Re: [dmarc-ietf] New Version Notification for draft-kucherawy-dmarc-dmarcbis-01.txt

Alessandro Vesely <vesely@tana.it> Tue, 07 April 2020 10:43 UTC

Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38A983A1AEC for <dmarc@ietfa.amsl.com>; Tue, 7 Apr 2020 03:43:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.12
X-Spam-Level:
X-Spam-Status: No, score=-2.12 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1152-bit key) header.d=tana.it
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id syx7iWFQv0nU for <dmarc@ietfa.amsl.com>; Tue, 7 Apr 2020 03:43:54 -0700 (PDT)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 958D83A1AEE for <dmarc@ietf.org>; Tue, 7 Apr 2020 03:43:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1586256232; bh=qPcDQmo/BR61WyMwNRvczoGQJty1sG0QTZf8p8M48ck=; l=2284; h=To:References:From:Date:In-Reply-To; b=C0YRyT5iiaeEiZQG0OcE0/IYtedjctiWy9IJ8o98YbTYwcC7xgcylNKNjgUrBIM4l Y6mvRh26YJr7GDf+zN1yOL5PkeqOokUQTZDk7o5oLWS4Xw6fZAiXDIsQ6Die9ovEaG Nz/+Ydfn1UKjRJOmY/+xqk4MHI3UQhHRG87jN3wR8AM5XVI/3Pc0SG9tWTulr
Authentication-Results: tana.it; auth=pass (details omitted)
Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.2, 128bits, ECDHE_RSA_AES_128_GCM_SHA256) by wmail.tana.it with ESMTPSA id 00000000005DC056.000000005E8C5968.000046E3; Tue, 07 Apr 2020 12:43:52 +0200
To: dmarc@ietf.org
References: <158619357716.2395.9626087376923274203@ietfa.amsl.com> <CADyWQ+HKt5opYUaKjGCCFrB2+4BAXrHOC+x+BS2WZVZp20v6Vg@mail.gmail.com>
From: Alessandro Vesely <vesely@tana.it>
Message-ID: <3b7a0c04-5d6e-7483-c5b3-ff0faa2cd632@tana.it>
Date: Tue, 7 Apr 2020 12:43:52 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0
MIME-Version: 1.0
In-Reply-To: <CADyWQ+HKt5opYUaKjGCCFrB2+4BAXrHOC+x+BS2WZVZp20v6Vg@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/gEoLu8lk1O4FTuOQ2chcagd5dAE>
Subject: Re: [dmarc-ietf] New Version Notification for draft-kucherawy-dmarc-dmarcbis-01.txt
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Apr 2020 10:43:56 -0000

On Mon 06/Apr/2020 19:21:56 +0200 Tim Wicinski wrote:
> Updates to draft-kucherawy-dmarc-dmarcbis
> [...]
> On Mon, Apr 6, 2020 at 1:19 PM <internet-drafts@ietf.org> wrote:
> [...]
>> Htmlized: https://tools.ietf.org/html/draft-kucherawy-dmarc-dmarcbis-01


I took a look at the new doc's diffs, and found a few nits:


*RFC3986 instead of RFC7208*

In some places this was wrongly replaced.  I found:

- In relaxed mode, the [RFC3986]-authenticated domain
- [RFC3986], which can authenticate both the domain
- when a message fails both [RFC3986] and [RFC6376]


*RFC3986 instead of URI*

The following snippet is quite unreadable:

   When a Mail Receiver discovers a DMARC policy in the DNS, and the
   Organizational Domain at which that record was discovered is not
   identical to the Organizational Domain of the host part of the
   authority component of a [RFC3986] specified in the "rua" or "ruf"
   tag, the following verification steps are to be taken:

Would "The component of a URI ([RFC3986]) specified in..." be better?


*Semicolon in the version tag*

DMARC records follow the extensible "tag-value" syntax for DNS-based key
records defined in DKIM, which says:

   Note that WSP is allowed anywhere around tags.  In particular, any
   WSP after the "=" and any WSP before the terminating ";" is not part
   of the value; however, WSP inside the value is significant.
                       https://tools.ietf.org/html/rfc6376#section-3.2

This seems to imply that "v = DMARC1 ;" (with spaces) is valid.  In addition, a
tag is specified as:

   tag-spec  =  [FWS] tag-name [FWS] "=" [FWS] tag-value [FWS]

That is, without a trailing semicolon.  So it sound confusing to insist on the
semicolon, as in «a tag of "v=DMARC1;"», «containing at least "v=DMARC1;"», and

   *  The version of DMARC being used is "DMARC1" ("v=DMARC1;")


*Repeated URIs*

Sometimes URIs are redundantly repeated in parentheses.  I found:

   common one is maintained by the Mozilla Foundation and made public at
   http://publicsuffix.org (http://publicsuffix.org).

      From: "user@example.org via Bug Tracker" support@example.com
      (mailto:support@example.com)

and

   an informal industry consortium: DMARC.org (see http://dmarc.org
   (http://dmarc.org)).


jm2c
Ale
--