IETF Logo Mail Archive

Re: [dmarc-ietf] PSD Related Privacy Considerations For Aggregate Reporting Draft

Scott Kitterman <sklist@kitterman.com> Wed, 01 February 2023 14:24 UTC

Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11515C169529 for <dmarc@ietfa.amsl.com>; Wed, 1 Feb 2023 06:24:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.097
X-Spam-Level:
X-Spam-Status: No, score=-7.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b="XKLUnyWg"; dkim=pass (2048-bit key) header.d=kitterman.com header.b="VGbBaGwu"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WZd-cn1oCOeY for <dmarc@ietfa.amsl.com>; Wed, 1 Feb 2023 06:24:17 -0800 (PST)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DAAEAC1516EB for <dmarc@ietf.org>; Wed, 1 Feb 2023 06:24:17 -0800 (PST)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) by interserver.kitterman.com (Postfix) with ESMTPS id C4FADF802DC for <dmarc@ietf.org>; Wed, 1 Feb 2023 09:24:06 -0500 (EST)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903e; t=1675261431; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from; bh=pHLlO+cZwFStHHz0l2ewOvGb1GQtOVBMNUhaOuYspYY=; b=XKLUnyWgl6fUYnkyx4FUEFu5fh7HvBdBqvGe9ShYI+BmAwZcYdj+DdxOURN5mwV2nAydt aHvVBKr4+1Iu3mTDA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903r; t=1675261431; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from; bh=pHLlO+cZwFStHHz0l2ewOvGb1GQtOVBMNUhaOuYspYY=; b=VGbBaGwupOyrnK+iXodlb3b1aKkQr92YTSfgAc3YTsRQfhRjvNuZM+TOJ6vBEUB8+YVn/ 21aiWApLBgwEgxwnJUppWwMpXZ5Zz7Goia0BoIWg0H/0n1JMdbVA8mGWdNp9aZEey+u6Lba p0z1vESBTcBeBDIHy7vNDkUnlOb2i/tuf47cgnNOfpc01zegiGDfk+9YYz0wwx0ChNIxxVI 8QA6+BLTmOXdBvre0bhiBFdOmvgT+84zn8/icZ8SFT+5VG7yBlO2fY2k3tp0G+Ee87Io7EE 8m8SlHkVqDUV/+TbrMhGGmlit4a3Zj0KSigusvTSV+t2P46FsrF0xIB9WUCg==
Received: from localhost.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) by interserver.kitterman.com (Postfix) with ESMTP id 91646F80277 for <dmarc@ietf.org>; Wed, 1 Feb 2023 09:23:51 -0500 (EST)
From: Scott Kitterman <sklist@kitterman.com>
To: dmarc@ietf.org
Date: Wed, 01 Feb 2023 09:23:46 -0500
Message-ID: <1986598.AJv8QXXSZU@localhost>
In-Reply-To: <0b43a598-0905-bd3d-ed09-aa9d97a72764@taugh.com>
References: <CABZJ8k=Rkh9+AoDA+N2tawU+GkizNRS-MG14sRayYHWBmFP62A@mail.gmail.com> <CABZJ8kmbWGpZ-JBEN_hzf5K5X-PbXY0r0WGu2rwfUyi-i6na0Q@mail.gmail.com> <0b43a598-0905-bd3d-ed09-aa9d97a72764@taugh.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/QRQUTv507swn7e5JYxxSiAC8a-Y>
Subject: Re: [dmarc-ietf] PSD Related Privacy Considerations For Aggregate Reporting Draft
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Feb 2023 14:24:22 -0000

On Tuesday, January 31, 2023 4:06:16 PM EST John R Levine wrote:
> > example, but what matters is really the existence of example.com as I
> > think
> > the purpose is to not leak information to a PSO for a domain that do exist
> > without a DMARC record.
> 
> The ENTIRE POINT of PSD records is to send reports about subdomains that
> exist but don't have their own DMARC records, so the PSD can tell the
> subdomain to fix it.
> 
> The only domains that will ever publish a PSD record are ones like .BANK
> and .INSURANCE that have contracts with their registrants, or like .GOV
> that are effectively a single organization.
> 
> There no chance whatsoever that .COM or any other unrestricted TLD will
> ever publish a PSD record.
> 
> Now that I look at the privacy considerations, we need to rip out stuff
> about Multi-organization PSDs (e.g., ".com") that do not mandate DMARC
> usage because it makes no sense, and the bit about nonexistent only doubly
> makes no sense since it's impossible to implement.

I agree there's no chance a PSD like .com would be authorized to publish a 
DMARC record, but a big part of why is the privacy implications of allowing 
it.  I think we should document the concerns.  ccTLDs will need to develop 
their own policies and we should give them the relevant information to support 
that.

Determining what's a single org PSD, a multi-org PSD, or a multi-org PSD with 
restrictive policies is not something mail receivers can reliably do as part 
of their ongoing operations.  To the extent it's done it needs to be done by 
ICANN (or their ccTLD equivalents) when determining is a PSD should have a 
DMARC record or not.  For a mail receiver I think it's reasonable to assume 
any PSD (psd=y in their record) should be treated conservatively and only send 
reports for non-existent domains.  They might want to take on the technical 
and administrative burden of maintaining their own list of "good" PSDs that 
could get more feedback, but I don't think PSD has broad enough utility to be 
worth the trouble.

I think we have in the drafts is generally complete and correct.  I don't 
think we should reduce the scope of the privacy considerations.  It might make 
sense to be explicit that mail receivers won't be able to tell which kind of 
PSD they are dealing with in real time, so should consider that when 
determining their local policy for feedback based on PSD DMARC records.

Scott K

v2.23.0 | Report a Bug | By Email