IETF Logo Mail Archive

Re: [dmarc-ietf] of course no DMARC result for DKIM testing and policy

"John R. Levine" <johnl@iecc.com> Fri, 22 March 2024 18:22 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0AA7EC14F5FF for <dmarc@ietfa.amsl.com>; Fri, 22 Mar 2024 11:22:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9udQTcumZ5E3 for <dmarc@ietfa.amsl.com>; Fri, 22 Mar 2024 11:22:29 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F2CDC14F726 for <dmarc@ietf.org>; Fri, 22 Mar 2024 11:22:14 -0700 (PDT)
Received: (qmail 47586 invoked from network); 22 Mar 2024 18:22:12 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=iecc.com; h=date:message-id:from:to:subject:in-reply-to:references:mime-version:content-type; s=b9e065fdcc54.k2403; bh=9XuJuBoBlm04QaKYw0te/hC35TcsxlUvHl73liqfz7Y=; b=N3V844gGyQbgD+IkQr897Fjs8rtP2YNrVCF2AaAT+dq58lxDBZEEls5X0g2qyIzpbs1S+PMT3Hn9Dk9si5f2cI/N8nsbPsd7MTBgSdiH1KvsH/P8XCBsO5tErdovFkVQJwdIUTb9GQaJuuGwlRJJhI386C36hCOXprzxNx8h9y0wpgT/ygM7W4y1jR2RxnQ+DojwH3/eobEUHmruIR1NqveOhDuyyNnL8iczz8qNMxI/AESA0uE2w2WhV4Ta7lemWej+1sjDqgUXfyGEXUVmMGRAR5OeZyyMwFECvGeAk1nwLAVqVR0pWyufhRe0bBBkR2JgXL4bWR34whAR33cdoA==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.3 ECDHE-RSA CHACHA20-POLY1305 AEAD) via TCP6; 22 Mar 2024 18:22:11 -0000
Received: by ary.qy (Postfix, from userid 501) id 3BEBC85EE28D; Fri, 22 Mar 2024 14:22:10 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by ary.qy (Postfix) with ESMTP id EE0C785EE26F; Fri, 22 Mar 2024 14:22:10 -0400 (EDT)
Date: Fri, 22 Mar 2024 14:22:10 -0400
Message-ID: <654c0002-945f-43ba-faea-4ca06bb9fae0@iecc.com>
From: "John R. Levine" <johnl@iecc.com>
To: Scott Kitterman <sklist@kitterman.com>, dmarc@ietf.org
X-X-Sender: johnl@ary.qy
In-Reply-To: <2A60D769-C3D2-4A55-9136-7E54AF8FD8CC@kitterman.com>
References: <27cf610e-8666-410c-b015-6c33478af9b4@tana.it> <CAL0qLwber-s8nNDEz_TAJijh0Py-ch9G4jb9gbguEQCc17xANA@mail.gmail.com> <497E0C77-354E-445A-9758-F6BC6058B980@kitterman.com> <cdec1c75-237f-41d8-bdbb-0b4477f6cebf@tekmarc.com> <utirpc$6e0$1@gal.iecc.com> <2A60D769-C3D2-4A55-9136-7E54AF8FD8CC@kitterman.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/UNMaQYRUMTdE1eJfJiG4W33obcE>
Subject: Re: [dmarc-ietf] of course no DMARC result for DKIM testing and policy
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Mar 2024 18:22:34 -0000

> While I generally agree, DMARC for the last decade didn't have a testing 
> flag.  That's new in DMARCbis, so I don't think that's really germane. 
> This particular thing is on us as a working group.

RFC 6376 makes it quite clear on page 28 that DKIM verifiers ignore 
signatures with a t=y flag, and treat them as though they're not there. 
What else is there to say?  If they're not there, the message isn't 
signed, at least not with that signature.

I really hope that nobody is proposing, oh, but DMARC is special so if 
your DMARC policy has a testing flag, you reach through into your DKIM 
verifier and pretend that test signatures count.  That would require an 
update to 6376 and updates to every DKIM library to have a way to say 
"ignore the test flag", and would require DMARC validators to find the 
policy record before they could do DKIM evaluation.

So once again, there is nothing to say here, so let's not say it.

Regards,
John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly

v2.23.0 | Report a Bug | By Email