IETF Logo Mail Archive

Re: [dmarc-ietf] Version bump: was DMARC2 & SPF Dependency Removal

Tim Wicinski <tjw.ietf@gmail.com> Sat, 10 June 2023 19:35 UTC

Return-Path: <tjw.ietf@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A5D2C152F0D for <dmarc@ietfa.amsl.com>; Sat, 10 Jun 2023 12:35:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cNFgd27S486I for <dmarc@ietfa.amsl.com>; Sat, 10 Jun 2023 12:35:13 -0700 (PDT)
Received: from mail-ej1-x633.google.com (mail-ej1-x633.google.com [IPv6:2a00:1450:4864:20::633]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 59D8BC152F07 for <dmarc@ietf.org>; Sat, 10 Jun 2023 12:35:13 -0700 (PDT)
Received: by mail-ej1-x633.google.com with SMTP id a640c23a62f3a-970028cfb6cso532253866b.1 for <dmarc@ietf.org>; Sat, 10 Jun 2023 12:35:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1686425711; x=1689017711; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=cynYYB3XGu2DGS2jxQ9eDQ3933vlOjNM2ld1X62wvQY=; b=Imgbt6wf0+rU0RXlf4uaJmove0jYoYS7PbB7jffcqC4qr51sN/2/ao4PRsEF/URcki Yp8EmdtdRabUyoAS7sv3yA2k8g7RbB6S0fClKQ0JBRkql3AR1Daf81q2WO/8LVXpwBbL IvLOpYrnapYfJJhJEWs/1BOaTI9XLWVFNuO1bj2SScwb2joHuCTFtBhfmvvHdyx6FpBJ kGHzsUhOVG38CIOrvCDBAwf8T79O/OjF/dC0bluaf8Bo6JVUaGr+QF4TH/alyi/OZf17 tb/FcxDu7M3A1QlP6hgePiMve5e3+BySXwvsPsu5yzIh0xVOPTPJ/77ECSOWs+eDbaDn Zk8g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686425711; x=1689017711; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=cynYYB3XGu2DGS2jxQ9eDQ3933vlOjNM2ld1X62wvQY=; b=Vu+xQ6N3db7PBT1iFWYtWWMFhWKCQReAnjCZyhn9d0cbAGVX1ANn94WFPlBhP2S0Uj gvm9fqfiKveayWsGYtQhTHpvq5Ly132NJABBEZZY5MjVmJPnENLQvkqORBi71OGYimfK a7P1sEXUAa+ol3z+NKsNK1YYEC3xLdWMg6oAqP7+WboDzBFwSECNg/u5YwkE5iEl5EeN lSEb29SZfxqT2lXcp0g6WY2700anEz3RU1SFpTbboI4fr9k17bASSjacAHd061VVZ6QY XpDCjsoumq4o06NHDFqeWEqY3mgL3hi+W/5xXj2LN8d2LdKAcH5vGPtP77kBdTipC3nJ QHxw==
X-Gm-Message-State: AC+VfDy/l/W7UEcte7ZC0xCcaWnnSKKMIli6pf/UdCf1ToR+51J0bkKn 7CoQES4nYZBMmb08aScj68EfC+dA59CaoVr8KMWa14hL
X-Google-Smtp-Source: ACHHUZ4xzp+gNladNv2o1vDA9DIAU8TrEa4ZBUxvJeEx6sKUTTUUVkTCygb6Jgi924EvWyOyN9be1sXt716l8aOMY1U=
X-Received: by 2002:a17:907:7e9a:b0:94f:3521:394 with SMTP id qb26-20020a1709077e9a00b0094f35210394mr5312972ejc.51.1686425710567; Sat, 10 Jun 2023 12:35:10 -0700 (PDT)
MIME-Version: 1.0
References: <30BB83B2-B454-41B8-992B-8E2569802D9C@1und1.de> <502ADE6F-E01E-4DF0-BF79-6A5E810A3F96@kitterman.com>
In-Reply-To: <502ADE6F-E01E-4DF0-BF79-6A5E810A3F96@kitterman.com>
From: Tim Wicinski <tjw.ietf@gmail.com>
Date: Sat, 10 Jun 2023 15:34:59 -0400
Message-ID: <CADyWQ+FrU2Mo3vurUHtfXQZdWGrjuiBu5OVkctte90Nen0-AWw@mail.gmail.com>
To: Scott Kitterman <sklist@kitterman.com>
Cc: dmarc@ietf.org
Content-Type: multipart/alternative; boundary="0000000000006b240305fdcb9579"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/Snm6hj3IfCRaPL4lzB5mwHwtpxQ>
Subject: Re: [dmarc-ietf] Version bump: was DMARC2 & SPF Dependency Removal
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Jun 2023 19:35:14 -0000

I'd rather add an option to flag some behavior rather than do a version
bump.

Have to agree with Scott that version bumps take forever.
(I had a network engineer recently tell me that DNS packets *MUST* be no
larger than 512 bytes - and EDNS0 was 1999?)

tim

On Sat, Jun 10, 2023 at 3:03 PM Scott Kitterman <sklist@kitterman.com>
wrote:

>
>
> On June 8, 2023 12:58:51 PM UTC, Tobias Herkula <tobias.herkula=
> 401und1.de@dmarc.ietf.org> wrote:
> ...
> >
> >However, such a fundamental shift in the protocol's architecture warrants
> a clear signifier. I suggest we upgrade our DMARC version string from the
> current state to 'DMARC2.' This upgrade would not only denote the change of
> SPF removal, but also the switch from the Public Suffix List (PSL) to the
> Tree-Walk algorithm.
> >
> >By moving towards DMARC2, we not only update our standard to better
> reflect our present requirements, but we also make a clear commitment to
> the ongoing evolution and improvement of the protocol.
>
>
> There's been a fair amount of discussion of the drop SPF part of this
> proposal, but I think less about the question of version bumps.  I'm going
> back to the top of the thread to focus on that.
>
> I don't think there's much precedent for version bumps being successful in
> any reasonable time frame.  How long did it take to transition from SMTP to
> ESMTP?  Is it done yet?  Absent IPv4 address exhaustion, how many more
> decades would it have taken for IPv6 deployment to take off?  SSL/TLS is
> the best example I can think of, but even that, where there are very strong
> security and privacy incentives, has been too slow and very painful.  We
> have nothing like that level incentive for people to support an
> incompatible break between non-IETF DMARC and IETF DMARC.
>
> Technically, it's a new protocol.  There's no technical difference between
> saying records now have to start with v=DMARC2 and they have to start with
> v=NOTDMARC.  It's a decision to abandon all existing deployments and start
> over.
>
> What's the incentive that any existing DMARC users (senders or receivers)
> would have to invest additional resources in another email authentication
> protocol?  My expectation is that if the IETF decides to bump the version,
> very little deployment of the IETF variant.  "The IETF says this one is
> better" doesn't move budgets in any meaningful way.
>
> My suggestion is that if we determine that a change requires a version
> bump, out response should be to not make that change instead.
>
> For clarity, I don't think the tree walk should drive a version bump (and
> we already went over that, let's resist the temptation to do it again), but
> if it did, then I would rather stay with the PSL.
>
> Please, no version bumps.
>
> Scott K
>
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>

v2.23.0 | Report a Bug | By Email