IETF Logo Mail Archive

Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5.1.2 - cv=fail should sign greedily

Brandon Long <blong@google.com> Tue, 07 August 2018 00:46 UTC

Return-Path: <blong@google.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3111130E74 for <dmarc@ietfa.amsl.com>; Mon, 6 Aug 2018 17:46:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.509
X-Spam-Level:
X-Spam-Status: No, score=-17.509 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hgzTsJd8Ue8t for <dmarc@ietfa.amsl.com>; Mon, 6 Aug 2018 17:46:26 -0700 (PDT)
Received: from mail-yw1-xc31.google.com (mail-yw1-xc31.google.com [IPv6:2607:f8b0:4864:20::c31]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D69D130E04 for <dmarc@ietf.org>; Mon, 6 Aug 2018 17:46:26 -0700 (PDT)
Received: by mail-yw1-xc31.google.com with SMTP id v197-v6so4319356ywg.3 for <dmarc@ietf.org>; Mon, 06 Aug 2018 17:46:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=rA0xjXcRCyI/HUqEDnV9fbnYoToyWJyOAg2wtA/kbS0=; b=c+u4EpB8BIO6C2trFsfvblljFxay4VlDh+yyAXxu/ZqG9bjVsVcn4tVIMEQNpCH4gW jg1LdXqYn9iJE7jr0DQb2OVDaQ34JwJX/CyhyPZWirMzW/tXcGvTeBZP4+pP6eJMZpY6 P7bUGVv9Ui9HBN6uR0hWuvtRDcQrx7KrW4YZm2XUgkkikxT9Dg99o5vI9cC0+1txW7ry oGC0nuxqkem6XTuL998SCipLjJEKRiHGrkX18u7eSAf5iGMfKuK1jvrIa+6RbgwxQlTe PtwXl9cDnhtAk2GjbhGkep5BxRMyADgzWcn1PTE9+0xHvS4N6z53UXYBiNM2M68aBKFQ P9dg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=rA0xjXcRCyI/HUqEDnV9fbnYoToyWJyOAg2wtA/kbS0=; b=Lro89u45XzgGY8xz6iuuuUJKoHVLG0xUcjkc6KHy7IaUvhanFGsnBoc41nI3KTbrBK wHhIvipL64AdDNKpxenSneYyUV7FIeMXL071zwYmDt3xTdGD5cFEds2wY6CAh3FenO32 9sNyRkqiEsA2gq2h4uLscBIoeGBPY7CnpVhztkYDLTD6NpKPy0SqghCMjQqr9Xs/Cy+V CQV/vMaTHbnMBLhRpvs6mCyx7XnTQ2rfMkOI7+/8c0tv1rVECn5fwudjA3m+LvnmeNvE BRzbEd1Zhn66/V5mnQ7hcz0LV6an90jiRCH223b8hYXFAAAldyhrqKBPOVu8bV20xcL2 sxRA==
X-Gm-Message-State: AOUpUlHfhjNwY4UmDa2Z15ywDy9BVFwVq5puE1q1aJU3oun1nttU+lf7 U/Nm8W79saekReaDvkWKw685AS39HVpwCopDxdJi
X-Google-Smtp-Source: AAOMgpcO/qpKkkvruWfseH/si2EVZAYbMNqifPXxHewRk4jVGHBGmeMdVNVauOl6YN/qTLasa5UnrEM+thmhI2+bzLk=
X-Received: by 2002:a0d:d105:: with SMTP id t5-v6mr9066560ywd.449.1533602785293; Mon, 06 Aug 2018 17:46:25 -0700 (PDT)
MIME-Version: 1.0
References: <CAD2i3WNSe+of7U8fdTnmUeU3sthUbpEVgdYHT9J6BgLxoeOL3w@mail.gmail.com> <20180730221726.713CE200316625@ary.qy> <CAD2i3WMvCugRm4KZeLx3PFb6f_pKR3rs4mnH2FZO4_X7ZA7GHA@mail.gmail.com> <alpine.OSX.2.21.1807302025420.60501@ary.qy> <CABa8R6sWSu9Q+mozxzaVGab3PE2zxqVmt4L6FERSLC1oDTh1oA@mail.gmail.com> <alpine.OSX.2.21.1808031352460.29088@ary.qy> <CABa8R6u_09D9BNiq3fXDXjPVfFeZxHtRa0NyLamKyj033xO72A@mail.gmail.com> <CAD2i3WNJdQ95drzue17UdKEb_6qkN7DuB7WdMbORTSjWGgwJZA@mail.gmail.com>
In-Reply-To: <CAD2i3WNJdQ95drzue17UdKEb_6qkN7DuB7WdMbORTSjWGgwJZA@mail.gmail.com>
From: Brandon Long <blong@google.com>
Date: Mon, 06 Aug 2018 17:46:11 -0700
Message-ID: <CABa8R6sgtcAHGt10GQ85PvhYvEZfv1K1SqiFLe7ozWeZ5+Y30A@mail.gmail.com>
To: Seth Blank <seth@sethblank.com>
Cc: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000003f0d4f0572cdb917"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/gpo4AJeoGpbITIgI7aBErkGwvQ8>
Subject: Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5.1.2 - cv=fail should sign greedily
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Aug 2018 00:46:29 -0000

On Fri, Aug 3, 2018, 4:14 PM Seth Blank <seth@sethblank.com> wrote:

> On Fri, Aug 3, 2018 at 11:00 AM, Brandon Long <
> blong=40google.com@dmarc.ietf.org> wrote:
>
>> Currently, we don't do anything with failed chains short of keeping
>> stats.  Everything we've used the chain for so far has been from passing
>> chains.
>>
>
> Especially as an Experiment, I think it's important to sign even failing
> chains, especially for the reasons I've already enumerated. Otherwise, the
> above scenario - only data from passing chains is usable - is the only
> possible scenario. This seems myopic, especially when we don't yet know
> what the real world landscape will look like.
>

Do we actually have consensus on what to do, though?

The current proposal seems pretty bad, sign one or all depending on vague
things that might be different per impl.

>

v2.23.0 | Report a Bug | By Email