Re: [dmarc-ietf] Announcing DMARCbis Editors
Hector Santos <hsantos@isdg.net> Tue, 10 November 2020 21:57 UTC
Return-Path: <hsantos@isdg.net>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9FC5D3A1086 for <dmarc@ietfa.amsl.com>; Tue, 10 Nov 2020 13:57:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b=IF84fPnH; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b=dnJLrFWR
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0LGiuA3X5hAA for <dmarc@ietfa.amsl.com>; Tue, 10 Nov 2020 13:57:06 -0800 (PST)
Received: from mail.winserver.com (mail.santronics.com [76.245.57.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A4A443A1082 for <dmarc@ietf.org>; Tue, 10 Nov 2020 13:57:05 -0800 (PST)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha256; c=simple/relaxed; l=4583; t=1605045423; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=n+TE0yg7PZ521aNSTokrLZZNB5Fk M9m62EV6GpHn1yI=; b=IF84fPnH4ciAYjW9QoFyBx7clmF6sZZESulopi5bOYA4 u50VEV1e8JH35Oagqw+xin71BYoLbOS1tG8BToOVjrH5wwvsBdgQOOmO14xloDOg +u19Ud/0CvgSFzKp10acTyT/AKoJEVUsEzXt6tU/3C1tp8HHQZ2NrTz6PVCGIqg=
Received: by mail.winserver.com (Wildcat! SMTP Router v8.0.454.10) for dmarc@ietf.org; Tue, 10 Nov 2020 16:57:03 -0500
Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; dmarc=pass policy=reject author.d=isdg.net signer.d=beta.winserver.com (atps signer);
Received: from beta.winserver.com ([76.245.57.74]) by mail.winserver.com (Wildcat! SMTP v8.0.454.10) with ESMTP id 2780503524.1.3708; Tue, 10 Nov 2020 16:57:02 -0500
DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=4583; t=1605045132; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=n+TE0yg 7PZ521aNSTokrLZZNB5FkM9m62EV6GpHn1yI=; b=dnJLrFWRElKNXG2fNBONTjL v5PTwgMpXxqNlepg6M/I5AxncZ5B9cZZlRhkh7YbWueTvX+sQWdlwpNzfGxpZ7gK svuvykWkyGDHwwDACJ9cjQC56KnUiWnMiq25m/6QkCPsN+b7pgSFk2vHE76IbaWg QFw/UEkJDfWsQzjgnhc8=
Received: by beta.winserver.com (Wildcat! SMTP Router v8.0.454.10) for dmarc@ietf.org; Tue, 10 Nov 2020 16:52:12 -0500
Received: from [192.168.1.68] ([75.26.216.248]) by beta.winserver.com (Wildcat! SMTP v8.0.454.10) with ESMTP id 2647403813.1.5260; Tue, 10 Nov 2020 16:52:11 -0500
Message-ID: <5FAB0CAD.4090809@isdg.net>
Date: Tue, 10 Nov 2020 16:57:01 -0500
From: Hector Santos <hsantos@isdg.net>
Reply-To: hsantos@isdg.net
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1
MIME-Version: 1.0
To: Jim Fenton <fenton@bluepopcorn.net>, Steven M Jones <smj@crash.com>
CC: dmarc@ietf.org
References: <CAOZAAfOt0gH7HELPgNTyo--GbLWpSVx-94Ea-MSpdCq_0CT3KA@mail.gmail.com> <5A7444DD-385E-44E3-BAAF-BE87AE5FDA61@bluepopcorn.net> <CAHej_8=vGTd5Gqn0=unidGLeMTHQOFsSCK5_Gk9BoUDPULdfSQ@mail.gmail.com> <3676bcc9-8c7f-102a-f844-d08d6914077e@tana.it> <CAOZAAfOi9SgMJipeyBCPe0YHnRCbQX4_w1hupP2PPHLoNzQChw@mail.gmail.com> <6460DF58-84E9-4390-9268-A7492476E0F3@bluepopcorn.net> <00c2d38b-914b-274f-af3f-c0c808de37e4@crash.com> <FCB2C3DD-74BD-4C8D-B6B1-1A146CCB2E2F@bluepopcorn.net>
In-Reply-To: <FCB2C3DD-74BD-4C8D-B6B1-1A146CCB2E2F@bluepopcorn.net>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/QYAZduU9r-iFCRxvZpwM3QXzQzw>
Subject: Re: [dmarc-ietf] Announcing DMARCbis Editors
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Nov 2020 21:57:10 -0000
On 11/9/2020 6:04 PM, Jim Fenton wrote: > On 7 Nov 2020, at 20:12, Steven M Jones wrote: > >> Okay, but what is the expected payoff from splitting it out? Does it >> make it easier to process and approve updates of the policy content >> separately from, say, the description of record discovery or >> Alignment concepts? Easier to pass muster for Standards Track? Are >> implementers currently confused and dissuaded by having policy >> details mixed with the other content? >> >> If the benefits seem worthwhile, I could get behind the split - but >> there ought to be a clear benefit. > > The benefit I have in mind is that reporting does not cause issues > with indirect mail flows (the addressing of which is item 1 on the WG > charter), so it can proceed even while there isn’t WG consensus on how > to solve that problem for the policy piece. Or in the extreme case, it > can proceed even if IESG considers the policy piece to not have an > acceptable solution. > > Of course, if the solution to the policy piece is likely to affect the > discovery/binding of the policy and reporting, which would be in the > base document, this argument doesn’t hold. My view. I was the 2nd on Jim's proposal to split DMARC. I presumed the obvious: - DMARC-BASE - DMARC-REPORTS (optional reporting features. Not required) DMARC-BASE is the base policy protocol based on the DKIM-POLICY model as was DKIM-SSP and DKIM-ADSP. All these proposals used the required DKIM 5322.From domain identity binding as input for a DKIM Policy model.The DKIM Signer Domain identity is input for an Reputation lookup that never materialized. DKIM-VBR is the closes thing we have to a IETF proposed reputation lookup for DKIM. DKIM-VBR does the Author and Signer as input. I favored the split for the same reasons DKIM was split into two WG PS work items: - DKIM-BASE was the base signing/verification protocol, - DKIM-POLICY where DKIM-SSP was the draft proposal on the table. The split allowed DKIM-BASE to be completed and now we have a DKIM STD document. Fenton was the editor of DKIM-SSP. It evolved to DKIM-ADSP which was abandoned and the DKIM WG ended. It was replaced with DKIM-DMARC as an Informational Status document. Keep in mind that DKIM-SSP covered 3rd party policies with an "o=" tag: SSP Draft: o=~ NEUTRAL (signature optional [No 3rd party?]) o=- STRONG (signature required, 3rd party allowed) o=! EXCLUSIVE (signature required, no 3rd party) o=. NEVER (no mail expected) o=^ USER WG Suggestions: o=? WEAK (signature optional, no third party) o=~ NEUTRAL (signature optional, 3rd party allowed) Due to the ambiguity of the 3rd party policies and the lack of a 3rd party authorization protocol, Levine rewrote DKIM-SSP draft 3 titled DKIM-ASP and by draft 10, it became DKIM-ADSP. ADSP stripped the 3rd party semantics and pretty much left an EXCLUSIVE policy with ADSP DISCARDABLE policy. DMARC also offered a similar exclusive signing policy and also reported as well. Fast forward to today. I believe the charter is touching based with the 3rd party resigners design issues. So we are back to a situation where we may have three documents: - DMARC-BASE base protocol for current strong 1st party policy, - DMARC-REPORTS optional reporting - DMARC-TPA Third party Authorization proposals. The DMARC-TPA should cover ATPS, ARC and hopefully conditional signatures. However, based on the charter, it outlined specifically: * Incorporate ARC or something that deals with indirect mailflows This work item was lumped into DMARC-BASE. My position is this: I believe ARC or "something that deals with indirect mailflows" that is not well defined or has not gained traction as a TPA solution, should not be included in DMARC-BASE. DMARC-BASE should be independent of any other add-on but it should allowed for Tag Extensions to support TPA concepts included ARC, ATPS and conditional signatures. In my opinion, this is a best way to get DMARC-BASE fast tracked to standardization. DMARC-TPA or DKIM-TPA can be a separate doc that specifies add-on DMARC augmentations which are designed to help address the long time 3rd party resigned and authorization issue. While I personally, and I believe ideally, prefer ATPS be included in the DMARC-BASE protocol, due to the lack of WG support, I rather get the DKIM-BASE 1st party semantics completed first. Thanks -- Hector Santos, https://secure.santronics.com https://twitter.com/hectorsantos
- [dmarc-ietf] Announcing DMARCbis Editors Seth Blank
- Re: [dmarc-ietf] Announcing DMARCbis Editors Jim Fenton
- Re: [dmarc-ietf] Announcing DMARCbis Editors Todd Herr
- Re: [dmarc-ietf] Announcing DMARCbis Editors Alessandro Vesely
- Re: [dmarc-ietf] Announcing DMARCbis Editors Kurt Andersen (b)
- Re: [dmarc-ietf] Announcing DMARCbis Editors Seth Blank
- Re: [dmarc-ietf] Announcing DMARCbis Editors Dave Crocker
- Re: [dmarc-ietf] Announcing DMARCbis Editors Alessandro Vesely
- Re: [dmarc-ietf] Announcing DMARCbis Editors Alexey Melnikov
- Re: [dmarc-ietf] Optional p= makes no sense Douglas E. Foster
- Re: [dmarc-ietf] Optional p= makes no sense Todd Herr
- Re: [dmarc-ietf] Optional p= makes no sense Alessandro Vesely
- Re: [dmarc-ietf] Optional p= makes no sense Steven M Jones
- Re: [dmarc-ietf] Optional p= makes no sense Douglas E. Foster
- Re: [dmarc-ietf] Optional p= makes no sense Dotzero
- Re: [dmarc-ietf] Optional p= makes no sense Douglas E. Foster
- Re: [dmarc-ietf] Optional p= makes no sense Steven M Jones
- [dmarc-ietf] Separate policy spec, was Re: Option… Steven M Jones
- Re: [dmarc-ietf] Announcing DMARCbis Editors Jim Fenton
- Re: [dmarc-ietf] Announcing DMARCbis Editors Dave Crocker
- Re: [dmarc-ietf] Announcing DMARCbis Editors Steven M Jones
- Re: [dmarc-ietf] Announcing DMARCbis Editors Steven M Jones
- Re: [dmarc-ietf] Announcing DMARCbis Editors Dave Crocker
- Re: [dmarc-ietf] Announcing DMARCbis Editors Steven M Jones
- Re: [dmarc-ietf] Optional p= makes no sense Alessandro Vesely
- Re: [dmarc-ietf] Optional p= makes no sense Doug Foster
- Re: [dmarc-ietf] Optional p= makes no sense Dave Crocker
- Re: [dmarc-ietf] Optional p= makes no sense Dotzero
- Re: [dmarc-ietf] Optional p= makes no sense Alessandro Vesely
- Re: [dmarc-ietf] Optional p= makes no sense Steven M Jones
- Re: [dmarc-ietf] Announcing DMARCbis Editors Jim Fenton
- Re: [dmarc-ietf] Announcing DMARCbis Editors Hector Santos
- Re: [dmarc-ietf] Optional p= makes no sense Murray S. Kucherawy
- Re: [dmarc-ietf] Optional p= makes no sense John Levine