IETF Logo Mail Archive

Re: [dmarc-ietf] Overall last-call comments on DMARC

"Murray S. Kucherawy" <superuser@gmail.com> Tue, 02 April 2024 13:35 UTC

Return-Path: <superuser@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E80BC14F699 for <dmarc@ietfa.amsl.com>; Tue, 2 Apr 2024 06:35:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CshcpwnCPASp for <dmarc@ietfa.amsl.com>; Tue, 2 Apr 2024 06:35:26 -0700 (PDT)
Received: from mail-lf1-x12b.google.com (mail-lf1-x12b.google.com [IPv6:2a00:1450:4864:20::12b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B34ABC14F6BB for <dmarc@ietf.org>; Tue, 2 Apr 2024 06:35:21 -0700 (PDT)
Received: by mail-lf1-x12b.google.com with SMTP id 2adb3069b0e04-513d492c3cdso1554493e87.0 for <dmarc@ietf.org>; Tue, 02 Apr 2024 06:35:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1712064919; x=1712669719; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=ZyLO9EqZQ/2jra6ykjna6k+EjFzwajdxupAL65RRfHI=; b=VpQ7foSL7mrcw2TwNw7yUL1I3/uofSWWy532ED1uw0nMdHUH8XJdgu2CwBZwTJFWvg 74o8ti4uwsnUM+dFd9f5hivjRN7PF+nKi1K7MbJ/7b7oKaYlCYILl2eiIaMdrWiYjaPj SEXDokGTlFzt7YbTOSSz8dg+X4uLzl1Z0fnCWNIBj+c6L5DrYr5SoNzpB7KtHUE1s7bz DcWnJCQugXLAOY+00zeWI9nGI6PrrPWqhV9l3rlYbIKbzp4rsHg+DbsK2xoaWs/kc8TB yf3EroOq4TIY3GLe6lbqaXriNy0+wSYXhD9IQ414jXsM7zYUiYHVyG7dH01JBphh16ZL kU6w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712064919; x=1712669719; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ZyLO9EqZQ/2jra6ykjna6k+EjFzwajdxupAL65RRfHI=; b=utqQ1p/+6xhrqCoiQo+2YspqgpvY9wwHL0YaqYWtJibNll3pcfUFHb/voWLex6ubvo ZWSEDpEquCq8YlX3FH/NZLnO6qlb8DEZ/CvoB/XwIea7+FpGKiTnS9flwJByr5U7IDW0 lwuFkuSNVv0C59/sPAqswwAyVTEIoZPNTpSBFPnmxnTkVHdOaTxEre5+pTeKqIUn2JQt kZOPHMcaDWHGAomlZuU3PVG/4xQB11yd8fCWR7u9WIagOQmLEKlJvFREWjM/c07Y6oGx nEtDQbccctLOz7e4IW3a1W4Pw2cNEiD/jZ1u2CdYuNae1ICFtsCXqAfbP3+YJ9dTDuJT 5jhQ==
X-Gm-Message-State: AOJu0YxfhD7Sunx9r70D2h1HNab1lFzJWkUqa20jj9axwWB9RD53U6ta jgUb55BXLCRCHxmMzxvUARIKBlebvLZOhCJmyne+yp3wX33BUaz5/a6MRrRyyLblu3N9klBU52C 3Tq0wOK/Wem63aNDMG3DaCSX8LXQHmW4p
X-Google-Smtp-Source: AGHT+IFQR726L0ovGpjt1oINCiIs30O/5xV59tv4UmflrzvEPaJNhu4c2bQ8/roraaZnsc3VVHm27kV3v57o8RQEt+k=
X-Received: by 2002:a05:6512:530:b0:515:fc44:b40f with SMTP id o16-20020a056512053000b00515fc44b40fmr6537420lfc.0.1712064919065; Tue, 02 Apr 2024 06:35:19 -0700 (PDT)
MIME-Version: 1.0
References: <CFEA2796-9213-4847-836B-81E8770973F5@bluepopcorn.net> <5208da1b-ecfb-4d41-8506-a734a27ab3a0@tana.it> <CAL0qLwbnSe77Wdt+M8bi2pBmZFCZjDUQc6je9bjCzP5TQ0N6XA@mail.gmail.com> <49859572-18a4-483b-bb99-62c1c231896e@tana.it>
In-Reply-To: <49859572-18a4-483b-bb99-62c1c231896e@tana.it>
From: "Murray S. Kucherawy" <superuser@gmail.com>
Date: Tue, 02 Apr 2024 06:35:05 -0700
Message-ID: <CAL0qLwZc6idmMra11pVx2bbtk2Em9-vy6+962M7jDWOMnP+UHQ@mail.gmail.com>
To: Alessandro Vesely <vesely@tana.it>
Cc: dmarc@ietf.org
Content-Type: multipart/alternative; boundary="00000000000055618a06151d2d2a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/XIyeCMiXLkYM36LQg5JPKMN13gs>
Subject: Re: [dmarc-ietf] Overall last-call comments on DMARC
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Apr 2024 13:35:27 -0000

On Tue, Apr 2, 2024 at 3:01 AM Alessandro Vesely <vesely@tana.it> wrote:

> >> By now, most mailing lists arranged to either rewrite From: or not
> break
> >> DKIM signatures.  We all hope those hacks are temporary. >
> >
> > What do you mean by "temporary", given the time scales that have already
> > passed since RFC 7489 saw wide deployment?  Do you envision those
> > techniques ending sometime soon?
>
> Yeah, the time scale is killing us.  Is ten years soon enough?
>

You tell me.  You say you're hoping they're temporary, yet they've been
around a long time and I'm not sure that there's an alternative on the
table.  I'm asking you to explain.


> > If "most" mailing lists have arranged rewrites or non-mutation, and this
> > appears to be working, are there specific techniques we should
> standardize
> > here?
>
> I believe it's possible to leverage ARC so as to overcome those mailing
> lists
> hacks, for an expanding set of domains.  It is not difficult to modify ML
> software in order to rewrite and/or mutate on a per-user basis.  One can
> obtain
> the same effect with existing software if it provides for twin lists or
> similar
> means to split users into two categories.
>

This isn't consistent with your previous comment, which claimed that "most"
lists are already doing this.  Your language here is more like a proposal.
I'm having a hard time following.

What is it that you believe we should be telling industry to do?

> Are you suggesting we need some standard way to calculate and/or share a
> > sealer's reputation for any of this to work?
>
> Sealer's reputation is the same as domain reputation.  Good to have it,
> whenever it comes.
>

I interpreted your earlier remark to be a claim that this stuff won't work
absent such data.


> For ARC, I'd rather consider per-forwarder contracts.  Forwarding (of
> which MLs
> are a case) doesn't happen out of the blue.  It has to be set up.
> Involving
> the target receiver in the setup may make it trust the sender's seals,
> when
> they belong to the stream thus set up and identified.
>

So, a "contract" between each mailing list and each subscriber?  What would
that mean?

-MSK, p11g

v2.23.0 | Report a Bug | By Email