IETF Logo Mail Archive

Re: [dmarc-ietf] Additional review of draft-ietf-dmarc-arc-protocol-16

Seth Blank <seth@sethblank.com> Fri, 03 August 2018 23:27 UTC

Return-Path: <seth@sethblank.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 017EC131123 for <dmarc@ietfa.amsl.com>; Fri, 3 Aug 2018 16:27:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sethblank-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0Ms9bRuVRTh3 for <dmarc@ietfa.amsl.com>; Fri, 3 Aug 2018 16:27:22 -0700 (PDT)
Received: from mail-oi0-x22f.google.com (mail-oi0-x22f.google.com [IPv6:2607:f8b0:4003:c06::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 03D65131120 for <dmarc@ietf.org>; Fri, 3 Aug 2018 16:27:22 -0700 (PDT)
Received: by mail-oi0-x22f.google.com with SMTP id v8-v6so12706474oie.5 for <dmarc@ietf.org>; Fri, 03 Aug 2018 16:27:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sethblank-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=kXzR6sMMGuc5XnJz9JE6VmRETlgDM7/Oqwr7opc7O+E=; b=Ed4Y9dpSBwZa0469L1sEjm++dT+2E4O7oZ8Qh1XW/67mM9IuUL84LjhbUjH36APy/f taG4sXDyNFlOevb1eQMEHu2I8lM9hDEH7zmv5aCjkt5G2dMlgoR9bY++xEzSUs50NElO yG8I6FSse6h9+Knmq6MJDe8h1LjjwHp9uCgO5N5FuI6m2403oh4t7i6o9aMF4Qx0k/Rh sfHniMjl9ErGDKu89d3W+o3ljEl7dA0pxYKpJdJc5NrVMnKuQBWYH253Hm2KWG4qolad IrTXhNh4szUrey6FE6Vf+UlQ6c8U2mNWX/XMYsZ0CforlRLzOeyCjZfSnbm18rtFgh3U zTow==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=kXzR6sMMGuc5XnJz9JE6VmRETlgDM7/Oqwr7opc7O+E=; b=qkd4BuPqW0X3B/qccuHeYuOuZjzLukH8lforve4b7Gz5xGGIlaNKZ7YrHJP9JZ46eu 6qrUWHqjJ9M6qkDS7HFoRVqji0qb11vSbs3B5GE2sLkbCNlLZQRxHGKutmJiienp50k1 KumPYY940pPpW4h17XPjswIh28P3oWvRufyqeUqfp6BZ5KTeXsJiph5v4HnxdDZZm67d I+B3Knn+bgDykB7TgkHb5xc9CbEITHjyhJS6qHobURMF00/8iIQbjPwJiA0wNDqTsURG YuCiMR7twEn/eVNob+wCTe0a0fmY1Gr5/tY83GacVInThMoRe1Fe1U59OWMvC5cZe3bq Y+8Q==
X-Gm-Message-State: AOUpUlE5cKfM+Oke84Aa69hJF2JSktmZdYQ1EYdIPizNVDP70XDXse5e tjGsgMFfw5IjuGJ6KTfd7ZVZbO5ACZhvQo4R1GbG+HIN
X-Google-Smtp-Source: AA+uWPxA7aO7WwUmopYKCGqk3VV6XJdRgZ4S77CWyvSQxIL93sYwu4F+mqa6qDjStGQAOiMBkroljJOt6PQscxVdS+8=
X-Received: by 2002:aca:d9c5:: with SMTP id q188-v6mr4922780oig.239.1533338840980; Fri, 03 Aug 2018 16:27:20 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a9d:2646:0:0:0:0:0 with HTTP; Fri, 3 Aug 2018 16:27:00 -0700 (PDT)
In-Reply-To: <333edf96-39b9-21c9-2c2c-bb95a90dcc8e@gmail.com>
References: <d88a7e3f-7c04-5270-653b-ae5882153828@gmail.com> <CABa8R6s6eXBAjuRDuNvnpsb=jGJYn36=vj0jhgZEyRNJVC-gjw@mail.gmail.com> <333edf96-39b9-21c9-2c2c-bb95a90dcc8e@gmail.com>
From: Seth Blank <seth@sethblank.com>
Date: Fri, 03 Aug 2018 16:27:00 -0700
Message-ID: <CAD2i3WP4tiocA3EVNGwWpTHUy9u_8mgP-sNDA4TJ6MRKoB8ssQ@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000efee1c0572904440"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/XBnlvNkeCDJurqFC_c_i2luS_sM>
Subject: Re: [dmarc-ietf] Additional review of draft-ietf-dmarc-arc-protocol-16
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Aug 2018 23:27:24 -0000

On Fri, Aug 3, 2018 at 11:04 AM, Dave Crocker <dcrocker@gmail.com> wrote:
>
> At a minimum, I suggest clear and relatively forceful language, making
> clear the privacy concerns.  (Privacy is new enough and, frankly, fuzzy
> enough as a technical topic, to warrant the redundancy I usually argue
> against...)
>

What would you suggest?

Might this be better in "Experimental Considerations" instead of a "Privacy
Considerations" section? (Or to your below comment, in both places?)


> Perhaps change the explanatory text to something like:
>
>    The address of the initiating SMTP server, from which the message is
> being relayed.


Will do.


> but that's a much smaller privacy concern that I think is out-weighed by
>> the utility of having it here.  Especially
>> considering that it's already in the Received and Received-SPF headers.
>>
>> Also, it is obviously optional, is SHOULD the wrong choice?
>>
>
> Yes.  The semantics of should is 'must do this, unless you are extremely
> careful and know exactly what you are doing'...
>
> So MAY is probably the right choice.


As a receiver of reports, this IP is crucial information, because otherwise
the message source is badly obfuscated by intermediary handling. This in
turn becomes deeply confusing to a domain owner trying to effectively *do
something* with the reports they receive. The feedback loop here is
critical, and is incomplete without the IP.

However, not every entity that ARC Seals has access to this information
(for instance, Mailman uses LMTP and has no direct access to the IP of the
incoming SMTP connection), which is why it is SHOULD. The intent is "must
do this, unless you don't have the ability to or have other good reason."

v2.23.0 | Report a Bug | By Email