Re: [dmarc-ietf] Consensus Sought - Ticket #47 (Removal of "pct" tag) - With Interim Notes

Alessandro Vesely <vesely@tana.it> Fri, 28 May 2021 17:20 UTC

Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42E123A2F07 for <dmarc@ietfa.amsl.com>; Fri, 28 May 2021 10:20:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.799
X-Spam-Level:
X-Spam-Status: No, score=-2.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1152-bit key) header.d=tana.it
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JdUkXwxBvqKX for <dmarc@ietfa.amsl.com>; Fri, 28 May 2021 10:20:08 -0700 (PDT)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2A4BF3A2F06 for <dmarc@ietf.org>; Fri, 28 May 2021 10:20:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1622222404; bh=nhBwnySlofZUbof3QBsy6ofReg1DVZENO7AZHjvF9E8=; l=2025; h=To:References:From:Date:In-Reply-To; b=BLMWT8ymzSyExBv9By+Qk1uK1TIIS60J5KnP0JysJHCAFKRxL8o0zBELl6YXE5uCQ fu7AEWpdRHol+iPabCKZFXBxU2yZ+n+cCDnd6MFxGytsmbAdWdl2xMqTed2MKVOqHD ZV/S8/6zdtkZpO10QvPO4EPn3sSeTl7yPyXuOlqi35LXVXwG0REIiQ1KoIk+X
Authentication-Results: tana.it; auth=pass (details omitted)
Original-From: Alessandro Vesely <vesely@tana.it>
Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3, 128bits, ECDHE_RSA_AES_128_GCM_SHA256) by wmail.tana.it with ESMTPSA id 00000000005DC053.0000000060B12644.00002B8F; Fri, 28 May 2021 19:20:04 +0200
To: dmarc@ietf.org
References: <CAHej_8muJPMFY7LXmz9RnCTHP5emwn=bspDtP8_KZNza1oAc6A@mail.gmail.com>
From: Alessandro Vesely <vesely@tana.it>
Message-ID: <196e1a7d-95f0-9d44-d4c8-8889e508f62c@tana.it>
Date: Fri, 28 May 2021 19:20:02 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.9.0
MIME-Version: 1.0
In-Reply-To: <CAHej_8muJPMFY7LXmz9RnCTHP5emwn=bspDtP8_KZNza1oAc6A@mail.gmail.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/Ua3jwzHIHlU4gwre3tzGJafNBMI>
Subject: Re: [dmarc-ietf] Consensus Sought - Ticket #47 (Removal of "pct" tag) - With Interim Notes
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 May 2021 17:20:13 -0000

On Fri 28/May/2021 17:43:37 +0200 Todd Herr wrote:
> 
> Consensus on Ticket #47 <https://trac.ietf.org/trac/dmarc/ticket/47> (Removal 
> of "pct" tag) was reached during the May 27 DMARC Interim to keep the tag, but 
> to rewrite its definition in whole or in part to make its usage better understood.


I think the text in RFC 7489 is quite good.  Perhaps a word could be added for 
pct=0; for example:

OLD
    pct:  (plain-text integer between 0 and 100, inclusive; OPTIONAL;
       default is 100).  Percentage of messages from the Domain Owner's
       mail stream to which the DMARC policy is to be applied.  However,
       this MUST NOT be applied to the DMARC-generated reports, all of
       which must be sent and received unhindered.  The purpose of the
       "pct" tag is to allow Domain Owners to enact a slow rollout
       enforcement of the DMARC mechanism.  The prospect of "all or
       nothing" is recognized as preventing many organizations from
       experimenting with strong authentication-based mechanisms.  See
       Section 6.6.4 for details.  Note that random selection based on
       this percentage, such as the following pseudocode, is adequate:

        if (random mod 100) < pct then
          selected = true
        else
          selected = false

NEW
    pct:  (plain-text integer between 0 and 100, inclusive; OPTIONAL;
       default is 100).  Percentage of messages from the Domain Owner's
       mail stream to which the DMARC policy is to be applied.  However,
       this MUST NOT be applied to any other use, such as skipping DMARC
       reports or demeaning a domain's policy.  The purpose of the
       "pct" tag is to allow Domain Owners to enact a slow rollout
       enforcement of the DMARC mechanism.  Using this tag, organizations
       can experiment with strong authentication-based mechanisms while
       lowering or even voiding the risk of non-delivery.  See Section 6.6.4
       for details.  Note that random selection based on this percentage,
       such as the following pseudocode, is adequate:

        if (random mod 100) < pct then
          selected = true
        else
          selected = false

jm2c
Ale
--