Re: [dmarc-ietf] Concerns about Oldest-Pass (was: Last Call: <draft-ietf-dmarc-arc-protocol-18.txt>...)
Scott Kitterman <sklist@kitterman.com> Mon, 05 November 2018 04:13 UTC
Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA957130E8B for <dmarc@ietfa.amsl.com>; Sun, 4 Nov 2018 20:13:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b=Fu5uk/d0; dkim=pass (2048-bit key) header.d=kitterman.com header.b=MVz8k3GU
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8k0lfwpgbBQp for <dmarc@ietfa.amsl.com>; Sun, 4 Nov 2018 20:12:59 -0800 (PST)
Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [IPv6:2607:f0d0:3001:aa::2]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 285FD130E61 for <dmarc@ietf.org>; Sun, 4 Nov 2018 20:12:59 -0800 (PST)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201803e; t=1541391177; h=date : in-reply-to : references : mime-version : content-type : content-transfer-encoding : subject : to : cc : from : message-id : date : subject : from; bh=ol9McF9IhLfnJzvP6fUe0GjCpPPiKZoc8GgEp9FGYMc=; b=Fu5uk/d0O2+qW444a1IfYD3Er03qjAMmD2QpPVfP/3a9CGfuCEOEiWS0 HEsoVt/CWIASRVg+n+BTIt1yYWEbCg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201803r; t=1541391177; h=date : in-reply-to : references : mime-version : content-type : content-transfer-encoding : subject : to : cc : from : message-id : date : subject : from; bh=ol9McF9IhLfnJzvP6fUe0GjCpPPiKZoc8GgEp9FGYMc=; b=MVz8k3GUHdN2Rpm6oIlyWMn8ntx7JxICBi0EzmLgX2958uc9BEALhXw3 DJqcN6Hu5UTk5DrrpPsxCeN3vEo9RkHx//XaA3EUERQClxa9fLOIuaMhGT uZs6Bg1oIP0dfM1Q4JsWzGZLYqy3C8a5tiOEsz6HSy5AGIA6T2yOSHTq/D ag9nrNDIJDI0frXW8at8Tvx00ZHuUkKpmFA7fDSXj6iBHZ4RMvD1bocTId py3Q5g8bAOEQMVX4bYINwWnCMJX/49GoGxQAznDY57cj78IANnlszNS7D/ lyt7LwJ49VQTUAMcevNV/UGOwoZUI7WacXeUdaujAV/6WpuHKuFMCA==
Received: from [192.168.1.146] (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id B78FDC400D3; Sun, 4 Nov 2018 22:12:57 -0600 (CST)
Date: Mon, 05 Nov 2018 04:12:55 +0000
In-Reply-To: <CABuGu1oB1B1K-hgazUzMsM7Z1bS2XDs9ZC+MF3Lsv4PiSmh+0Q@mail.gmail.com>
References: <154030726741.31325.18068939197691810125.idtracker@ietfa.amsl.com> <5E1058DF-99CE-4D64-A204-B7710914CFBC@kitterman.com> <CABuGu1oB1B1K-hgazUzMsM7Z1bS2XDs9ZC+MF3Lsv4PiSmh+0Q@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
To: Kurt Andersen <kurta@drkurt.com>
CC: "dmarc@ietf.org" <dmarc@ietf.org>
From: Scott Kitterman <sklist@kitterman.com>
Message-ID: <A80F2CA9-7E97-49CB-87A6-C406C8002B6E@kitterman.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/fStvdnMgq7mOBtpEAh3Qy91CR6I>
Subject: Re: [dmarc-ietf] Concerns about Oldest-Pass (was: Last Call: <draft-ietf-dmarc-arc-protocol-18.txt>...)
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Nov 2018 04:13:06 -0000
On November 5, 2018 3:35:23 AM UTC, Kurt Andersen <kurta@drkurt.com> wrote: >Taking this back to the dmarc list instead of the IETF-wide one: > >On Wed, Oct 31, 2018 at 1:41 AM Scott Kitterman <scott@kitterman.com> >wrote: > >> . . . I understand the desire to just ship it at this point so more >> operational experience can be gained before another update. With one >> exception, I agree with that approach. >> >> In Section 5.2. Validator Actions, I think it's highly unlikely that >Step >> 5, AMS (ARC Message Structure) validation of AMS header fields beyond >the >> one immediately prior in the chain is useful. >> >> Failure doesn't change the ARC result, so there are no >interoperability >> implications for removing it from the draft. The only reason to >specify >> anything is the notion of 'oldest-pass'. This looks like a dubious >and >> premature optimization to me. >> >> I didn't and don't plan to implement it. >> >> Later, after there is more experience with ARC, if it's established >that >> validation of AMS beyond the immediately prior step in the chain has >> utility and there is sufficient efficiency associated with >'oldest-pass', >> it can be added then. 'Oldest-pass' seems like an easy way to get >around >> having downstream validators do AMS validation up the chain (by >always >> adding arc.oldest-pass=1 to all messages). >> >> ARC is complicated enough without this and it seems like any easy win >for >> simplicity in design to take this out for now (and we'll see about >the >> future). Deleting it also reduces the IANA considerations. >> > >I'm not by any means arguing with your analysis and plans to skip this >component, but I did want to point you, for informational purposes to >the >WG thread which was the genesis of this concept. It was originally >proposed >as "closest-fail" but then inverted to be "oldest-pass". You can find >the >thread from January 2018 at >https://mailarchive.ietf.org/arch/msg/dmarc/_sG6ECCBfT5OPQ0LkDThzcGPHGI >which references an older discussion circa August 2017. Thanks. I've reviewed it and my opinion is reinforced. It ought to be removed. Nothing other than the immediate prior AMS matters for evaluation of the ARC result. Everything about prior hops is purely for receiver edification, not needed for the protocol. Scott K
- [dmarc-ietf] Last Call: <draft-ietf-dmarc-arc-pro… The IESG
- [dmarc-ietf] Concerns about Oldest-Pass (was: Las… Kurt Andersen
- Re: [dmarc-ietf] Concerns about Oldest-Pass (was:… Scott Kitterman
- Re: [dmarc-ietf] Concerns about Oldest-Pass (was:… Murray S. Kucherawy
- Re: [dmarc-ietf] Concerns about Oldest-Pass (was:… Scott Kitterman
- Re: [dmarc-ietf] Concerns about Oldest-Pass (was:… Kurt Andersen (b)
- Re: [dmarc-ietf] Concerns about Oldest-Pass (was:… Murray S. Kucherawy
- Re: [dmarc-ietf] Concerns about Oldest-Pass (was:… Kurt Andersen (b)
- Re: [dmarc-ietf] Concerns about Oldest-Pass (was:… Bron Gondwana
- Re: [dmarc-ietf] Concerns about Oldest-Pass (was:… Kurt Andersen (b)