IETF Logo Mail Archive

Re: [dmarc-ietf] Next draft concerns

John Levine <johnl@taugh.com> Thu, 09 June 2022 19:11 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16DB2C14F741 for <dmarc@ietfa.amsl.com>; Thu, 9 Jun 2022 12:11:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.859
X-Spam-Level:
X-Spam-Status: No, score=-1.859 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=kInSZTKt; dkim=pass (2048-bit key) header.d=taugh.com header.b=TvrKa79M
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hVO4oX61T4D6 for <dmarc@ietfa.amsl.com>; Thu, 9 Jun 2022 12:10:55 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 38E7EC14F738 for <dmarc@ietf.org>; Thu, 9 Jun 2022 12:10:54 -0700 (PDT)
Received: (qmail 92576 invoked from network); 9 Jun 2022 19:10:52 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=1699d.62a245bc.k2206; bh=odtnevYMfLobxd9AMxirT0c9wi2yj7cJzPI3eSnduDQ=; b=kInSZTKtE1rP1LdCP8dO70T1A3vk6PHyBE+ziuil4krPIZCDethqVZ4natia9Frg3dBisf+bALyqh9IebPgmRiM/ylK4Vn9A5tlBLfR3wmD22fZar/f9YPn4DLQEqz6qkDJXNHZ1yuCOccUqP98LhYsQdTdLSWNQGJmpb0el6Y6qGtB8+4P/hni9DOja9agsYfCzSpNhiDevuNDmTFVr6lJwqHSOT88csGp/0fcTVi+k9XAzZ6NOA0v/2d1GUIMHBfoumqDy7uiVqSZSMuLUkS0TcYOj5MqcmCGb7qUN319XOgyBO7BSpCNqwDe31m2szzC1s8xeEmRAH1IQPTID/A==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=1699d.62a245bc.k2206; bh=odtnevYMfLobxd9AMxirT0c9wi2yj7cJzPI3eSnduDQ=; b=TvrKa79M7BqR7dVOnXP2CRIRSGMclGgBasX4EE50AHAMeIplq025QQVzH32zjWEIFs5/Jd8sr2APKpcsL7R4xuNGGonWWClIfsi67ST72Hexa7GpJxzu8wcWBQ/dLdDfRiKbyNJMPWaEWbVS/fODmoKW4y7f/M9YS1zhs6J+YET+d4m9Pvv6FD4RMHJwKARxJlMFI9FMSbyRj34xCsrdQl4jrMoB6V1xIKix5B6AeVBrd3PTXtzPeYJgmi1VVPcBgYqmgYloGVxNef8a3+zck3DOIj04961Q7OInu70Ph5tFtW8+B09Xz9CL9xYFYXCCxGx/iIo9OPWdAEu2ovTGOQ==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.3 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 09 Jun 2022 19:10:52 -0000
Received: by ary.qy (Postfix, from userid 501) id F2709434C018; Thu, 9 Jun 2022 15:10:51 -0400 (EDT)
Date: Thu, 09 Jun 2022 15:10:51 -0400
Message-Id: <20220609191051.F2709434C018@ary.qy>
From: John Levine <johnl@taugh.com>
To: dmarc@ietf.org
Cc: lbarstow@proofpoint.com
In-Reply-To: <BL1PR12MB5753CEB436047B152714100FBFA49@BL1PR12MB5753.namprd12.prod.outlook.com>
Organization: Taughannock Networks
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/go_Hi1TLzsPNvZedlTMCb6bc6Bw>
Subject: Re: [dmarc-ietf] Next draft concerns
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jun 2022 19:11:00 -0000

It appears that Les Barstow  <lbarstow@proofpoint.com> said:
>-=-=-=-=-=-
>[Strong opinion follows]
>
>IMO [from April], determination of a DMARC authority boundary (registrar, PSD+1, private registry (+1), or internal subdomain
>boundary) should really be done outside of the DMARC standard altogether – a separate DNS lookup not dependent or centered
>around DMARC, and one flexible enough to respond with indications of various levels of authority. It is useful for
>decentralizing other queries beyond just DMARC (e.g. determining an appropriate WHOIS TLD for lookup). Unfortunately, here we
>are at draft 8 of the new DMARC standard and we have nothing to use as a sidecar mechanism.

The DBOUND working group already tried and failed to come up with a
general way to publish DNS boundaries, so we're not going back there.

>Is there a driving need to have this in the standard NOW?

Yes, of course. The point of writing a standard is to tell people what
to do to interoperate. The current underspecified fudge which winks at
the PSL has well known issues since, among other things, the people
who run the PSL have made it quite clear that it's not designed to
make DMARC work. It contains plenty of entries which make sense for
web cookies but not for DMARC. 

The tree walk is well specified and doesn't depend on third parties
who aren't interested in what we want or need.

R's,
John

v2.23.0 | Report a Bug | By Email