Re: [dmarc-ietf] Overall last-call comments on DMARC
"Murray S. Kucherawy" <superuser@gmail.com> Tue, 02 April 2024 18:17 UTC
Return-Path: <superuser@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BAEACC169417 for <dmarc@ietfa.amsl.com>; Tue, 2 Apr 2024 11:17:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ER7p6j2DHY2b for <dmarc@ietfa.amsl.com>; Tue, 2 Apr 2024 11:17:03 -0700 (PDT)
Received: from mail-ej1-x62a.google.com (mail-ej1-x62a.google.com [IPv6:2a00:1450:4864:20::62a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1DCB1C169413 for <dmarc@ietf.org>; Tue, 2 Apr 2024 11:17:03 -0700 (PDT)
Received: by mail-ej1-x62a.google.com with SMTP id a640c23a62f3a-a46f056c29eso193422166b.1 for <dmarc@ietf.org>; Tue, 02 Apr 2024 11:17:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1712081821; x=1712686621; darn=ietf.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=MlAMnrZw3MOZPNT9O7RhSFlfHYv/CZRURu0LDO5xWkc=; b=T3J/fV4ahBiIffF5roqGCPibC4myJbGoc11d0bG//ggjONaNBhO2LUjLK8AIdsrkJD Qp2p0iFDiOEfFTTMJ+teniTWQw5Rzw2yKQfQeS04xIuWva0L1+ISyoACh4mDtbtkeMax UPEYizEct1IA4SRlwIya5PcjC705PH/OhOae3GaFu/QrzJwz4yCHWVFNFx3kjOVDeYnH ndX+fU9diObJculOOB3RY20nA+8mZLF9384Lh46uKMYGHHMgzCZRQQlmVu5M+8nfQR1j S+XIIOE5MkTAxNCTXQxvHah3+8Rjtq0V5CB71tCupgSNA4cwzAxPF/ivhyRN843eZliu RDVg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712081821; x=1712686621; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=MlAMnrZw3MOZPNT9O7RhSFlfHYv/CZRURu0LDO5xWkc=; b=e5r1veHG8YVTklUUMh/FXcduM1sTA9d48yaOr9AaUA4qxfFYn0VODJiKqfvOkSJBKU UAcmTsyRuHDxGBgpPBBE3Bm/rlTTgphFvXmStUa7yR2Ph5i6hX5VSYWqFVQaUiKpo+Aq ll48aBNTc+pQZyZVufKxFxYapzlKEJmNnYmyrLyHID7FziRV4zzpq3qJxBH1/wPsS12j a93yVY24hM7VRcwRmZnCepArkIZgMLfoEsSBYmFapj88eJ9IuWi+/fgB66hoGP9carNp UAoqmDuuGfcVVRd7jS9LnvS40BEBtU6wGfdOhKwcm3q3b65U8Hzgr6netdIObR60Gf+i xwLg==
X-Gm-Message-State: AOJu0Yyc2YcLSQAqK4I0vQZdYR/aQoUV7x4Uq+ox1wfoHarOiTJrjh27 Y1zABx3FVdgoIqVRyZxz1XBPTsBxJRuswotUGCwDoe6mhekYLdTa7zPFMRI+5ac9xEQX4tEoQH5 4HiPWtpz1VRo7S5ZYmF1XyiZDxkJEnGkf99E=
X-Google-Smtp-Source: AGHT+IG7LUIq1nPtE2XRSluVKLC9TqmVmESep8wcR9XpM5QuiWLJtnzeB9iIW2KXs4cNqBnYetQ/3ra0Vm/k0dOGHSg=
X-Received: by 2002:a17:906:c10f:b0:a4e:39f5:9bc7 with SMTP id do15-20020a170906c10f00b00a4e39f59bc7mr10113018ejc.1.1712081820578; Tue, 02 Apr 2024 11:17:00 -0700 (PDT)
MIME-Version: 1.0
References: <CFEA2796-9213-4847-836B-81E8770973F5@bluepopcorn.net> <5208da1b-ecfb-4d41-8506-a734a27ab3a0@tana.it> <CAL0qLwbnSe77Wdt+M8bi2pBmZFCZjDUQc6je9bjCzP5TQ0N6XA@mail.gmail.com> <49859572-18a4-483b-bb99-62c1c231896e@tana.it> <CAL0qLwZc6idmMra11pVx2bbtk2Em9-vy6+962M7jDWOMnP+UHQ@mail.gmail.com> <1ee6df39-a622-4060-83db-bcc9a7a835d4@tana.it>
In-Reply-To: <1ee6df39-a622-4060-83db-bcc9a7a835d4@tana.it>
From: "Murray S. Kucherawy" <superuser@gmail.com>
Date: Tue, 02 Apr 2024 11:16:47 -0700
Message-ID: <CAL0qLwYX_D7S_-Vn9RwwRzwyNO=8=3UVqbP8rz3SCWG4dvGZig@mail.gmail.com>
To: dmarc@ietf.org
Content-Type: multipart/alternative; boundary="000000000000bdfc4a0615211cb5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/ccmq4OPyMPRQb18oE6TJwbWpDeM>
Subject: Re: [dmarc-ietf] Overall last-call comments on DMARC
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Apr 2024 18:17:03 -0000
On Tue, Apr 2, 2024 at 9:01 AM Alessandro Vesely <vesely@tana.it> wrote: > >>>> By now, most mailing lists arranged to either rewrite From: or not > break > >>>> DKIM signatures. We all hope those hacks are temporary. > >>> > >>> What do you mean by "temporary", given the time scales that have > already > >>> passed since RFC 7489 saw wide deployment? Do you envision those > >>> techniques ending sometime soon? > >> > >> Yeah, the time scale is killing us. Is ten years soon enough? > > > > You tell me. You say you're hoping they're temporary, yet they've been > > around a long time and I'm not sure that there's an alternative on the > > table. I'm asking you to explain. > > I believe alternatives are possible. Can't say how long it's going to > take, > but I presume when they are available, the nasty hacks will slowly fade > out. > So what are you suggesting should go in this document that's in WGLC? > >>> If "most" mailing lists have arranged rewrites or non-mutation, and > this > >>> appears to be working, are there specific techniques we should > >>> standardize here? > >> > >> I believe it's possible to leverage ARC so as to overcome those mailing > >> lists hacks, for an expanding set of domains. It is not difficult to > >> modify ML software in order to rewrite and/or mutate on a per-user > basis. > >> One can obtain the same effect with existing software if it provides > for > >> twin lists or similar means to split users into two categories. > > > > This isn't consistent with your previous comment, which claimed that > "most" > > lists are already doing this. Your language here is more like a > proposal. > > I'm having a hard time following. > > Oh, perhaps you asked if we should standardize the nasty hack? IMHO, we > shouldn't. We didn't standardize COI either. > Same question. I can't tell if you're just pontificating about a variety of topics, or making concrete suggestions about what the -bis document really needs to say before this WG ships it. If the former, I suggest this be minimized as they're likely only distractions; if the latter, I'd love to see some proposed text. We should standardize some proposals that make ARC work consistently for > forwarders (including MLs) of any size and kind. > Do you have one to suggest? > > What is it that you believe we should be telling industry to do? > > Experiment with new proposals until we find one that works? > Same question. > >>> Are you suggesting we need some standard way to calculate and/or share > a > >>> sealer's reputation for any of this to work? > >> > >> Sealer's reputation is the same as domain reputation. Good to have it, > >> whenever it comes. > > > > I interpreted your earlier remark to be a claim that this stuff won't > work > > absent such data. > > A reliable reputation database will certainly make everything email work > better. However, ARC usage with local trust contracts, granted on a case > by > case basis could work even without it, methinks. > Do you have specific text to suggest? > >> For ARC, I'd rather consider per-forwarder contracts. Forwarding (of > >> which MLs are a case) doesn't happen out of the blue. It has to be set > >> up. Involving the target receiver in the setup may make it trust the > >> sender's seals, when they belong to the stream thus set up and > >> identified. > > > > So, a "contract" between each mailing list and each subscriber? What > would > > that mean? > > A contract would mean the same as COI, but involving (also) the > subscriber's > MBP. Is it really you? You sure you want to subscribe to this? Then > I'll > trust the ML when it ARC-seals messages with this List-Id: destined to > you, for > example. > Have you tried this technique? Has anyone? Does it work? -MSK, p11g
- Re: [dmarc-ietf] Overall last-call comments on DM… Alessandro Vesely
- [dmarc-ietf] Overall last-call comments on DMARC Jim Fenton
- Re: [dmarc-ietf] Overall last-call comments on DM… Murray S. Kucherawy
- Re: [dmarc-ietf] Standards Track? Yes or No. Douglas Foster
- Re: [dmarc-ietf] Overall last-call comments on DM… Alessandro Vesely
- Re: [dmarc-ietf] Overall last-call comments on DM… John R. Levine
- Re: [dmarc-ietf] Standards Track? Yes or No. Alessandro Vesely
- Re: [dmarc-ietf] Overall last-call comments on DM… Murray S. Kucherawy
- Re: [dmarc-ietf] Overall last-call comments on DM… Alessandro Vesely
- Re: [dmarc-ietf] Overall last-call comments on DM… Murray S. Kucherawy
- Re: [dmarc-ietf] Overall last-call comments on DM… Alessandro Vesely
- Re: [dmarc-ietf] Overall last-call comments on DM… Douglas Foster
- Re: [dmarc-ietf] Overall last-call comments on DM… Murray S. Kucherawy
- Re: [dmarc-ietf] Overall last-call comments on DM… Alessandro Vesely
- Re: [dmarc-ietf] Overall last-call comments on DM… Murray S. Kucherawy
- Re: [dmarc-ietf] Overall last-call comments on DM… Douglas Foster
- Re: [dmarc-ietf] Overall last-call comments on DM… Murray S. Kucherawy
- Re: [dmarc-ietf] Overall last-call comments on DM… Dotzero
- Re: [dmarc-ietf] Overall last-call comments on DM… Murray S. Kucherawy
- Re: [dmarc-ietf] Overall last-call comments on DM… Jim Fenton
- Re: [dmarc-ietf] Overall last-call comments on DM… Douglas Foster
- Re: [dmarc-ietf] Overall last-call comments on DM… Tero Kivinen
- Re: [dmarc-ietf] There is no pony, Overall last-c… John R. Levine
- Re: [dmarc-ietf] There is no pony, Overall last-c… Jim Fenton
- Re: [dmarc-ietf] There is no pony, Overall last-c… John R. Levine
- Re: [dmarc-ietf] There is no pony, Overall last-c… Hector Santos
- Re: [dmarc-ietf] Overall last-call comments on DM… Alessandro Vesely
- Re: [dmarc-ietf] Overall last-call comments on DM… Neil Anuskiewicz