IETF Logo Mail Archive

Re: [dmarc-ietf] easier DKIM, DMARC2 & SPF Dependency Removal

Barry Leiba <barryleiba@computer.org> Thu, 29 June 2023 20:24 UTC

Return-Path: <barryleiba@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D2474C14CE46 for <dmarc@ietfa.amsl.com>; Thu, 29 Jun 2023 13:24:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.55
X-Spam-Level:
X-Spam-Status: No, score=-1.55 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.096, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qqntaPdLwyzo for <dmarc@ietfa.amsl.com>; Thu, 29 Jun 2023 13:24:02 -0700 (PDT)
Received: from mail-lj1-f182.google.com (mail-lj1-f182.google.com [209.85.208.182]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F30BC151090 for <dmarc@ietf.org>; Thu, 29 Jun 2023 13:24:02 -0700 (PDT)
Received: by mail-lj1-f182.google.com with SMTP id 38308e7fff4ca-2b6c3921c8bso17902111fa.3 for <dmarc@ietf.org>; Thu, 29 Jun 2023 13:24:02 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688070240; x=1690662240; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=s3v0iErQcPeTPkK2/ZhCQFdmtk4CFR0K5MP4Ktv7Ujw=; b=iG0d03yF/wmu+qDomB7xpiDWsTo09228C49+oH0b2grpJ9Jc9pkxKcsNbhA0OP+qQT h3a2eR1hoMhE6HROx0AEpj/s+OwczvDqYxInVKpmVefVdHDptOqFYeT0a/j7YZ6AAQKs j1DRdFvxjimEXLGKKSWB1RGo/gkJ3K38T1G+bCylwTRobMELxFxN6UNGrtrj+06asmdw XVuanTVVDUdgV1ctSBHMZQIvArRCiC0jhjCifnslp5OX9Ej+OPW9VFRFQeia477gUtkz dDqj0h/fUzCnM2gQ8q2wbll48B93/wRpPv78/9scF4IqkPuE9J/2YJ17SOqkhreHJqV5 MZUw==
X-Gm-Message-State: ABy/qLadib2ld6WvqkaYHTfAYNUg01SwDXDFFAR3eDGFbhNs35696MNK 5/xvr9QpyteX5LKjf3ehZyxsYo1QN+Ok3BGUcL0=
X-Google-Smtp-Source: APBJJlFXZV4rNqeBkP7IwLbHAwAEbokZ0WKmNAdq1Wyu+jI443sf0hGPda3LfvKoyqrT8rDADrAw1hpUn+VC3lu9FvA=
X-Received: by 2002:a2e:88c8:0:b0:2b6:ca1d:ee88 with SMTP id a8-20020a2e88c8000000b002b6ca1dee88mr637007ljk.12.1688070240166; Thu, 29 Jun 2023 13:24:00 -0700 (PDT)
MIME-Version: 1.0
References: <CAFcYR_VhM4tsop7WwLZaLY6JhDJBiGO4E96HLzm4eqbdR+U3Pw@mail.gmail.com> <20230629183755.E9837FD1EC3A@ary.qy>
In-Reply-To: <20230629183755.E9837FD1EC3A@ary.qy>
From: Barry Leiba <barryleiba@computer.org>
Date: Thu, 29 Jun 2023 16:23:48 -0400
Message-ID: <CALaySJ+RYrrRWpgLZurjVxHWOawYYxsOFLAujiWw7XwrP8dLjA@mail.gmail.com>
To: John Levine <johnl@taugh.com>
Cc: dmarc@ietf.org, emschorsch@google.com
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/dUVLVAfzJFt44PPSHVXt_MrYdL8>
Subject: Re: [dmarc-ietf] easier DKIM, DMARC2 & SPF Dependency Removal
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Jun 2023 20:24:06 -0000

Chair speaking and agreeing.  While I do not think it's out of scope
to think about how DKIM replay attacks affect DMARC, I think it is out
of scope to design DMARC to address DKIM replay attacks.  These two
things are very close to each other, and we're going to have to be
careful about it.  But if we find ourselves saying that we have to do
(x) in DMARC because DKIM replay attacks are a problem, and would not
need to do it otherwise, we're almost certainly on the wrong side of
that boundary.

Barry

On Thu, Jun 29, 2023 at 2:38 PM John Levine <johnl@taugh.com> wrote:
>
> It appears that Emanuel Schorsch  <emschorsch@google.com> said:
> >> We are talking about SPF AND DKIM because of the problems with DKIM
> >> replay. ...
>
> I hope we agree that applying bandaids to sort of fix DKIM replay is
> out of scope for the DMARC WG.
>
> If you want to work on replay, they're down the virtual hall.
>
> https://datatracker.ietf.org/wg/dkim/about/
>
> R's,
> John
>
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc

v2.23.0 | Report a Bug | By Email