Re: [dmarc-ietf] Extensions in Aggregate Reporting - Feedback Requested

"Brotman, Alex" <Alex_Brotman@comcast.com> Mon, 14 June 2021 12:42 UTC

Return-Path: <Alex_Brotman@comcast.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF2773A2303; Mon, 14 Jun 2021 05:42:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pEXR_KjmMRXb; Mon, 14 Jun 2021 05:42:12 -0700 (PDT)
Received: from mx0b-00143702.pphosted.com (mx0b-00143702.pphosted.com [148.163.141.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC4FD3A2301; Mon, 14 Jun 2021 05:42:09 -0700 (PDT)
Received: from pps.filterd (m0184890.ppops.net [127.0.0.1]) by mx0b-00143702.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 15ECfLkn016284; Mon, 14 Jun 2021 08:42:08 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=20190412; bh=m6tEp6A1Iqi1GDU8XYlCQW7cJGtMQg+PeTEW+qKBlUo=; b=Acj1UhVlJ2HIZoyMkQlvhhUs/WqM3R2rTsb05lDXkuRMfabQVcMR4N5abvvq+wZsW+Zx lddss2hYasNxQi6MAk6hRw+KaE+08iZ/U0nu+qbLH7u26e66aUBGdSFsDkAXccbamltP tD8tmjitEc4lsevG29W33tbGz2G0tG1XAWCpK4+3T1k/RrvENi0F14ri50CuLGYhx5sb zFAlRMmjho6JEtKpBw9I0b6d6eafLg+FIOsVo0Peojvir8tJC+eDlkgTsQreqNMzkYzz eZ7itJTueOfxU0SYr+ZpHdUZ/eHJisjXI75ozCcD8vcjx3YBh9Qq4YQDEoKiz4fxHG/Z nA==
Received: from copdcexc35.cable.comcast.com (dlppfpt-po-1p.slb.comcast.com [96.99.226.137]) by mx0b-00143702.pphosted.com with ESMTP id 396601rgpm-20 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 14 Jun 2021 08:42:08 -0400
Received: from copdcexc33.cable.comcast.com (147.191.125.132) by COPDCEXC35.cable.comcast.com (147.191.125.134) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2242.10; Mon, 14 Jun 2021 06:42:02 -0600
Received: from COPDCEXEDGE01.cable.comcast.com (96.114.158.213) by copdcexc33.cable.comcast.com (147.191.125.132) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2242.10 via Frontend Transport; Mon, 14 Jun 2021 06:42:02 -0600
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (104.47.58.106) by webmail.comcast.com (96.114.158.213) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Mon, 14 Jun 2021 06:41:51 -0600
Received: from MN2PR11MB4351.namprd11.prod.outlook.com (2603:10b6:208:193::31) by MN2PR11MB4599.namprd11.prod.outlook.com (2603:10b6:208:26d::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4219.20; Mon, 14 Jun 2021 12:41:44 +0000
Received: from MN2PR11MB4351.namprd11.prod.outlook.com ([fe80::cddd:25b1:344d:8818]) by MN2PR11MB4351.namprd11.prod.outlook.com ([fe80::cddd:25b1:344d:8818%5]) with mapi id 15.20.4219.025; Mon, 14 Jun 2021 12:41:44 +0000
From: "Brotman, Alex" <Alex_Brotman@comcast.com>
To: =?utf-8?B?TWF0dGjDpHVzIFdhbmRlcg==?= <mail=40wander.science@dmarc.ietf.org>, "dmarc@ietf.org" <dmarc@ietf.org>
Thread-Topic: [dmarc-ietf] Extensions in Aggregate Reporting - Feedback Requested
Thread-Index: AddYdpfWt/LpopsnRqmW8ZVx8+CfOwArR8sAADeC8QABxdTBMA==
Date: Mon, 14 Jun 2021 12:41:44 +0000
Message-ID: <MN2PR11MB4351B731B053D51E093BBE51F7319@MN2PR11MB4351.namprd11.prod.outlook.com>
References: <MN2PR11MB4351A6C5A477DB006CB6DD72F73C9@MN2PR11MB4351.namprd11.prod.outlook.com> <f04b1dfa-2707-a67e-4df8-bf82d637f4f8@tana.it> <e213afa6-c777-d0a6-48ac-43965ff264cd@wander.science>
In-Reply-To: <e213afa6-c777-d0a6-48ac-43965ff264cd@wander.science>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dmarc.ietf.org; dkim=none (message not signed) header.d=none; dmarc.ietf.org; dmarc=none action=none header.from=comcast.com;
x-originating-ip: [2601:43:103:e60:9e7:3126:fd:f039]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 902068c6-dcc1-4feb-ad37-08d92f31c461
x-ms-traffictypediagnostic: MN2PR11MB4599:
x-microsoft-antispam-prvs: <MN2PR11MB4599BB729EA8F1C5110BCEB0F7319@MN2PR11MB4599.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: D6qw9Obu+yyC+427po7nI7lncuZAdUr2IT+gxQoTZ4eiMigcxX+tXElQ8qY7X/sQWQBAKNCUh09RPKqjvl3LF44DukQYmP4LZV1QLGMQ9CYnqGR7sBwUJnRneXkuYDPP5314Z2sgw3MXJe+EJ6imIQRYclBuTNERi4jUONg2aLCnCtQ07ccDRxpNQfezoN4bd8HFggnS6tfGdAMdBYI7NhQL7eFSMKTCF32kGKSi2hJH8FR/hiVAyZOQUel/wqoIp1JWuBDqdHbkGZ2TvrsqwtQQA+dXqMaI3vFwbo9OjbdwIGbWpKofnuR6DyrzzMpmWXuV99qyXBpfx3iKfnE0giqhhMnfC+/QcpABTuUTdjWBvasT/IgGx/mnkAKlO8YB5UyJo84bqbGjqSQIQi4sUUXdgltkuFHMgosvo3Ph4gpSG+l2CtcoIhSz+UzPsMyIObqEaqSXWlVY3NdA/j/HK+r6JMwOW+QVVtlAsMdI8NHeaQbFj0dH4TyOMt0uQiOEZ1A9lPdPRLK3wSMCtieIspQWUD5v7NtNmUbt3mwGyDg7gFc0cmxX/c9FZcX1quLyuyGwrKurcjlvy6YNoBvwx7tNFrBv2QLFuCrZl1ejHeXf/Y8BivPQFHn4J7QajLdlgdzzS0TdJlHXJX2w3C35W6mmqBXXA3bTEwyHK0GJhBMs/JmseaNjpX+T+sc1XFWdwPutHlb5pFhHDpr3FIGv/w==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR11MB4351.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(39860400002)(366004)(376002)(346002)(136003)(396003)(8936002)(2906002)(83380400001)(52536014)(33656002)(66446008)(66946007)(64756008)(66556008)(66476007)(55016002)(9686003)(86362001)(8676002)(110136005)(186003)(478600001)(76116006)(6506007)(53546011)(122000001)(38100700002)(5660300002)(7696005)(316002)(71200400001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?utf-8?B?VUVGTHlUamlSTTZMaFl2R01zQVQ2QVp5OSt6TlFEc041dW15bmYvdW5GU1h2?= =?utf-8?B?Z3FBVVI2NjFPSUtVbXNRVUdxU0NHSTAyZFhNZGJvbm5KRzBiTkRhSkdFTVJI?= =?utf-8?B?TzE4RXliODJTUHdITjR3M2ZTWW1JdmRjOFR3dWhpdVBWaWVrTFZWNmdmc2ZB?= =?utf-8?B?NzlvSTFGcE54bDAxQ3J6SnNuUlR5cWVFSUJCK205QU5idkhTQWRvMTFTalJt?= =?utf-8?B?bWFxQTZQbEcvWis3M3pNRzRVRitNZ2tXNGtRWld4MDYwTGwrOFkrYllsbXFo?= =?utf-8?B?b0UwSkdaTVBqWmM0RW05YTJ3ckN4NHpyZm1XcHB1OUcrUnM3dSsrR3J2TWJD?= =?utf-8?B?a3NnYkRiVk4rV3k4bWlkRVRnc0hwS2pmeWVPbWphNERMQTJVeHRwcnRUTVpO?= =?utf-8?B?UkJuT1d6Rk5oWE5wbE11V29nYllVekthVUl6SWZ2aW00TEwzZFF5TmcwaC9j?= =?utf-8?B?OVV0OXQxSVNpUjhYYnpaRnZodjFNQ0VGam5zT0MxYkZoZ08rN283bkE5K3Fa?= =?utf-8?B?TUxrMmxPbTVWalJjZzNpY2NBTzJwb1l2Qm9MZnd5S1cxUXZGYjUvWElHQStj?= =?utf-8?B?dDlKcWVackcwTW90NWEvZ3o3YThuMU1yZXZESnB2MS80V1cwR0pGRG0wWitz?= =?utf-8?B?TnRueStuL0YzMlVBVWhMVGVQQlh2Qk41ZkplSlc2SnpGMzUrK2FNWVVjSVZG?= =?utf-8?B?cDZmQXdTc1RmQi9TaDVNc21jZGR4aTFLOVpsRnRKWVJOT1hJUWdIV1h5dGh6?= =?utf-8?B?ZU0rUW42RHY3SHd3VWVFRXRFMm9wNGNRZCs2UkdSS2J0OGZmYTVKeURhTjVj?= =?utf-8?B?V2JRc1A3bGhxZ0tEMnNEWXVGZVJqZmxESWpNaURmNTFkV1ExQ2kxN2k4alIv?= =?utf-8?B?a2ZNZ2dnd2xZWjFtOENlSUV5cE1mSkhkUkNONGxVQ0d1Mll0bGl1ZkoxTUxp?= =?utf-8?B?RStXTHU5eForamlyeThEN1NuVC9QRHhlK2dDbS9jeTlRRHRQNmpEQUlBYmMv?= =?utf-8?B?NUxuSWg0NWFCeFJOc3VjOXc0T3FsTmlkZlBRRHFSRUN4V2RvRmJaRFIxN0Zj?= =?utf-8?B?VDVvRkpMZlNobkhqS2dUWE12MGt4NVNxVUhDOEpSS21ackRNMzBNZ00yNzZl?= =?utf-8?B?bDVGZEFnUG1EZVBZRGpJVUw3cm9IRWVnMVZOMVJiVWlsdXpiR2FZQnZKTWQy?= =?utf-8?B?MGdhaXdNQUY4U2xoSEYybHJKRWNRQ3JIbWp6QVJLbDBxakFMUGRxazI2V3Nl?= =?utf-8?B?S2NkUzFaSGJVMVZ0OXR0RXdoMzZDajJDTVpxUW5uWUhab3M3YW5kR0FRRndB?= =?utf-8?B?ay9wV3VXaU1WZTh5TytKY1g0Z2ZBU2JVYitKeW5BY3dFVndqQ0dwOHdvVjF3?= =?utf-8?B?VU9KZE9GS0RqWS94TmVkeVZrVnFkU3FaVW5QZk9aQTRyUm1ja3pBdm5XckNk?= =?utf-8?B?QThlS0VLMzVWcU9DblVPSk1OU1lHbnJYME9Oa0pKZnhwOVBEOUhidHlZcmxo?= =?utf-8?B?YjEvQ2o2RkZOclYvQy9NMVg2Y2tGWmUrdTZKY3JpTUFjRDZkZXpjNVpvUVpE?= =?utf-8?B?bml0SysxaVRYcVZJMzduUEdlRTJjUFRycmlYSi9qbjJ4bGs4VXpHWndGRzBG?= =?utf-8?B?bGxSaTd4d0pGdkJBMUFzYkZIOU83cXhKRm10UmFIZHErMFpIRElFWFZmbTY4?= =?utf-8?B?Y1kyWGMzeFhpcXVUZWNVclQ5MmZpZGlQL29OWUtWYjJDdFZMU0g2amQyK2Q2?= =?utf-8?B?UVU0SGVETmk3Z2VZOS9JVHovdU5SdmZ5NXJBUUFzNmVqc2MxemRUNTFXdGRH?= =?utf-8?Q?fk71s5SAuwbkeqHpvNZaMrzfR/BXEXFmsaLSc=3D?=
x-ms-exchange-transport-forked: True
arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PgqYlvZPSCWaTIWpAnH5X8tH1V8OHQyGY6RMn8bRHIx1Ox9JYx2CyOtUczAVQShfMhkDWcmWwZ61fEj+IlEvEbuSyV7fd3Q8ywD63jj6qP6AOc544qn+Dnvgbqw/vXrB7UnE8v59nyzaSUasekARgdToWugotJVp099rS8WqA3Fj6ckeHtRvR7k1Ulb21DImGQz8ZF+ANJ/MDVSvM9a065XvKQ4DE1uA1BComB11fKNu57siAYlVANCM4QpVlx9mGMLYL9lAz1UN5rlDgtsTXP9I4BB/wIFBduxXbhWyw+kCpuURBZnfwdKjjQbmvPjsTRzlbST2yJvUlksSruw1vg==
arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zbQPOEpAq2/FSYlDUCCy5D3G3P2XseeYswuuGVkGeqM=; b=A8qK6riQWi/ug6NZcdu+/zPxU1oxBBOjhq4fhjwIXpWx2047soKnbHNbuLslebV+Z7vSOrzGYh7gxurvBdzfSehOQ2/bms+WTgIQb3hk0LkcCk+rHTIyt7z+Wf9VZ9Z9YfiEu/4K8wF2dN7tM/qkt+kZt//UbFiQ0ddNEvOkBQCi4eq8Hn2Kpia1I8IXPVmxFJDSbD/yZlsVW2ZZH57cvktayseYZXEsLBsNqsN/jLCneS4dobeFTTnf2YBs7OZxf+VhJhe3wrm17sAWJgnnJ5ddoR7TSClhQV6Y2xhLc11hE+3PFNxcJVRIi6R3AcDMRv8unrwcGSYhscxp8OJagQ==
arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=comcast.com; dmarc=pass action=none header.from=comcast.com; dkim=pass header.d=comcast.com; arc=none
x-ms-exchange-crosstenant-authas: Internal
x-ms-exchange-crosstenant-authsource: MN2PR11MB4351.namprd11.prod.outlook.com
x-ms-exchange-crosstenant-network-message-id: 902068c6-dcc1-4feb-ad37-08d92f31c461
x-ms-exchange-crosstenant-originalarrivaltime: 14 Jun 2021 12:41:44.2675 (UTC)
x-ms-exchange-crosstenant-fromentityheader: Hosted
x-ms-exchange-crosstenant-id: 906aefe9-76a7-4f65-b82d-5ec20775d5aa
x-ms-exchange-crosstenant-mailboxtype: HOSTED
x-ms-exchange-crosstenant-userprincipalname: Nz2O2KWzBkLemOQQIP0J8+daf+uassnapwIXXG6WXRXUCO2xsrdJpsBwCm6lZqb9bXMzaTGxpIG0gYz/X/Ne8rwIsPLBEQzaLox7G26Bd24=
x-ms-exchange-transport-crosstenantheadersstamped: MN2PR11MB4599
x-originatororg: comcast.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Forward AAETWT
X-Proofpoint-ORIG-GUID: xmjHGHKYLHIc0u1mtc0L6LCFnpEObh9M
X-Proofpoint-GUID: xmjHGHKYLHIc0u1mtc0L6LCFnpEObh9M
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.761 definitions=2021-06-14_07:2021-06-14, 2021-06-14 signatures=0
X-Proofpoint-Spam-Reason: safe
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/YpfLUI1ABKpd7h7vcImM13fAshw>
Subject: Re: [dmarc-ietf] Extensions in Aggregate Reporting - Feedback Requested
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Jun 2021 12:42:18 -0000

To summarize,

We'd like to see extensions available both below the "feedback" and "record" elements.  The -02 draft only has it below the "feedback" element.  I agree that all elements, each time they are utilized, should mention a reference as to how they are to be utilized.

We'd also like to have extensions go through an IETF process, however, we also understand that we cannot exclude third parties from defining/deploying their own extensions.  I suppose we could tell report receivers they "MUST" ignore any extensions which are not IETF-approved, though that seems a bit heavy-handed.

So, a sample report may look something like:

   <feedback>
     <version>2.0</version>
     <report_metadata>
       <version>2</version>
       <org_name>Sample Reporter</org_name>
       <email>report_sender@example-reporter.com</email>
       <extra_contact_info>...</export_contact_info>
       <report_id>3v98abbp8ya9n3va8yr8oa3ya</report_id>
       <date_range>
         <begin>161212415</begin>
         <end>161221511</end>
       </date_range>
     </report_metadata>
     <policy_published>
       <domain>example.com</domain>
       <p>quarantine</p>
       <sp>none</sp>
       <pct>100</pct>
     </policy_published>
     <record>
       <row>
         <source_ip>192.168.4.4</source_ip>
         <count>123</count>
         <policy_evaluated>
           <disposition>quarantine</disposition>
           <dkim>pass</dkim>
           <spf>fail</spf>
         </policy_evaluated>
       </row>
       <identifiers>
         <header_from>example.com</header_from>
       </identifiers>
       <auth_results>
         <dkim>
           <domain>example.com</domain>
           <result>pass</result>
           <selector>abc123</selector>
         </dkim>
         <spf>
           <domain>example.com>
           <result>fail</result>
         </spf>
       </auth_results>
        <extensions>
          <extension_name definition="url">
             .........
          </extension_name>
       </extensions>
     </record>
    <extensions>
       <extension_name definition="url">
        ....
       </extension_name>
    </extensions>
   </feedback>

The goal being to allow extensions to live either at the reported-IP level, or at the domain level.

Does this seem reasonable?

--
Alex Brotman
Sr. Engineer, Anti-Abuse & Messaging Policy
Comcast

> -----Original Message-----
> From: dmarc <dmarc-bounces@ietf.org> On Behalf Of Matthäus Wander
> Sent: Saturday, June 5, 2021 7:56 AM
> To: dmarc@ietf.org
> Subject: Re: [dmarc-ietf] Extensions in Aggregate Reporting - Feedback
> Requested
>
> Alessandro Vesely wrote on 2021-06-04 11:26:
> > Second, I'm not sure we need an <extensions> container.
> > I'd go for an example like, say, so:
> >
> > [...]
> >     <extension_metadata name="bimi"
> > xmlns="http://ietf.org/xml-namesapaces/bimi-xml?/1.0">
>  > [...]
> >        <extension name="bimi"
> > xmlns="http://ietf.org/xml-namesapaces/bimi-xml??/1.0">
>
> If we use an attribute for the extension name, then we don't the container
> section.
> As the current schema does not use attributes at all, I'm more inclined to define
> the extension name in a different way for consistent non-use of attributes. But
> that's a minor detail.
>
> >> 1) Extensions in their own section (as it is now) or within each
> >> <row> element
> >
> >
> > Both, and both optional.  An extension can have some data to add in
> > some <record>, but not necessarily in all of them.
>
> +1
>
> Regards,
> Matt