IETF Logo Mail Archive

Re: [dmarc-ietf] Overall last-call comments on DMARC

"Murray S. Kucherawy" <superuser@gmail.com> Thu, 04 April 2024 16:13 UTC

Return-Path: <superuser@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D78BC14F5FB for <dmarc@ietfa.amsl.com>; Thu, 4 Apr 2024 09:13:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZayHtYnDcf-d for <dmarc@ietfa.amsl.com>; Thu, 4 Apr 2024 09:13:56 -0700 (PDT)
Received: from mail-lf1-x135.google.com (mail-lf1-x135.google.com [IPv6:2a00:1450:4864:20::135]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F35DDC151091 for <dmarc@ietf.org>; Thu, 4 Apr 2024 09:13:53 -0700 (PDT)
Received: by mail-lf1-x135.google.com with SMTP id 2adb3069b0e04-516c7671930so335668e87.1 for <dmarc@ietf.org>; Thu, 04 Apr 2024 09:13:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1712247231; x=1712852031; darn=ietf.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=EJb2c+J6MUbUQH+DVBalDOVZ470RxkAwmNyYoPnfTVA=; b=G0eqpTBeGlunKJc8NL6smvByKHqSYF8x3nJs9sqB3z4+EWa8baVdF/Q93/1J0S2MkP x+74iO/U5T4F5VX1x/Wgn2W3k3LdauhkcSctpRPCLG2Pqmd7VTwQVsCzBg1c39Bqfj5O CCWYBHjTl+HW0lB2yhmAuV/cJnm3DwaI8UaoR0vYjkLZO6Edu2zxT6AlVunmmAEUTqMg FaA5L9djlay7I0Yz1mNvcVnITGYyU0Af5QGXYCo7/RNKhfbnMbbg+dUgf+h5ecdjcwgF f3prTMJRwZ/lu1FYcu6DkOBFPnqcOUKvix2Vntb83nH51l4ZHFEianN2djFroYj8CfiY H9Gg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712247231; x=1712852031; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=EJb2c+J6MUbUQH+DVBalDOVZ470RxkAwmNyYoPnfTVA=; b=hhyG5xiP0ypZsOXkXHL1Y2gjg6d5bSSeQzHdUXHBUoHtaHgtCeln0mAdtMb65hKjy5 aZRi325dd0xH9cuQXp1RznqwvpzL117EZVsWBGhM6+xbwEAVgzoH6x6sqo7VFmmjbblV RC3MM71o3asZnas9hA1Qjx9QANli+x8pNc0VdPqHzipRTOi/aMzFlFoTVcVj6bQQdIeA YdjxxrKaTkUeF7buoKTot3DL2NEd2Mu/YEq/R8TSedl9pnFjkHLE1dMmqgqinjM0vpA3 KYyMnzuPyncDcodm0sTaRD/RZB79PF2Z4zzoDGiz6G+RLpEigIEEOr9bnPlo3O10y9K5 CPmA==
X-Gm-Message-State: AOJu0YyrlLW93TLjJ5WkeMQ02uxaqSWSP7Phb/DxBWnKYvcj1pqYAsVY uNhlgLe4kPG7NmpnGrNyY1X/+6DaUPT8y8KG7+mNjVGJZ5qm9kW6sN5ZkOiU86MUJyGU+6gVct/ j15wccCWDqHzFzA0fWVsh0U8WDi0sczaAD5IT+Q==
X-Google-Smtp-Source: AGHT+IEFWJRQzkE5411f3bM3srFTHwf8DDjLnNud71yJKVInMfBNXQF1r0hwt51Mn3YWqIEyYStBenCtQ1vbdMgY6m8=
X-Received: by 2002:ac2:465a:0:b0:515:920e:eecd with SMTP id s26-20020ac2465a000000b00515920eeecdmr2016717lfo.1.1712247230571; Thu, 04 Apr 2024 09:13:50 -0700 (PDT)
MIME-Version: 1.0
References: <CFEA2796-9213-4847-836B-81E8770973F5@bluepopcorn.net> <5208da1b-ecfb-4d41-8506-a734a27ab3a0@tana.it> <CAL0qLwbnSe77Wdt+M8bi2pBmZFCZjDUQc6je9bjCzP5TQ0N6XA@mail.gmail.com> <49859572-18a4-483b-bb99-62c1c231896e@tana.it> <CAL0qLwZc6idmMra11pVx2bbtk2Em9-vy6+962M7jDWOMnP+UHQ@mail.gmail.com> <1ee6df39-a622-4060-83db-bcc9a7a835d4@tana.it> <CAL0qLwYX_D7S_-Vn9RwwRzwyNO=8=3UVqbP8rz3SCWG4dvGZig@mail.gmail.com> <f5f55a39-127d-4a84-a66b-950379ecb013@tana.it> <CAL0qLwZzfnDA=7bwCu26S1SJPEE3hBq929674hH6naKXWuyh5g@mail.gmail.com> <ebf343ed-ee60-47b0-a02f-8518a8369bb0@tana.it>
In-Reply-To: <ebf343ed-ee60-47b0-a02f-8518a8369bb0@tana.it>
From: "Murray S. Kucherawy" <superuser@gmail.com>
Date: Thu, 04 Apr 2024 09:13:37 -0700
Message-ID: <CAL0qLwagtzjYYJmyyGpMeMTtKLtYyk_JjagkXGtscvN61kSDbw@mail.gmail.com>
To: dmarc@ietf.org
Content-Type: multipart/alternative; boundary="000000000000f22e5b0615479fa2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/U-xBZ_f96_66Ezr_x4lZdkPgUCM>
Subject: Re: [dmarc-ietf] Overall last-call comments on DMARC
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Apr 2024 16:13:57 -0000

On Thu, Apr 4, 2024 at 8:50 AM Alessandro Vesely <vesely@tana.it> wrote:

> > I know what "contract" means abstractly, but what does this actually
> look
> > like to someone that's looking for specific guidance?  The text you have
> > here, by itself, is vague and I don't think many operators will know
> what
> > to do with it.
>
> A file in each user's home directory listing allowed pairs of ARC's d=
> domain
> and the list-id identifier of a List-Id: field?


I'm a Gmail user.  What's a "home directory"?


> Whatever.  What do Google use
> to determine if an ARC seal is trusted?
>
> We don't have much concrete experience on how to set up a contract, though.
>

This is what I'm worried about.  We're in WGLC for the base document, so
this discussion is in that context.  But is WGLC really a good time and
place to be introducing abstract ideas about how this might or might not
work?  Aren't we looking to create something fairly complete and concrete
in a Proposed Standard?

>> Meanwhile, we can mention ARC, in Section 5.8  (minimal text proposed in
> >> another thread[*]).  How much can we expand that?  For example, can we
> >> whisper something about the need to trust specific sealers for specific
> >> streams?
> >
> > If you really need ARC to make all of this work and interoperate with
> > lists, then I think we need to start talking about how we want to move
> ARC
> > out of "Experimental" first so it can become a normative reference.
>
> Back to timing here.  DMARCbis I-Ds seem to be mature enough to go out,
> even if
> there are not yet a practical solutions to the ML problem.  Further
> delaying
> them until we find one is inadvisable.
>

Then why are we tossing about all these ideas during WGLC, muddying the
waters?


> Yes, we need ARC, but we also need a method to convey agreements based on
> it.
> We couldn't spell out a solution even if ARC were standard track already.
>

> We can just hint at it.  Parts of the Doug's text sound good for that.
> Here's
> a variation on it, mixed with the 2nd paragraph of Section 5.8:
>
> [...]
>

So if I can summarize, I believe you're saying:

Here's a Proposed Standard.  In some common deployment scenarios, we know
that it has some undesirable side effects.  There isn't any concrete way to
fix that as part of the PS.  You could do some X, which is this new-ish
experimental thing, or you could do some Y, or maybe both, and Z might
help, "whatever", but only one of those is well-defined, and none of them
are part of this PS nor are they published yet, and there's a non-zero
chance that we'll run out of energy and not actually do so.

Is that what you want to send to the IESG?

-MSK

v2.23.0 | Report a Bug | By Email