IETF Logo Mail Archive

[dmarc-ietf] Rollback

Douglas Foster <dougfoster.emailstandards@gmail.com> Wed, 06 April 2022 10:34 UTC

Return-Path: <dougfoster.emailstandards@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3D8E3A1907 for <dmarc@ietfa.amsl.com>; Wed, 6 Apr 2022 03:34:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CbtYMTKgwLTR for <dmarc@ietfa.amsl.com>; Wed, 6 Apr 2022 03:34:41 -0700 (PDT)
Received: from mail-ot1-x329.google.com (mail-ot1-x329.google.com [IPv6:2607:f8b0:4864:20::329]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8425A3A1906 for <dmarc@ietf.org>; Wed, 6 Apr 2022 03:34:41 -0700 (PDT)
Received: by mail-ot1-x329.google.com with SMTP id y3-20020a056830070300b005cd9c4d03feso1435032ots.3 for <dmarc@ietf.org>; Wed, 06 Apr 2022 03:34:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:from:date:message-id:subject:to; bh=7gKU93QjsnhZP1qO3k3UccLRVbmRFuGFcxCJT0ebqOg=; b=QCMGIDce48YAkleDB+z6Dz3W3vHdkjFeh54F9T6X/gMY0pHEu6qF4gMt+m21jAVuJl fYtUQzYUI/Ksu7P5xk+OUKUpa6RA+aemGNCyzgWgZyTrAPk0XbEKqZ9NhrmfsqlR7YSh Bx+PYHgL1PA10tPuhQEK7shBhfBbkJ2QYRR2T1hSwJ3fSnPbWWeMtjGz1ptEHLq3nLRv J15yHWMD57naGiawWB50PwmWK1yeS9fms7l4O+byWLEMJJPQ4NgSNqecRGaHZfpDfY7F Pd2HXtgGg0QvmMYHn1/0Pf2wQH/sC8DxCbaNdzNayIESieAloJfreTG2oCYcloSKHIaR IFAA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=7gKU93QjsnhZP1qO3k3UccLRVbmRFuGFcxCJT0ebqOg=; b=J5OtmveJpSJPAgSkQdaMWZkdgOyd2k5rjkzfPhaF1K3A9DNJfncqB7hta104UGfSb6 nfFZ0qG/ctXJmY/Y5AHr7wGFt/+0C+VtZVchfniCtPbrVqELrqTaipFsu693TzBCB1RD 59IrkEGFZeI67LD7MbGLSu/LQdC9W388zfEf9AvEks93dorNl6l1S8Xe0n1dC1j+HTr5 epEzGGSqQkIY9bhW1MhTUabqEuGhuaEan9G69XEVOGoyMmYmQbZwEUDRqWgETyh+A2Gg v7GjM2q3sxV0yXqddbYQ7ErSF5FMwC74uF2sOsHYBdvrjYyzmge4ixONsjC3KXdbOsbG w39A==
X-Gm-Message-State: AOAM533kirGunemzrM5SCH1jfR9tbWLUMe5Dng+nPocvH3jF4EysR3Pq wwjAgrus4suAia5WjS81Mspcz9+YBRbhSiHRQaPr38Dprfc=
X-Google-Smtp-Source: ABdhPJx0gjoPsRjBkHq+WYZERlKCcgfb3VF0fIhfJ/EExY5w2XsgUqc4FjrVis/q91wVMxZfTIyeUt7BJXRQpg+ahyo=
X-Received: by 2002:a05:6830:b81:b0:5cd:ddb7:c2bf with SMTP id a1-20020a0568300b8100b005cdddb7c2bfmr2685899otv.82.1649241280317; Wed, 06 Apr 2022 03:34:40 -0700 (PDT)
MIME-Version: 1.0
From: Douglas Foster <dougfoster.emailstandards@gmail.com>
Date: Wed, 6 Apr 2022 06:34:29 -0400
Message-ID: <CAH48ZfwCvMUud=BjAV22qhLdrBgx+jevsYVF3V+4AAuOanBVew@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000a98b0d05dbf9e8a8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/bcXntv_g4-ovLClC4lAPpx7HWtE>
Subject: [dmarc-ietf] Rollback
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Apr 2022 10:34:43 -0000

Replacing the PSL was an interesting line of investigation, but it was not
part of the charter, so it can only be part of DMARCbis if it works well,
which it does not.

For non-PSL to work, all private registries (which are currently and
correctly listed in the PSL) must tag themselves in the DNS.
- How long will this take?   A long time, maybe forever.
- If it happens, will evaluators know that they can trust that it happened?
No, never.

At best, we have an idea for an experimental algorithm, not a
proposed standard, and our group is so small that we lack a quorum of
willing participants in the experiment.   The PSL replacement idea, and all
of the supporting language, needs to be abandoned.

It is time to roll back.  Instead of discarding the PSL, we need to fix its
weaknesses.   The PSL may contain errors, and RFC7489 does not provide a
way for DNS administrators to document and correct those errors (or confirm
correct results.)    We could define that error correction mechanism.

Possible PSL results:

Lands too high errors:
PSL+1 is another PSL, not the organization domain
PSL+1 skips over a private registration, and returns the registrar domain
instead of the client domain.
PSL+1 skips over a private registration, and returns a subdomain of the
registrar domain instead of the client domain.

Lands too low errors:
PSL+1 returns a subdomain of the organizational domain

Lands just right but is still an error:
PSL+1 is non-existent because it is not registered with the parent domain.

Correct results:
PSL+1 is an organization domain of the correct organization, and is
confirmed with a DNS indicator
PSL+1 is not explicitly confirmed or explicitly rejected, so it is presumed
to be the correct organizational domain.

Doug  Foster

v2.8.7 | Report a Bug | By Email