Re: [dmarc-ietf] Do is need a new ptype? Was Re: New authentication method, DNSWL
Alessandro Vesely <vesely@tana.it> Fri, 02 August 2019 10:00 UTC
Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B202C12007A for <dmarc@ietfa.amsl.com>; Fri, 2 Aug 2019 03:00:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1152-bit key) header.d=tana.it
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VEfldhp4boAS for <dmarc@ietfa.amsl.com>; Fri, 2 Aug 2019 03:00:01 -0700 (PDT)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 080EC12004E for <dmarc@ietf.org>; Fri, 2 Aug 2019 03:00:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1564739999; bh=Znue5edqXI04H0iw+BGskbgegG8lwxsQYMhtYTKYqmw=; l=1143; h=To:References:From:Date:In-Reply-To; b=AVE3aBUkv4yKEjQGEB2PM9cxc+7jd9Uvj28QtCb5QB7lBAFLB3YeTDg0r9K8YMqyR K8dXr+frdfL69WNWAEK6OVL6bcxTvWG8tMlPFQVXN3E4AjpPKQio4vcmGZ6wmbgYzx DKFKdX5BnVql4Bmx3BcgghzzU5PcyIasPcy03F3TG0OMI05PZjPoO+1NjPVDI
Authentication-Results: tana.it; auth=pass (details omitted)
Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k) by wmail.tana.it with ESMTPA id 00000000005DC02F.000000005D44099E.000030A7; Fri, 02 Aug 2019 11:59:58 +0200
To: dmarc@ietf.org
References: <e580ada3-d9b5-0e5b-9ac3-eade41ac92d2@tana.it> <CAL0qLwa5yR5dVzkDSD48MDgpUa11+ri=KOwrNSqOxi8fB2i6PA@mail.gmail.com> <eabefc6b-7542-1a46-4272-b786433ed0b5@tana.it> <4783309.BXR8ZdE9c3@l5580> <CAL0qLwb5FAaYZ7AX_H=aeUFkv8cvY+xd1bQ5uCDp4tmrbx2CQg@mail.gmail.com> <7a21b80b-e6bb-d8b9-cf63-601a8d1e47e7@tana.it> <C1E711A8-F3A6-4A20-B71D-53FA773A61D9@kitterman.com>
From: Alessandro Vesely <vesely@tana.it>
Openpgp: id=0A5B4BB141A53F7F55FC8CBCB6ACF44490D17C00
Message-ID: <aca25d30-3b01-4eaf-6d0b-3bae6f3f796b@tana.it>
Date: Fri, 02 Aug 2019 11:59:58 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
MIME-Version: 1.0
In-Reply-To: <C1E711A8-F3A6-4A20-B71D-53FA773A61D9@kitterman.com>
Content-Type: text/plain; charset="us-ascii"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/f1xWZ0YuH-XeuXml2z7e6-3Nszo>
Subject: Re: [dmarc-ietf] Do is need a new ptype? Was Re: New authentication method, DNSWL
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Aug 2019 10:00:23 -0000
On Fri 02/Aug/2019 00:15:30 +0200 Scott Kitterman wrote: > Taking a step back, iprev uses the policy ptype. It's also based on local interpretation of DNS data. Why doesn't policy work for dnswl just like for iprev? Let me note that Section 3 of rfc8601, /The "iprev" Authentication Method/, does not contain the term "policy". My recollection is that reporting the client IP is immaterial, as for SPF. The term policy.iprev is certainly misleading, since the value is not related to a locally-defined policy, and is not a reversed ip. To stick with A-R semantics, it should have been named tcp.ip, remote.ip or some such. If a property warrants deprecation, it's policy.iprev. Now for dnswl. Knowing which zone was queried is substantial in order to interpret policy.ip, because there is no standard format. Yet, an implementation could just throw a DNS query to a given local IP, instead of a FQDN to the default DNS server. In that case, one would have, for example: dnswl=pass policy.ip=127.0.9.2 policy.zone=127.0.0.2 In that case one can hardly tell which is which. A meaningful ptype helps. Best Ale --
- [dmarc-ietf] New authentication method, DNSWL Alessandro Vesely
- Re: [dmarc-ietf] New authentication method, DNSWL Murray S. Kucherawy
- Re: [dmarc-ietf] New authentication method, DNSWL Alessandro Vesely
- Re: [dmarc-ietf] New authentication method, DNSWL Scott Kitterman
- Re: [dmarc-ietf] New authentication method, DNSWL Murray S. Kucherawy
- Re: [dmarc-ietf] New authentication method, DNSWL Murray S. Kucherawy
- Re: [dmarc-ietf] New authentication method, DNSWL Alessandro Vesely
- [dmarc-ietf] Do is need a new ptype? Was Re: New … Scott Kitterman
- Re: [dmarc-ietf] New authentication method, DNSWL Murray S. Kucherawy
- Re: [dmarc-ietf] Do is need a new ptype? Was Re: … Alessandro Vesely
- Re: [dmarc-ietf] New authentication method, DNSWL Alessandro Vesely
- Re: [dmarc-ietf] Do is need a new ptype? Was Re: … Kurt Andersen (b)
- Re: [dmarc-ietf] Do is need a new ptype? Was Re: … Murray S. Kucherawy
- Re: [dmarc-ietf] Do is need a new ptype? Was Re: … Alessandro Vesely
- Re: [dmarc-ietf] Do is need a new ptype? Was Re: … Alessandro Vesely
- Re: [dmarc-ietf] Do is need a new ptype? Was Re: … Jeremy Harris
- Re: [dmarc-ietf] Do we need a new ptype? Was Re: … Scott Kitterman
- Re: [dmarc-ietf] Do is need a new ptype? Was Re: … Murray S. Kucherawy
- Re: [dmarc-ietf] Do is need a new ptype? Was Re: … Murray S. Kucherawy
- Re: [dmarc-ietf] Do is need a new ptype? Was Re: … Alessandro Vesely
- Re: [dmarc-ietf] Do is need a new ptype? Was Re: … Stan Kalisch
- Re: [dmarc-ietf] Do is need a new ptype? Was Re: … Marc Bradshaw
- Re: [dmarc-ietf] Do is need a new ptype? Was Re: … Alessandro Vesely
- Re: [dmarc-ietf] Do is need a new ptype? Was Re: … Tim Wicinski
- Re: [dmarc-ietf] Do is need a new ptype? Was Re: … Alessandro Vesely
- Re: [dmarc-ietf] Do is need a new ptype? Was Re: … Murray S. Kucherawy
- Re: [dmarc-ietf] Do is need a new ptype? Was Re: … Murray S. Kucherawy
- Re: [dmarc-ietf] Do is need a new ptype? Was Re: … Alessandro Vesely
- Re: [dmarc-ietf] Do is need a new ptype? Was Re: … Jeremy Harris
- [dmarc-ietf] Call for rfc8601 erratum (smtp.remot… Alessandro Vesely
- Re: [dmarc-ietf] Call for rfc8601 erratum (smtp.r… Kurt Andersen (b)
- Re: [dmarc-ietf] Do is need a new ptype? Was Re: … John Levine
- Re: [dmarc-ietf] Do is need a new ptype? Was Re: … Scott Kitterman
- Re: [dmarc-ietf] Do is need a new ptype? Was Re: … Murray S. Kucherawy
- Re: [dmarc-ietf] Call for rfc8601 erratum (smtp.r… Murray S. Kucherawy
- Re: [dmarc-ietf] Do is need a new ptype? Was Re: … John R Levine
- Re: [dmarc-ietf] Do is need a new ptype? Was Re: … Scott Kitterman
- Re: [dmarc-ietf] Do is need a new ptype? Was Re: … Alessandro Vesely
- Re: [dmarc-ietf] Do is need a new ptype? Was Re: … Alessandro Vesely
- Re: [dmarc-ietf] Do is need a new ptype? Was Re: … Alessandro Vesely