Re: [dmarc-ietf] third party authorization, not, was non-mailing list
Dotzero <dotzero@gmail.com> Thu, 20 August 2020 23:55 UTC
Return-Path: <dotzero@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3FE153A14A9 for <dmarc@ietfa.amsl.com>; Thu, 20 Aug 2020 16:55:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id URrUNHnUsLIl for <dmarc@ietfa.amsl.com>; Thu, 20 Aug 2020 16:55:54 -0700 (PDT)
Received: from mail-qt1-x830.google.com (mail-qt1-x830.google.com [IPv6:2607:f8b0:4864:20::830]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9AB53A1458 for <dmarc@ietf.org>; Thu, 20 Aug 2020 16:55:54 -0700 (PDT)
Received: by mail-qt1-x830.google.com with SMTP id x12so146952qtp.1 for <dmarc@ietf.org>; Thu, 20 Aug 2020 16:55:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=j1VIhBc6loT+mSwyxbx5VEPdkYKbG4DbqclS2Ri71AE=; b=D3zuGF8wMImG7OGEQmHlmIZ+oVPjO9I5+WY5tJ0v2pXwfAU3qyNET+5E/RqH80LP4W Wy4P9tu27oJbxKJ2Z/mAcwjh2tOO2uy16P7WqnWt6WZKI3xTEvWycEXFIWc9QMYQe6H+ WJpDrQuiupldXQUUv0shqnrshY169qnDebxONMD2iBfl+zm7/jXqN7QeyawuaZW9xGAo C9aPG8X/Qe23Y+/pYrOxCi5qBaeVhY6wVNXmiZhnrhEDbVQRb5FC6pGrAIlvDPfzO0RZ 1W+JL2Lg5Em617/ZW++ZQdtAn41oql6nfBTHG9gVNHR2BXLKhRwkwGnqPWDlJTJ3M3Oe mXRA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=j1VIhBc6loT+mSwyxbx5VEPdkYKbG4DbqclS2Ri71AE=; b=dGOhS0oJ3BTorZRNp9spAPvN9aDBfKFKnaUqugzxRuyNSsInjQT9UT2rLHrA2cyrdA v/u5T7eMeytOE9BZrs8YeLSe1Y+tDSsjSvbpJEDulGJqAqWXfWdtefyufPZtmXAMJpQU jIv08D0Mn/C9+4P6/HhNCu8qsnEan8ERVUgTeeAUP71E5LUlxkR2FquzhDaHtqO16QA2 2ZnCR1SKhtOxgJ8rv9PT6eTNDCGEfy5n8+zQD3kXBYkkrIdqN3VSjC0XJWQ1BQ7AIvik q2q1skx3xKCxPuA5wPuKUnPa2RQTNa5svkebVCjf7DsjgAtim03/CXi9A320gWJWTVDu TP8w==
X-Gm-Message-State: AOAM530jMkv9ARw95brafY+NonyonvX1zOa9uKJRYKjfi8fCg6q2ITnf UZ9KjobUDMlzozcRvQ1QlHfn/G56y2sLhjn0IO3JzZ6A320=
X-Google-Smtp-Source: ABdhPJySsi6QX8Kxd85jYtgUsvtF/BE3j4bbK9qnGGPxPEjSA6f4Oi9uv9ej80+uKw7oRRU3MznYAFFqrNcfDu1u67k=
X-Received: by 2002:ac8:660f:: with SMTP id c15mr355855qtp.34.1597967753597; Thu, 20 Aug 2020 16:55:53 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a0c:fcd0:0:0:0:0:0 with HTTP; Thu, 20 Aug 2020 16:55:52 -0700 (PDT)
In-Reply-To: <1988db12-7a72-6176-01aa-45848ad5683c@wisc.edu>
References: <20200810172411.A13681E7CD8B@ary.local> <7e9326fc-ae27-d4bd-9f2b-9896da8320f1@dcrocker.net> <CAL0qLwacyBbJscEM_a4-nvugO0HBaSAdPqUPkfYYOOb++cOjQQ@mail.gmail.com> <5F396A77.3000109@isdg.net> <CAL0qLwYaqsU-U8yTcr5_cw0LmEomz8JbqUXuWNJ-bnkN6ceXyA@mail.gmail.com> <21110e7f-ea60-66d6-c2fb-65b716a049a9@tana.it> <CABuGu1qdZdXBSsAwCvk4244szskz6Pf9x83kRUGd8jHDafEMGQ@mail.gmail.com> <CAL0qLwYY8ZWq4k3wobOgSJSVnabsefPRiCtcVPrb_iF1JEUZag@mail.gmail.com> <5d4e48f86ca7479ab4889ddff57a2870@bayviewphysicians.com> <6c7c2ad9-8a7e-e44c-6b2f-559129f70a9d@tana.it> <CAL0qLwb-SG-dsNkiiGtYkUz_AwsZSd6f5cKFX07Kzme5iXoZJA@mail.gmail.com> <F37D57E3-C55B-41EB-B4BE-328E40F73E81@eudaemon.net> <CABa8R6sUoyaa8sMJVOCnUUuH=g--2PSNQ-eLhVuW5NorzcQvqA@mail.gmail.com> <1988db12-7a72-6176-01aa-45848ad5683c@wisc.edu>
From: Dotzero <dotzero@gmail.com>
Date: Thu, 20 Aug 2020 19:55:52 -0400
Message-ID: <CAJ4XoYfChW2hqTwGExgLbnLBwHjSp0DEfMo_j4ZzkcHY9d-KcA@mail.gmail.com>
To: Jesse Thompson <jesse.thompson=40wisc.edu@dmarc.ietf.org>
Cc: "dmarc@ietf.org" <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000050d7d705ad57dcaa"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/ZYkXBCBHi6yrR8b5lCn3_z6-D5k>
Subject: Re: [dmarc-ietf] third party authorization, not, was non-mailing list
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Aug 2020 23:55:56 -0000
On Thursday, August 20, 2020, Jesse Thompson <jesse.thompson= 40wisc.edu@dmarc.ietf.org> wrote: > On 8/20/20 4:00 PM, blong=40google.com@dmarc.ietf.org wrote: > > Neither atps or spf include are really designed for large scale usage > > That's my conclusion, as well. I don't want to authorize every potential > MLM to use all addresses in all of our domains cart blanch, even if I would > otherwise trust them (e.g. their purported ARC results). > > I *do* want to authorize our *own* MLM(s) to use our own domains for > *internal* use... so I thought for a minute... maybe ATSP has merit for > small scale usage, as an alternative to SPF include? But no, I don't know > if any MLM has a way to check to see if they are authorized via any > mechanism, so they will continue to munge the From header for our > DMARC-enabled domains anyway. So, for this *internal* use case, maybe I'll > just check the ARC result from the trusted MLM and replace the From header > with the value of Reply-to/X-Original-From, and call it a day. > > Jesse > This is why I proposed a tag that would have a value consisting of the authorized intermediary domain. It would only be valid for that message. Because the tag is signed separately from the rest of the message, it should survive even if the intermediary modifies other parts of the message. If the intermediary DKIM signs the modified message with their own signature, that provides some assurance to the receiver. I haven't seen enough favorable response to justify working on a detailed submission to the group. I'm not an IETF standards wonk. Michael Hammer
- [dmarc-ietf] non-mailing list use case for differ… Autumn Tyr-Salvia
- Re: [dmarc-ietf] non-mailing list use case for di… Alessandro Vesely
- Re: [dmarc-ietf] non-mailing list use case for di… Dotzero
- Re: [dmarc-ietf] non-mailing list use case for di… Laura Atkins
- Re: [dmarc-ietf] non-mailing list use case for di… Douglas E. Foster
- Re: [dmarc-ietf] non-mailing list use case for di… Alessandro Vesely
- Re: [dmarc-ietf] non-mailing list use case for di… Laura Atkins
- Re: [dmarc-ietf] non-mailing list use case for di… Alessandro Vesely
- Re: [dmarc-ietf] non-mailing list use case for di… Hector Santos
- Re: [dmarc-ietf] non-mailing list use case for di… Doug Foster
- Re: [dmarc-ietf] non-mailing list use case for di… John Levine
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] non-mailing list use case for di… Todd Herr
- Re: [dmarc-ietf] non-mailing list use case for di… Dave Crocker
- Re: [dmarc-ietf] non-mailing list use case for di… John R Levine
- Re: [dmarc-ietf] non-mailing list use case for di… Todd Herr
- Re: [dmarc-ietf] non-mailing list use case for di… Dave Crocker
- Re: [dmarc-ietf] non-mailing list use case for di… Autumn Tyr-Salvia
- Re: [dmarc-ietf] non-mailing list use case for di… Todd Herr
- Re: [dmarc-ietf] non-mailing list use case for di… Dave Crocker
- Re: [dmarc-ietf] non-mailing list use case for di… John R Levine
- Re: [dmarc-ietf] non-mailing list use case for di… John R Levine
- Re: [dmarc-ietf] non-mailing list use case for di… Alessandro Vesely
- Re: [dmarc-ietf] non-mailing list use case for di… Alessandro Vesely
- Re: [dmarc-ietf] non-mailing list use case for di… Laura Atkins
- Re: [dmarc-ietf] non-mailing list use case for di… Todd Herr
- Re: [dmarc-ietf] non-mailing list use case for di… Laura Atkins
- Re: [dmarc-ietf] non-mailing list use case for di… Hector Santos
- Re: [dmarc-ietf] non-mailing list use case for di… Douglas E. Foster
- Re: [dmarc-ietf] non-mailing list use case for di… Jeremy Harris
- Re: [dmarc-ietf] non-mailing list use case for di… Ken O'Driscoll
- Re: [dmarc-ietf] non-mailing list use case for di… Hector Santos
- Re: [dmarc-ietf] non-mailing list use case for di… Hector Santos
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] non-mailing list use case for di… Murray S. Kucherawy
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] non-mailing list use case for di… Jim Fenton
- Re: [dmarc-ietf] non-mailing list use case for di… Luis E. Muñoz
- Re: [dmarc-ietf] non-mailing list use case for di… Alessandro Vesely
- [dmarc-ietf] LSAP - Lightweight Signer Authorizat… Hector Santos
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] non-mailing list use case for di… John Levine
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] non-mailing list use case for di… John R Levine
- Re: [dmarc-ietf] non-mailing list use case for di… Neil Anuskiewicz
- Re: [dmarc-ietf] non-mailing list use case for di… Douglas E. Foster
- Re: [dmarc-ietf] non-mailing list use case for di… John Levine
- Re: [dmarc-ietf] non-mailing list use case for di… Douglas E. Foster
- Re: [dmarc-ietf] non-mailing list use case for di… John R Levine
- Re: [dmarc-ietf] non-mailing list use case for di… Murray S. Kucherawy
- Re: [dmarc-ietf] non-mailing list use case for di… John R Levine
- Re: [dmarc-ietf] non-mailing list use case for di… Dave Crocker
- Re: [dmarc-ietf] non-mailing list use case for di… Douglas E. Foster
- Re: [dmarc-ietf] non-mailing list use case for di… Ken O'Driscoll
- Re: [dmarc-ietf] non-mailing list use case for di… Benny Pedersen
- Re: [dmarc-ietf] non-mailing list use case for di… Kurt Andersen (b)
- Re: [dmarc-ietf] non-mailing list use case for di… Jim Fenton
- Re: [dmarc-ietf] non-mailing list use case for di… Jim Fenton
- Re: [dmarc-ietf] non-mailing list use case for di… Dotzero
- Re: [dmarc-ietf] non-mailing list use case for di… Alessandro Vesely
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] non-mailing list use case for di… Dotzero
- Re: [dmarc-ietf] non-mailing list use case for di… Alessandro Vesely
- Re: [dmarc-ietf] non-mailing list use case for di… Autumn Tyr-Salvia
- Re: [dmarc-ietf] non-mailing list use case for di… John Levine
- Re: [dmarc-ietf] non-mailing list use case for di… Murray S. Kucherawy
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] non-mailing list use case for di… Douglas E. Foster
- Re: [dmarc-ietf] non-mailing list use case for di… John Levine
- Re: [dmarc-ietf] non-mailing list use case for di… John Levine
- Re: [dmarc-ietf] non-mailing list use case for di… Dave Crocker
- Re: [dmarc-ietf] non-mailing list use case for di… Alessandro Vesely
- Re: [dmarc-ietf] non-mailing list use case for di… Douglas E. Foster
- Re: [dmarc-ietf] non-mailing list use case for di… Hannu Aronsson
- Re: [dmarc-ietf] non-mailing list use case for di… Hannu Aronsson
- Re: [dmarc-ietf] non-mailing list use case for di… Tõnu Tammer
- Re: [dmarc-ietf] non-mailing list use case for di… Dave Crocker
- Re: [dmarc-ietf] non-mailing list use case for di… Jim Fenton
- Re: [dmarc-ietf] non-mailing list use case for di… Alessandro Vesely
- Re: [dmarc-ietf] non-mailing list use case for di… Douglas E. Foster
- Re: [dmarc-ietf] third party authorization, not, … John Levine
- Re: [dmarc-ietf] third party authorization, not, … Dave Crocker
- Re: [dmarc-ietf] third party authorization, not, … Dotzero
- Re: [dmarc-ietf] non-mailing list use case for di… Neil Anuskiewicz
- Re: [dmarc-ietf] non-mailing list use case for di… John R Levine
- Re: [dmarc-ietf] non-mailing list use case for di… Autumn Tyr-Salvia
- Re: [dmarc-ietf] non-mailing list use case for di… John R Levine
- Re: [dmarc-ietf] third party authorization, not, … Murray S. Kucherawy
- Re: [dmarc-ietf] third party authorization, not, … Dave Crocker
- Re: [dmarc-ietf] third party authorization, not, … John Levine
- Re: [dmarc-ietf] third party authorization, not, … Alessandro Vesely
- Re: [dmarc-ietf] third party authorization, not, … Dotzero
- Re: [dmarc-ietf] third party authorization, not, … Alessandro Vesely
- Re: [dmarc-ietf] third party authorization, not, … Dave Crocker
- Re: [dmarc-ietf] third party authorization, not, … Hector Santos
- Re: [dmarc-ietf] Time for a change Douglas E. Foster
- Re: [dmarc-ietf] Time for a change Dotzero
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] third party authorization, not, … Murray S. Kucherawy
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] Time for a change Murray S. Kucherawy
- Re: [dmarc-ietf] Time for a change Dave Crocker
- Re: [dmarc-ietf] Time for a change Dotzero
- Re: [dmarc-ietf] non-mailing list use case for di… Alessandro Vesely
- Re: [dmarc-ietf] non-mailing list use case for di… Autumn Tyr-Salvia
- Re: [dmarc-ietf] finer grained org domain John R Levine
- Re: [dmarc-ietf] finer grained org domain Tim Wicinski
- Re: [dmarc-ietf] finer grained org domain Dave Crocker
- Re: [dmarc-ietf] finer grained org domain Dave Crocker
- Re: [dmarc-ietf] finer grained org domain Seth Blank
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] Time for a change Murray S. Kucherawy
- Re: [dmarc-ietf] third party authorization, not, … Alessandro Vesely
- Re: [dmarc-ietf] third party authorization, not, … Kurt Andersen (b)
- Re: [dmarc-ietf] third party authorization, not, … Murray S. Kucherawy
- Re: [dmarc-ietf] third party authorization, not, … Douglas E. Foster
- Re: [dmarc-ietf] third party authorization, not, … Alessandro Vesely
- Re: [dmarc-ietf] third party authorization, not, … Murray S. Kucherawy
- Re: [dmarc-ietf] third party authorization, not, … Tim Draegen
- Re: [dmarc-ietf] third party authorization, not, … Brandon Long
- Re: [dmarc-ietf] third party authorization, not, … Jesse Thompson
- Re: [dmarc-ietf] third party authorization, not, … Dotzero
- Re: [dmarc-ietf] third party authorization, not, … Alessandro Vesely
- Re: [dmarc-ietf] third party authorization, not, … Douglas E. Foster
- Re: [dmarc-ietf] non-mailing list use case for di… Jim Fenton
- Re: [dmarc-ietf] non-mailing list use case for di… Brandon Long
- Re: [dmarc-ietf] non-mailing list use case for di… Jesse Thompson
- Re: [dmarc-ietf] third party authorization, not, … Murray S. Kucherawy
- Re: [dmarc-ietf] third party authorization, not, … Murray S. Kucherawy
- Re: [dmarc-ietf] third party authorization, not, … John Levine
- Re: [dmarc-ietf] third party authorization, not, … Douglas E. Foster
- Re: [dmarc-ietf] third party authorization, not, … Murray S. Kucherawy
- Re: [dmarc-ietf] third party authorization, not, … Dotzero
- Re: [dmarc-ietf] third party authorization, not, … Alessandro Vesely
- Re: [dmarc-ietf] third party authorization, not, … Dotzero
- Re: [dmarc-ietf] third party authorization, not, … Laura Atkins
- Re: [dmarc-ietf] third party authorization, not, … Dotzero
- Re: [dmarc-ietf] third party authorization, not, … John R Levine
- Re: [dmarc-ietf] third party authorization, not, … Dotzero
- Re: [dmarc-ietf] third party authorization, not, … John R Levine
- Re: [dmarc-ietf] third party authorization, not, … Dotzero
- Re: [dmarc-ietf] third party authorization, not, … Jim Fenton
- Re: [dmarc-ietf] third party authorization, not, … John Levine
- Re: [dmarc-ietf] third party authorization, not, … Jim Fenton
- Re: [dmarc-ietf] third party authorization, not, … Alessandro Vesely
- Re: [dmarc-ietf] third party authorization, not, … Doug Foster
- Re: [dmarc-ietf] third party authorization, not, … Dotzero
- Re: [dmarc-ietf] third party authorization, not, … Jim Fenton
- Re: [dmarc-ietf] third party authorization, not, … Dotzero
- Re: [dmarc-ietf] third party authorization, not, … Douglas E. Foster
- Re: [dmarc-ietf] third party authorization, not, … Dotzero
- Re: [dmarc-ietf] third party authorization, not, … Jim Fenton
- Re: [dmarc-ietf] third party authorization, not, … Hector Santos
- Re: [dmarc-ietf] third party authorization, not, … Alessandro Vesely
- Re: [dmarc-ietf] third party authorization, not, … Douglas E. Foster
- Re: [dmarc-ietf] third party authorization, not, … Alessandro Vesely
- Re: [dmarc-ietf] draft-levine-dkim-conditional-04… John Levine
- Re: [dmarc-ietf] draft-levine-dkim-conditional-04… Douglas E. Foster
- Re: [dmarc-ietf] draft-levine-dkim-conditional-04… Murray S. Kucherawy
- Re: [dmarc-ietf] third party authorization, not, … Murray S. Kucherawy
- Re: [dmarc-ietf] my forward signer draft, third p… John Levine
- Re: [dmarc-ietf] my forward signer draft, third p… Rolf E. Sonneveld