[dmarc-ietf] nits in draft-ietf-dmarc-aggregate-reporting-02

Martin Kealey <martin@kurahaupo.gen.nz> Fri, 07 May 2021 05:24 UTC

Return-Path: <martin@kurahaupo.gen.nz>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 8EE0A3A19A7 for <dmarc@ietfa.amsl.com>; Thu, 6 May 2021 22:24:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id cwVQE01mh4eV for <dmarc@ietfa.amsl.com>; Thu, 6 May 2021 22:24:23 -0700 (PDT)
Received: from gromit.sig.net.nz (smtp-out.sig.net.nz []) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B0C03A19A3 for <dmarc@ietf.org>; Thu, 6 May 2021 22:24:21 -0700 (PDT)
Received: from mail-ot1-f41.google.com ([]) by gromit.sig.net.nz ([]:25) with esmtpa (Exim 4.72 #1) id 1lesyB-0003BJ-2s for dmarc@ietf.org; Fri, 07 May 2021 17:24:11 +1200
Received: by mail-ot1-f41.google.com with SMTP id c28-20020a9d615c0000b02902dde7c8833eso2023505otk.7 for <dmarc@ietf.org>; Thu, 06 May 2021 22:24:10 -0700 (PDT)
X-Gm-Message-State: AOAM531er4C4uyjGG0htjRC3gQqfDvr6HOxNBhtrsbzyK5FMa7KjcH2W vid1GbS5p49hAWQaVKFYi4hA5TWtmm3gglWHMu0=
X-Google-Smtp-Source: ABdhPJxuBn3pUPUuguzhElILAapGt1UXvpx/jnPpO3EZcarVP2c4jK5fYNQdngEPxVfTG3Gdyxjxn2ZDuo3vLe7if8M=
X-Received: by 2002:a9d:6016:: with SMTP id h22mr6558574otj.158.1620365042534; Thu, 06 May 2021 22:24:02 -0700 (PDT)
MIME-Version: 1.0
From: Martin Kealey <martin@kurahaupo.gen.nz>
Date: Fri, 7 May 2021 15:23:43 +1000
X-Gmail-Original-Message-ID: <CAN_U6MUNfaaUPQ=u3NTkoSFSuMMxZ_2wKeUkid_vVu0sYZ+3LQ@mail.gmail.com>
Message-ID: <CAN_U6MUNfaaUPQ=u3NTkoSFSuMMxZ_2wKeUkid_vVu0sYZ+3LQ@mail.gmail.com>
To: dmarc@ietf.org
Content-Type: multipart/alternative; boundary="000000000000c44d7905c1b6a2b0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/WarQERhbF0y3PiHiFs8hjpRh5Hs>
X-Mailman-Approved-At: Fri, 07 May 2021 03:38:36 -0700
Subject: [dmarc-ietf] nits in draft-ietf-dmarc-aggregate-reporting-02
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 May 2021 05:45:00 -0000

I'm not quite sure how I'm supposed to submit nitpickery like this, so if
there's a better forum please let me know.

1. Filename & content-type

Section 2.6.1 among other things says that the name for the mime-part
containing the report MUST end with ".xml" or ".xml.gz", yet the example
given ends with neither of those (it ends with just ".gz").

The main use for this is as a unique report identifier; its use as a
filename is entirely secondary and only relevant to manual processing by a
human, so MUST seems quite excessive.

It seems like there are separate drivers for each part of the filename
suffix, and perhaps they should be two independent SHOULD requirements. If
we want to facilitate its use as a filename, perhaps we should just say
that the filename SHOULD be universally unique and MUST NOT contain "/" or
start with ".".

It seems strange to vary the content-type based solely on what amounts to a
transport optimization, namely gzip; this smells of working around
deficiencies in other standards. (From the perspective of an application
using email as a transport, it would seem to make more sense to allow
"content-transfer-encoding" to be a chain such as "base64+gzip", or
alternatively, for "content-type" to accept the addition of a "gzip/"
prefix, forming "gzip/text/xml". However I digress, as that's a discussion
for an entirely different standards track.)

According to rfc 7303 §9.2 <https://tools.ietf.org/html/rfc7303#section-9.2>,
the "text/xml" content-type is merely an alias for "application/xml". Other
standards such as related documents by w3c
go further in actively declaring it deprecated.

It seems to me that rfc7303 §4.2
<https://tools.ietf.org/html/rfc7303#section-4.2> and rfc6838 §4.2.5
<https://tools.ietf.org/html/rfc6838#section-4.2.5> taken together indicate
that registration of a content type such as *application/dmarc-feedback+xml*
would be appropriate.

2. Size limit

I'm concerned that specifying the maximum report size *after* compression
is possibly focussing on the wrong costs, and distorts the conceptual model:

   1. It implies that the *compressed* file is the relevant artefact being
   transported, which leads to the weirdness with filenames and content-types
   mentioned above.
   2. The size of the report is trivial compared with the size of the
   messages it's reporting on, both in terms of storage and bandwidth, and
   gzip decompression is very cheap, so compression makes negligible
   difference to those costs.
   3. The cost of processing the received report to incorporate it into the
   bulk reporting correlates more closely with its "uncompressed" size. In
   particular, the memory footprint of the receiver process is likely to be
   correlated with this limit, especially if its first step is to build an
   in-memory DOM from the XML. (I would be surprised if any real
   report-accepting system *didn't* work this way.)

3. Scheduling

Concern about processing load also brings me to section 2.4.2, which
essentially directs everyone to send their reports simultaneously. Since
the receiver needs to be able handle reports with any reporting period, it
seems likely that having most but not all reports arriving at the same time
would be the worst outcome, needing both (a) complex coding to cope with
asynchronous reporting, and (b) having to cope with high load spikes (or
suffer delays with the reports spooled for batch processing).

It also imposes a load spike on the report generators, to generate all
their reports at once (or spool and delay), but at least they can derive
some benefit from not having overlapping reporting periods.

In the scheme of things this isn't a huge load compared with the actual
processing of email, it seems like it would be preferable to allow the
receiver to specify their preference in this regard, at least to choose
between "UTC synchronized" and "randomized". Or for this document to
specify "randomized" as the default.