Re: [dmarc-ietf] Additional review of draft-ietf-dmarc-arc-protocol-16
Seth Blank <seth@sethblank.com> Sat, 04 August 2018 02:23 UTC
Return-Path: <seth@sethblank.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B09E130DE3 for <dmarc@ietfa.amsl.com>; Fri, 3 Aug 2018 19:23:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sethblank-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bRficrMzvp7l for <dmarc@ietfa.amsl.com>; Fri, 3 Aug 2018 19:23:26 -0700 (PDT)
Received: from mail-oi0-x22d.google.com (mail-oi0-x22d.google.com [IPv6:2607:f8b0:4003:c06::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3476B130DBE for <dmarc@ietf.org>; Fri, 3 Aug 2018 19:23:26 -0700 (PDT)
Received: by mail-oi0-x22d.google.com with SMTP id v8-v6so13141140oie.5 for <dmarc@ietf.org>; Fri, 03 Aug 2018 19:23:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sethblank-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=QmeIkQBPnBc/ezo8qvJLf/149pdmbqqiSxvudsmfrQo=; b=N01bXBsnQ9+pw0fgdNiBOXJXa/2CMd6XzI17w3MklEHXvB3OKS6zoHvZw7LS3Ypymz Q8dcD/JcQW+0zGFXdRgCQsGxhqET8gYA4NYqK3f/DT24VTEgPy20PQf4oY8/p5sPhEsP uIvsFZNzjqPvkL2o2Fl5UvETSrklU7bZnPFSOe1bYlGRQQ7ZXhINxzMi/1uyWu/fsbdK SCrQa+p3KBijzbq5CUtZOil2ReVb0WUYbUU+aG/llHdvhQ6nXu9U4YiTpeB0tdL48IWS p6opOEstkxSl9o7uGlLLJ7X87btsVhDBWd2/SncpNj/A0iMJ9kHBH67vFO5912K4axyZ fxCg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=QmeIkQBPnBc/ezo8qvJLf/149pdmbqqiSxvudsmfrQo=; b=IUHpFb/uJqt4c92uh681CbBro/ks2foubiXaN9ir7xwlssCy05iJRmOMn50T6I/ZqY 6CNjXfaDsEwikF/aW8T8hgm2CQYb0SQWBXP41JL/uWrJG5j0KqsSCk7RTdskrU4u0Jy2 SKWfytT3MPTdbHgBFjBLwun+4i7KFG0z2vfaewUysV/Avj2wPHqTZHfTT1lWaDWzE78y tbbWtn225pXA96uPKjH5VluAt8hAVFJX718dEObUZ8sadQPz0eARdDkZErgyhj4yU7dV 34r3bVmDariYxk+9co+ztPtrOjlqPM4/6cL61uWoKOgiK9IQd0oPq9lKkEdz+oiCEFHR RkUg==
X-Gm-Message-State: AOUpUlG5Ycu3X7A8qW7A9hzLHMhUnZkXPUGBTU/ie8svUirYcdJMLpXh yyhepKFmJwiHOkgr5KKW9vV8KJUKrGc/i/ExgeiolOQR
X-Google-Smtp-Source: AAOMgpdwNwylO9EPxYXL3UPAcIx9Rxhl6A9CRnbm87q1J6DTAlMcPPZZq0/2NFWD1Y+SgXS7PUkC0rnBbzjo3cLmxPg=
X-Received: by 2002:aca:cdc2:: with SMTP id d185-v6mr6054592oig.350.1533349405110; Fri, 03 Aug 2018 19:23:25 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a9d:2646:0:0:0:0:0 with HTTP; Fri, 3 Aug 2018 19:23:04 -0700 (PDT)
In-Reply-To: <d88a7e3f-7c04-5270-653b-ae5882153828@gmail.com>
References: <d88a7e3f-7c04-5270-653b-ae5882153828@gmail.com>
From: Seth Blank <seth@sethblank.com>
Date: Fri, 03 Aug 2018 19:23:04 -0700
Message-ID: <CAD2i3WPjc+--qDOvOJq0No7hRjjnhtfKcnSqdkRt+nfdFgJvLw@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000009bc986057292ba85"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/hsZVdetUrZPwdUPv-0Vog1Kmtis>
Subject: Re: [dmarc-ietf] Additional review of draft-ietf-dmarc-arc-protocol-16
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Aug 2018 02:23:29 -0000
As stated previously, I've made all stated changes, with the exception of the below, for further discussion: On Thu, Aug 2, 2018 at 6:43 AM, Dave Crocker <dcrocker@gmail.com> wrote: > 4. Protocol Elements >> > > > I keep thinking that it would help to have some summary text, possibly > with a figure, that shows the role of individual header fields and sets of > them. > > My first inclination is to suggest putting it here, but perhaps it would > actually be better to have it at the /end/ of this section, after each > component has been defined. > > (I'd offer some candidate text/figure, but I am not sure I have a solid > enough sense of the details.) > This is a good suggestion, but form is unclear. Any guidance from the working group would be appreciated. > To preserve the ability to verify the integrity of a message, the >> > signature of the AMS header field SHOULD include any DKIM-Signature >> header fields already present in the message. >> > > Arguably, including it/them does NOT alter integrity validation. i suspect > /ever/. At the least, be explicit about /what/ integrity is being maintain. > > That is, the dkim signature provides a specific kind of integrity. If it > validates, that integrity is proved. If it doesn't, it isn't. covering it > by ARC doesn't affect either outcome. > This feels more like guidance than a requirement for interoperability. Should it be moved into ARC-USAGE, or further clarified the way suggested? > _INFORMATIONAL:_ The upper limit of 50 was picked based on some > > initial observations reported by early working group members with a >> safety margin multiple added on top to support the vast majority of >> all intermediary mail flows. >> > > Rather than citing a wg process, document the technical, administrative > and/or operation concerns, benefits, etc. that justify the choice. > I think this is OK for an Experimental draft, especially with the callout in 11.3.2. For standards track clarification will be essential. > Valid ARC Sets MUST have exactly one instance of each ARC Header >> field (AAR, AMS, and AS) for a given instance value and signing >> algorithm. >> >> _INFORMATIONAL:_ Initial development of ARC is only being done with a >> single allowed signing algorithm, but parallel work in the DCRUP >> working group is expanding that. For handling multiple signing >> algorithms, see [ARC-MULTI]. >> > > As a rule, RFCs should not refer to parallel activities, since the > reference is soon to become stale and wrong. > > If additional signing algorithms are anticipated -- and of course they > should be -- then define a means for extending what is permitted, noting > that the initial algorithm is provided to ensure basic, initial > interoperability. > Understood. Earlier consensus was that this is fine for the experiment (as algorithm rotation is irrelevant if the experiment fails), and that requirements for rotation would be part of a final standards track document. Should these INFORMATIONAL items just be ripped out in the meantime?
- [dmarc-ietf] Additional review of draft-ietf-dmar… Dave Crocker
- Re: [dmarc-ietf] Additional review of draft-ietf-… Seth Blank
- Re: [dmarc-ietf] Additional review of draft-ietf-… Brandon Long
- Re: [dmarc-ietf] Additional review of draft-ietf-… Dave Crocker
- Re: [dmarc-ietf] Additional review of draft-ietf-… Seth Blank
- Re: [dmarc-ietf] Additional review of draft-ietf-… Seth Blank