IETF Logo Mail Archive

Re: [dmarc-ietf] Next draft concerns

Les Barstow <lbarstow@proofpoint.com> Thu, 09 June 2022 19:18 UTC

Return-Path: <lbarstow@proofpoint.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E45EDC157B37 for <dmarc@ietfa.amsl.com>; Thu, 9 Jun 2022 12:18:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=proofpoint.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7KQn_x9wzdkc for <dmarc@ietfa.amsl.com>; Thu, 9 Jun 2022 12:18:33 -0700 (PDT)
Received: from mx0b-00148503.pphosted.com (mx0b-00148503.pphosted.com [148.163.159.21]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 08858C14F738 for <dmarc@ietf.org>; Thu, 9 Jun 2022 12:18:32 -0700 (PDT)
Received: from pps.filterd (m0162102.ppops.net [127.0.0.1]) by mx0b-00148503.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 259InxVj024138; Thu, 9 Jun 2022 12:18:32 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=proofpoint.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=corp-2019-08-07; bh=tbTbIh38lfDUjaHDHzjKpYmil3TPp7ASax7+OMsazfw=; b=Ss5Y+XP5c9t1PJlucZYN2ArhmQZzF+XkZQFW78f4rBYHxwDISzjfbZ2dW8Zh/Kx/qNcF +4TdOkP87keiZxUnjDKo9kDf4eDWJS8hmxrW4+0Ty51Df95xW0LTL/hSI2RMuXetGG7u GeFLgX/ff2e9xtB0SReG6BBSVDGQ5PW5GqMkOLabMy6o6VE7UiWjqzIspNXk6rfvvGzd 7cuMYC8Rgm8myLl8LPT/H2sPu9Yt52xIUXYfIsLdVQTisvoMsdMEf4IKHICqHIGZME31 EwPFCMnTSFfY9em+zltzz8YW7kFFFoajCXfie0ev7ypRcT2hdxylKXFFNXYBVYUz/P7v Bg==
Received: from lv-exch03.corp.proofpoint.com ([136.179.16.100]) by mx0b-00148503.pphosted.com (PPS) with ESMTPS id 3ggqb3htm6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 09 Jun 2022 12:18:31 -0700
Received: from lv-exch01.corp.proofpoint.com (10.94.30.37) by lv-exch03.corp.proofpoint.com (10.19.10.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.2308.27; Thu, 9 Jun 2022 12:18:25 -0700
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (10.19.16.20) by lv-exch01.corp.proofpoint.com (10.94.30.37) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.2308.27 via Frontend Transport; Thu, 9 Jun 2022 12:18:24 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=P/16pTvQn5WkoTWgAB+5KzPJ7CmbDyXzjx+UUFEw9aDPRQTSng61TEoVVUT+pdS4b9u0hrj8ajpjTeFk0YwG2sThGlj8TOBId9TNpBt6fHlSsrsB19YFzkDaurTBulCl31RCkqFgo5EkrLSIIVtc8prxUGBaLHAGQJuJOE3or3QWbXLVob2BAUmJyLtNz/muJ42iAnOTgd2e9p+0leZP7GH+zWdPsj4TwSfEN3w+wOVmsHwJLAdULpt3+QKSReWpOmN5LhYO9pkZ1X+XvfkjHoq3ZVybNbfhlI6B7L90PgFgUp4PHxwMRZ2ff/ruroJGeMCluogseWn/vihHBLYHUA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=tbTbIh38lfDUjaHDHzjKpYmil3TPp7ASax7+OMsazfw=; b=DfK8TxMtzyHcZq6vDYCxa8kniSVKKap/6U9hsWNq30WhOQHt9Jz/UU3tQUwDkajvsnrU3QxJcV72k8IQ6C8LmIrwNeNYBhXO/39WJ5KCtubNMJV7lEYB8ha12Yake9+rbCnpJzNLn+lX5WVU7ri9H2d1eMVjykBTvU6EPax5zySUiwRnYprnK4dRGka2v0DjekRulQ5JkIBoEkjMKTvmkLpdD8HSQ7qsscVS4IjJRMC6oZuvLBF2MmOuSdqFjlwQTDwxzAAofIGDDyTQt+Cb1P/wRbJy7vfZXIcSu/Ch6OEd/P3acKMGHgrnImsNB/zVZ39Rx6ETv3z/w293CnkGSA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=proofpoint.com; dmarc=pass action=none header.from=proofpoint.com; dkim=pass header.d=proofpoint.com; arc=none
Received: from BL1PR12MB5753.namprd12.prod.outlook.com (2603:10b6:208:390::15) by DM6PR12MB4617.namprd12.prod.outlook.com (2603:10b6:5:35::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5314.17; Thu, 9 Jun 2022 19:18:22 +0000
Received: from BL1PR12MB5753.namprd12.prod.outlook.com ([fe80::e591:1251:8b49:bdc5]) by BL1PR12MB5753.namprd12.prod.outlook.com ([fe80::e591:1251:8b49:bdc5%9]) with mapi id 15.20.5314.019; Thu, 9 Jun 2022 19:18:22 +0000
From: Les Barstow <lbarstow@proofpoint.com>
To: John Levine <johnl@taugh.com>, "dmarc@ietf.org" <dmarc@ietf.org>
Thread-Topic: [dmarc-ietf] Next draft concerns
Thread-Index: AQHYe3qBo3E18lTV3UGlrAKHvt6rGq1GBdEAgAFsfoCAAACmAA==
Date: Thu, 09 Jun 2022 19:18:22 +0000
Message-ID: <BL1PR12MB57533941A9C6B481C75D9FFABFA79@BL1PR12MB5753.namprd12.prod.outlook.com>
References: <BL1PR12MB5753CEB436047B152714100FBFA49@BL1PR12MB5753.namprd12.prod.outlook.com> <20220609191051.F2709434C018@ary.qy>
In-Reply-To: <20220609191051.F2709434C018@ary.qy>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 4aaa2a05-d867-4de6-00d8-08da4a4cd1cc
x-ms-traffictypediagnostic: DM6PR12MB4617:EE_
x-microsoft-antispam-prvs: <DM6PR12MB46178BD7A961195C8EE6BE17BFA79@DM6PR12MB4617.namprd12.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: qt7Z7k5fMdC7L44CIGcfdP428A0nN8psumwqzE07Hte5C/tskxjY1sFFjh8ODkFouqMHaYI2dzGabACeM6njr+ie5s20tgAurUB2A3xt4y2oNHba1yL4uWbe3rnXfMRQNkflQ7GuGWljv2v0+V/m0SDWB4aQrFFsmhHK+wJMXtlCPCcxte7nzLWix1HqBVjgKS98H1JALm0KFxfgfxCTytCxkrxEBg2ylPZignc/oGgxdJLWlE3Cnm+1Ei0IaHZS+ooj8kndBNuE62B71ZvJ5LhD2b56IBFqBUdHhukTVfWQHb89e3I1CpAXh5URkVQYHuzKSB/90yBsKN4OTMapEIoXcZ6p3qBAT7TCj/4tX4oPjfbms4kLe5sl59JrPgU24E7o5ytyDjvPPo8q7wnKbaBTUZAqjYuBTqxBiFBHeKema+v2d/t6cSf7PwnFbP1f9IqidtK9/+fN4JLIBYsHag5fTIlbcnMr67GWfa1v6QjFSxZBgpmZLVvCW1DK5jbexOlCeXU3Vgo7cl0nGZYWPUmGBlRFWr8bss8QH7QRB6P7IeDy3qg+Qw6tRLb9KrzonSimzj8g7bNYxuXL2wIHjJZ/Ai71t8A2ICZBuUS46ZAfhKApij91IdUueoK7fp5loSnRQAGK6S6HQxEa/OtOwWHXFG1KfoqhRifsMc33UwI7l7Rc70yuVvYjFr7C1QAx3RIvKumm8ryqzBFw8AjiPg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BL1PR12MB5753.namprd12.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(508600001)(66446008)(66556008)(8936002)(52536014)(55016003)(26005)(38070700005)(186003)(316002)(9686003)(122000001)(71200400001)(110136005)(66946007)(33656002)(6506007)(2906002)(8676002)(5660300002)(66476007)(64756008)(38100700002)(7696005)(76116006)(86362001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: JXPyHx+VchyfTyxWI5Km76FkX04nlTg/F2nbCc7fu+FIwzwLgKMRfi7oidDj6WtNh5fslW0GNojP1IYF9ojuTL1Rc/rfK2+xD89rBjBhmF8/fpfDihssM5QitFjjSVMoIpdZ2MsbT6hUS2mET6c+Jcl4uKvrm/M7nFL2PUmYiWbbpIaZ1CGpcdbOGbiQ/z7JBPf2D0K+phCZpVCn39wnpIj4CypPMNykARojpJs24HW7HoPGzs/LrB3Q4NuXSnomvqb6EJwj2MsGvCc4yTl2KXMB8y2UQglv2ri8N73iv9Xkd19GngFDjvkZLzvRDgzTcFlM5eFKXEwKjeX1FJ+7clJQ+CiTdjDhzZp39W4XIwZCtfJoWZLfoIdfQX76W0EMEkulR+pwcKH0alRr+woeWKnNPBs1MUVqX53VmGWdNgEUb5HUKFhk+dnZ1UXzn4JekpDxzot5zK3crksqeDGhbx+CPP+KKHz6iJEz/yi7qDkCi7rZq1ZTCbgKe/QHAsi2rpGjPn2x+Bwqra9T/n5fqFr4Sf0PDIIlhuDoV47wGGdX3tUIk5OteIXOvC5zyE6TGZHrLdeV40yxYWw7s4DH4WNfKpl94s7EkXjMkjm3WSJbG3paVp/3DPdR2GGnYdgp6tEywKKzvhoEXBU5xdNHIUkDvjVqaXEnc1CFeywUSxV+YsxHsFnLa5wdSZrDP/Xh8wssIvUR+UKX+mgd4llA2gBUqKaQ1NGj26NPNtHoN3H2hc1L7T2ycCcJVNZ8e7w1pKF68ELcKjMNlEv7rrX1Rg3/RZIXK0xNDUIWCRCROJ++34sNf51nejOxc44bzdfE7MCAIJ0rZ+sa9eBlB2Yd4BxFljSeeN4mDMJZoVuSJPFsXsxFIsV3hHrttBwzNEaPl+cx5FceH2FIIubDWZJxFxddZORVcds/4qW4ePWMLUMh3nc9jx2G0GCG27hdIFeRDmqfjg1w1wDUw6vjulcb8uLdumLlFVK27A0ghrv7tYouj76JtA7biLDsOsta2GBkxi9IGKpJSLChntVJkzeOFXvylJYgZCvQaS8yLJEyFTxUfmULJItYkjgW0gRCqNQcZhy/T7tsI04Gi0i3cJG0C9da8kJl5fIonMQTHEK6jo9cWYkoKG4E2RJSVU8dxDSqv6II4eFdskgK/2Z0KkCTzqrFO3UbEQIPsrEfUCWYS5l1ulK4uczCuxvCe6nCrjMbpSwDkeA91LP8mVidy+YGcvDpR79HzIDHMAEmMOdJE1lCwA4Uc7JR3c7kCMHxg1os9IeBYantP6ODvNJasTLFYFVDGnbwVxcWjAJ3lykDW4zLheZKcS+yykaNjXSfT91Q9/2Q7mcF1B7I5CAUApAxLAD1/Wj0RT0Ot1V6BHANTjsJpRYt3eu6mog6x9RCL7ro16/TAfnlyTDEUsN7LteBMbMBMXUS/zXFmrA9lQrhE7DppyrhPwwswUEhGlEhQvF9EGlPPPQMKHpXiK6lrQx4KhQiKfiPfbBhhp8jaKu/s5V6IhHGGgTsNJrc0QCpeAMwVIQcf1jAs5khRiqltjH/GfsfSVqJVIPOln4eg1spUQ+RgoWChXw6TMEJVUx5oPZzBl6Rwm8QeyPF5+vIQeM6hUZNPxKE5fCnYVg8Jn2NOTXhWN1ltF7AS/MMnB6Y1JjloRErLi6nFkioq5AIYHCquV+v61GW/MwEbxD65HhEa9nVCka1bewBwBvxUUp8pc7v/9q9ZS9mmU8HJn5SSAiNnQ==
Content-Type: multipart/alternative; boundary="_000_BL1PR12MB57533941A9C6B481C75D9FFABFA79BL1PR12MB5753namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BL1PR12MB5753.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4aaa2a05-d867-4de6-00d8-08da4a4cd1cc
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Jun 2022 19:18:22.3967 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46785c73-1c32-414b-86bc-fae0377cab01
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: FghTuF6OvfzZP2dgQoqwZqbsd7PQv4OfOT82wQGgsdSEuyFAheNbTNJ1dnwDasWHlJpG+6ui/d1Mqzrcq/5JWg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4617
X-OriginatorOrg: proofpoint.com
X-PassedThroughOnPremises: Yes
X-Proofpoint-ORIG-GUID: foQ238AphRY8AORk3OSmfSid9PZUKYHp
X-Proofpoint-GUID: foQ238AphRY8AORk3OSmfSid9PZUKYHp
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.874,Hydra:6.0.517,FMLib:17.11.64.514 definitions=2022-06-09_14,2022-06-09_02,2022-02-23_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 lowpriorityscore=0 clxscore=1011 spamscore=0 mlxscore=0 malwarescore=0 priorityscore=1501 phishscore=0 adultscore=0 suspectscore=0 impostorscore=0 mlxlogscore=999 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2204290000 definitions=main-2206090071
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/dzGL6pb6rYqON4q7FwQTPnq5Rpo>
Subject: Re: [dmarc-ietf] Next draft concerns
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jun 2022 19:18:38 -0000

Thank you for the history fill-in, John. That does at least explain why we’re here and not somewhere else.

I will respectfully disagree that the “psd” tree walk standard is well-defined based on the remainder of my response – that the use of the “psd” TLA for the tag is unfortunate/misleading and that more specificity is desirable. But having the alternatives eliminated at least gets me to “it should be in this spec”.

On Thursday, June 9, 2022, John Levine wrote:



It appears that Les Barstow  <lbarstow@proofpoint.com<mailto:lbarstow@proofpoint.com>> said:

>-=-=-=-=-=-

>[Strong opinion follows]

>

>IMO [from April], determination of a DMARC authority boundary (registrar, PSD+1, private registry (+1), or internal subdomain

>boundary) should really be done outside of the DMARC standard altogether – a separate DNS lookup not dependent or centered

>around DMARC, and one flexible enough to respond with indications of various levels of authority. It is useful for

>decentralizing other queries beyond just DMARC (e.g. determining an appropriate WHOIS TLD for lookup). Unfortunately, here we

>are at draft 8 of the new DMARC standard and we have nothing to use as a sidecar mechanism.



The DBOUND working group already tried and failed to come up with a

general way to publish DNS boundaries, so we're not going back there.



>Is there a driving need to have this in the standard NOW?



Yes, of course. The point of writing a standard is to tell people what

to do to interoperate. The current underspecified fudge which winks at

the PSL has well known issues since, among other things, the people

who run the PSL have made it quite clear that it's not designed to

make DMARC work. It contains plenty of entries which make sense for

web cookies but not for DMARC.



The tree walk is well specified and doesn't depend on third parties

who aren't interested in what we want or need.



R's,

John

v2.23.0 | Report a Bug | By Email