IETF Logo Mail Archive

Re: [dmarc-ietf] Time to work on failure reporting

Alessandro Vesely <vesely@tana.it> Tue, 16 August 2022 10:12 UTC

Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02AE6C159525 for <dmarc@ietfa.amsl.com>; Tue, 16 Aug 2022 03:12:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_HTML_ATTACH=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=tana.it header.b=TgU9bYb2; dkim=pass (1152-bit key) header.d=tana.it header.b=BoRa5vAq
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HcmwlZrWswqt for <dmarc@ietfa.amsl.com>; Tue, 16 Aug 2022 03:12:33 -0700 (PDT)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9301FC159486 for <dmarc@ietf.org>; Tue, 16 Aug 2022 03:12:30 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=tana.it; s=epsilon; t=1660644743; bh=qIL/qV6XKBl4T6NYGjI4ve+7rrtqAys+CiiInX11EPA=; h=Date:Subject:To:References:From:In-Reply-To; b=TgU9bYb2N0lI8JvCAP8KpIDTbajL+DUAMtt/tLdc+wBvG0lWGdJs6mXnpiCJox9+E IcYp4GrubsAOaY1A35uBw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1660644743; bh=qIL/qV6XKBl4T6NYGjI4ve+7rrtqAys+CiiInX11EPA=; h=Date:To:References:From:In-Reply-To; b=BoRa5vAqvIbV8WoSri8814LgXPgsbKRKOBCkhv+Qb/GI+NDkQPfAyrZCxtk8YGXU3 EP8MI+I2zUIyfMfn648+kLn1szSGbv3nQVE6MjeiIutlWW213XsHdvUPE5Df4952Gd CE2jdOyQloSmnu2RyTmvzzB4BLqLzq0e0theG3TfoYu19EyXV50X1f9t0C1HD
Author: Alessandro Vesely <vesely@tana.it>
Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3, 128bits, ECDHE_RSA_AES_128_GCM_SHA256) by wmail.tana.it with ESMTPSA id 00000000005DC0BA.0000000062FB6D87.0000141C; Tue, 16 Aug 2022 12:12:23 +0200
Content-Type: multipart/mixed; boundary="------------EE0ORxJv5AWlEvk40BQ6lsLP"
Message-ID: <1594b33c-ae25-33fc-182a-0d90f0595a53@tana.it>
Date: Tue, 16 Aug 2022 12:12:23 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0
Content-Language: en-US
To: John R Levine <johnl@taugh.com>, IETF DMARC WG <dmarc@ietf.org>
References: <20220805163329.EFAC04727415@ary.qy> <8714ed32-c7ba-3fe4-6916-643a7bd3ce1d@tana.it> <77a3f7b9-14c4-e063-b27b-68379e34c513@taugh.com> <48d2888f-07dc-8400-c5b2-55e0c0cca73d@tana.it> <CAJ4XoYe5wkdHOJSZPSKwt7CHpgOa8qCc53oDBbQwFUZR4kbc7A@mail.gmail.com> <34bec3a2-68da-3b3f-7a80-131daa506192@taugh.com> <1eac3f93-95a4-f95a-4efb-73acb4ce6c6a@tana.it> <CAJ4XoYcROaAGZX2MXdTLa4LOQuiuE_2mD-2q2fEu4YfB=THNcg@mail.gmail.com> <CAL0qLwazQxBSWKdnp-=E5C-qbTFriL9X99J=iKBQHUhyPfV6Fg@mail.gmail.com> <ca534c5e-61f3-5359-693d-c91bce09384e@taugh.com> <CALaySJK8_mQswFpnyYXAXe0Eda1d4ie1BF=QVT=JygCYKAoNyA@mail.gmail.com> <92a5775e-baf3-7d29-f663-78720439f8d3@tana.it> <d1f2412b-0973-3b7b-6bbd-28ae1d14c001@taugh.com> <6f6158c8-df5b-6731-91ed-7fc5e073301c@tana.it> <918ae463-b07b-edeb-d188-35456d7b8cf2@taugh.com> <2a5b7981-b2e0-1dad-e364-c9abb477c908@tana.it> <f95cc23a-d2c9-192f-348d-d1a37208f3cf@taugh.com> <243c5780-49a1-2c9e-3171-e9fc07072cc2@tana.it> <86510c7b-1046-164a-8898-9db20500948a@taugh.com>
Authentication-Results: tana.it; auth=pass (details omitted)
From: Alessandro Vesely <vesely@tana.it>
In-Reply-To: <86510c7b-1046-164a-8898-9db20500948a@taugh.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/g3Yx2x-GBtFEHCtjSg8Jcqwvnwo>
Subject: Re: [dmarc-ietf] Time to work on failure reporting
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Aug 2022 10:12:40 -0000

Hi,
I re-read the I-D and applied some more substantive changes.

I added an Identity-Alignment: line to the example, and changed back the Auth-Failure: to "dmarc".

I added DKIM-Domain, DKIM-Identity, DKIM-Selector to the example, as required by the spec.  I'd drop that requirement.  In the example there are _two_ (failed) signatures by the aligned domain, but these fields have Multiple Appearances: No.  So it's not clear what should be included.  The spec says:

                      Note that a failure report generator MAY also
        independently produce an AFRF message for any or all of the
        underlying authentication methods.

It would make more sense to add multiple message/feedback-report entities in the same report.  Shall we update RFC 5965 in that sense?


I didn't add an SPF-DNS field, but tweaked the requirement instead.


Apart from the example, I commented out the suggestion to "only send a report to the first recipient of multi-recipient messages", as it seems to conflict with the requirement of making an attempt to deliver to each recipient, stated a couple of paragraphs above.

Instead, I added a line on debug messages.  Let's discuss it.

The I-D has no IANA Consideration section.  Identity-Alignment: is registered at IANA[*] referencing RFC 7489.  Since we're obsoleting it, I added a section to hijack that reference.

The "dmarc" parameter appears nowhere in that IANA page[*].  I added a section to create a new registry for the keywords allowed there.  Is that ok?


IANA Considerations:
https://github.com/ietf-wg-dmarc/draft-ietf-dmarc-failure-reporting/blob/main/draft-ietf-dmarc-failure-reporting-04.txt#L285

Example:
https://github.com/ietf-wg-dmarc/draft-ietf-dmarc-failure-reporting/blob/main/draft-ietf-dmarc-failure-reporting-04.txt#L663

This time I attach the diff.


On Sun 14/Aug/2022 16:58:02 +0200 John R Levine wrote:
>>> It does, it looks like someone did a quick cut and paste to make the 
>>> markdown.  But it's not that long, you're the editor, how about fixing the 
>>> md so it's useful for editing?
>>
>> It must have been me.  I recalled; I searched again for something to generate 
>> the md and again found only https://codebeautify.org/html-to-markdown.  That 
>> way the (bottom) part of the md looks similar to the txt, but it's not usable 
>> for editing.
>>
>> I'll fix it next time...
> 
> How about if you fix the markdown so it has the current contents of the draft, 
> and you add a Makefile that can turn the markdown into XML and the XML into 
> text and HTML one can look at.  You can use the markdown and makefile in the 
> dmarcbis repo as models.  Then push it to github and post an updated draft.


Hm... I'd start by posting the updated draft.  It'd probably take me some days to learn how to obtain the same XML file starting from a markdown one rather than editing it directly.  As the existing draft expires on the 21st, I'd revert the order of operations.


Best
Ale
-- 


[*] https://www.iana.org/assignments/marf-parameters/marf-parameters.xhtml

v2.23.0 | Report a Bug | By Email