbp2hNrgF_xxhKRRODQ6HP=U5_K-r3Wtm1wJZOZcKup3g@mail.gmail.com> <9DE9E7DC-FE60-4952-8595-B2D087A6B780@kitterman.com> <CADyWQ+GSP0K=Ci22ouE6AvdqCDGgUAg3jZHBOg3EwCmw=QG84A@mail.gmail.com> <CABuGu1obn55Y2=CuEYRYCEO3TYYNhYTsdkesQ67O61jRyfO=wA@mail.gmail.com> <79b1cbe6-8a53-9157-63de-210fd2bad89a@dcrocker.net> <CAL0qLwZnomZJTbFB=dfFdw2vWg7B0ObRuoage3pcWaYmP9Kp4A@mail.gmail.com> <082f2102-693c-136d-874c-1182f12a6818@gmail.com>
In-Reply-To: <082f2102-693c-136d-874c-1182f12a6818@gmail.com>
From: Brandon Long <blong@google.com>
Date: Mon, 9 Dec 2019 16:41:27 -0800
Message-ID: <CABa8R6vV3=mONXUehda_6C616CyEXPRjceSN8T+DcPmLQwcXOA@mail.gmail.com>
To: Dave Crocker <dcrocker@gmail.com>
Cc: "Murray S. Kucherawy" <superuser@gmail.com>, Tim Wicinski <tjw.ietf@gmail.com>, IETF DMARC WG <dmarc@ietf.org>, Scott Kitterman <sklist@kitterman.com>, "Kurt Andersen (b)" <kboth@drkurt.com>
Content-Type: multipart/alternative; boundary="0000000000007823e505994ec674"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/QJCX4E6jOSnySYGX9TeKdZ64AEQ>
Subject: Re: [dmarc-ietf] Comment on draft-ietf-dmarc-psd
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Dec 2019 00:41:43 -0000

On Mon, Dec 9, 2019 at 8:44 AM Dave Crocker <dcrocker@gmail.com>; wrote:

> On 12/7/2019 12:11 PM, Scott Kitterman wrote:
> >> Remind me again the the additional work is that might be too much?
> >> Isn't it just another DNS lookup for the org domain -1... of which
> >> there are maybe a couple thousand and easily cacheable?
> >>
> >> This seems way less than say the additional work for ARC.
> > It's slightly more.  There's also a check to see if a LPSD (org -1)
> > is a PSD > DMARC participant.  Exactly how to document that is the major
> > unresolved question that we should evaluate experimentally.  It might
> > be one of three
> > things:
>
> First, this sort of exchange highlights the need for considering basic
> operational issues carefully and before publication.
>
> Second, it highlights the challenges of doing that in a way that isn't
> myopic.  What is easy/cheap for highly motivated, expert, well-resourced
> participants might not be all that easy or cheap for the larger Internet
> community.  (This is the operational side of scalability.)
>

Ah, re-reading the spec, I'd guess we're talking about the scalability of
psddmarc.org.

[snip]

Also, any suggestion to rely on a published list ignores the history of
> problems with such lists, as well as at least requiring a careful
> specification for the list and a basis for believing it will be
> maintained well.


I mean, the PSL is already a maintained object.  Is this new detail
something
that has different ownership/privacy/etc concerns than the existing details?

I'm sure I probably missed this, but couldn't we avoid this question by
just mandating
no reporting for non-existing organizational domains?  Is that a
non-starter?

Brandon