IETF Logo Mail Archive

Re: [dmarc-ietf] Version bump: was DMARC2 & SPF Dependency Removal

Scott Kitterman <sklist@kitterman.com> Sat, 10 June 2023 19:54 UTC

Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B80DEC152F1D for <dmarc@ietfa.amsl.com>; Sat, 10 Jun 2023 12:54:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.097
X-Spam-Level:
X-Spam-Status: No, score=-7.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b="QQCcXgTt"; dkim=pass (2048-bit key) header.d=kitterman.com header.b="JKPga5+9"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1fYtxEY6fnMP for <dmarc@ietfa.amsl.com>; Sat, 10 Jun 2023 12:54:51 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [IPv6:2604:a00:6:1039:225:90ff:feaa:b169]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 71DCEC152F1A for <dmarc@ietf.org>; Sat, 10 Jun 2023 12:54:51 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [IPv6:2604:a00:6:1039:225:90ff:feaa:b169]) by interserver.kitterman.com (Postfix) with ESMTPS id D947AF80249; Sat, 10 Jun 2023 15:54:34 -0400 (EDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903e; t=1686426858; h=date : from : to : subject : in-reply-to : references : message-id : mime-version : content-type : content-transfer-encoding : from; bh=2yFOlk27n9tEYdakegj0l6aIHPkwT1SPeizR1xFsnC4=; b=QQCcXgTtJGSkilY8f+FyWfz32Hmy5WVlVldeSEaqrVLhflunExp7VWHqq+A3EzwQApksF Y6tEn+p2MXfB30GAQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903r; t=1686426858; h=date : from : to : subject : in-reply-to : references : message-id : mime-version : content-type : content-transfer-encoding : from; bh=2yFOlk27n9tEYdakegj0l6aIHPkwT1SPeizR1xFsnC4=; b=JKPga5+9I5a7HIuYSa00uWtp+iXBbXHbdLBVHAn1/5czSsip1q0h8aUZa1IEU0slVKyC5 LnnaHH9km/R8T2UkzGvORsCLJfoHdDOCehpAeNVaJk86rL2ACy4Q+Bz8PUfSgIItfWESL6S laqhvC8bsXokXeZA9Ljt0I2aMQaNAQhasemCqFagk2kf21c/2BPYt1EOv/nO+yxXCtr6dRI mjhOhbnMejMwU86d5pf3eUJ+EOUVn8W+GDajk+xMqRRHCo6NVNGRI5t3vhty8uRo6EY6W1R wVY8MlSUovS752Ayw0KRn0rTHaH76w95I3QRrYqM6mmlqYLzLqdfp2DoRD4w==
Received: from [127.0.0.1] (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) by interserver.kitterman.com (Postfix) with ESMTPSA id D68E4F801FF; Sat, 10 Jun 2023 15:54:17 -0400 (EDT)
Date: Sat, 10 Jun 2023 19:54:14 +0000
From: Scott Kitterman <sklist@kitterman.com>
To: dmarc@ietf.org
In-Reply-To: <CADyWQ+FrU2Mo3vurUHtfXQZdWGrjuiBu5OVkctte90Nen0-AWw@mail.gmail.com>
References: <30BB83B2-B454-41B8-992B-8E2569802D9C@1und1.de> <502ADE6F-E01E-4DF0-BF79-6A5E810A3F96@kitterman.com> <CADyWQ+FrU2Mo3vurUHtfXQZdWGrjuiBu5OVkctte90Nen0-AWw@mail.gmail.com>
Message-ID: <A610310C-75F3-4810-BF11-6AF7BF4EAE31@kitterman.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/Qocqp7vml-_DH4e0zcnPBdyas90>
Subject: Re: [dmarc-ietf] Version bump: was DMARC2 & SPF Dependency Removal
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Jun 2023 19:54:56 -0000

To the extent we might need it so far, I think the psd= tag is that flag.

Scott K

On June 10, 2023 7:34:59 PM UTC, Tim Wicinski <tjw.ietf@gmail.com> wrote:
>I'd rather add an option to flag some behavior rather than do a version
>bump.
>
>Have to agree with Scott that version bumps take forever.
>(I had a network engineer recently tell me that DNS packets *MUST* be no
>larger than 512 bytes - and EDNS0 was 1999?)
>
>tim
>
>On Sat, Jun 10, 2023 at 3:03 PM Scott Kitterman <sklist@kitterman.com>
>wrote:
>
>>
>>
>> On June 8, 2023 12:58:51 PM UTC, Tobias Herkula <tobias.herkula=
>> 401und1.de@dmarc.ietf.org> wrote:
>> ...
>> >
>> >However, such a fundamental shift in the protocol's architecture warrants
>> a clear signifier. I suggest we upgrade our DMARC version string from the
>> current state to 'DMARC2.' This upgrade would not only denote the change of
>> SPF removal, but also the switch from the Public Suffix List (PSL) to the
>> Tree-Walk algorithm.
>> >
>> >By moving towards DMARC2, we not only update our standard to better
>> reflect our present requirements, but we also make a clear commitment to
>> the ongoing evolution and improvement of the protocol.
>>
>>
>> There's been a fair amount of discussion of the drop SPF part of this
>> proposal, but I think less about the question of version bumps.  I'm going
>> back to the top of the thread to focus on that.
>>
>> I don't think there's much precedent for version bumps being successful in
>> any reasonable time frame.  How long did it take to transition from SMTP to
>> ESMTP?  Is it done yet?  Absent IPv4 address exhaustion, how many more
>> decades would it have taken for IPv6 deployment to take off?  SSL/TLS is
>> the best example I can think of, but even that, where there are very strong
>> security and privacy incentives, has been too slow and very painful.  We
>> have nothing like that level incentive for people to support an
>> incompatible break between non-IETF DMARC and IETF DMARC.
>>
>> Technically, it's a new protocol.  There's no technical difference between
>> saying records now have to start with v=DMARC2 and they have to start with
>> v=NOTDMARC.  It's a decision to abandon all existing deployments and start
>> over.
>>
>> What's the incentive that any existing DMARC users (senders or receivers)
>> would have to invest additional resources in another email authentication
>> protocol?  My expectation is that if the IETF decides to bump the version,
>> very little deployment of the IETF variant.  "The IETF says this one is
>> better" doesn't move budgets in any meaningful way.
>>
>> My suggestion is that if we determine that a change requires a version
>> bump, out response should be to not make that change instead.
>>
>> For clarity, I don't think the tree walk should drive a version bump (and
>> we already went over that, let's resist the temptation to do it again), but
>> if it did, then I would rather stay with the PSL.
>>
>> Please, no version bumps.
>>
>> Scott K
>>
>> _______________________________________________
>> dmarc mailing list
>> dmarc@ietf.org
>> https://www.ietf.org/mailman/listinfo/dmarc
>>

v2.23.0 | Report a Bug | By Email