IETF Logo Mail Archive

Re: [dmarc-ietf] Definitely no Delegated authentication for Gmail

Seth Blank <seth@sethblank.com> Mon, 24 April 2023 23:04 UTC

Return-Path: <seth@sethblank.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E098C14CE4C for <dmarc@ietfa.amsl.com>; Mon, 24 Apr 2023 16:04:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.894
X-Spam-Level:
X-Spam-Status: No, score=-1.894 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sethblank-com.20221208.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rT6PfY2-gyLY for <dmarc@ietfa.amsl.com>; Mon, 24 Apr 2023 16:04:08 -0700 (PDT)
Received: from mail-oo1-xc2f.google.com (mail-oo1-xc2f.google.com [IPv6:2607:f8b0:4864:20::c2f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B3611C151987 for <dmarc@ietf.org>; Mon, 24 Apr 2023 16:04:08 -0700 (PDT)
Received: by mail-oo1-xc2f.google.com with SMTP id 006d021491bc7-549d872dec8so583690eaf.2 for <dmarc@ietf.org>; Mon, 24 Apr 2023 16:04:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sethblank-com.20221208.gappssmtp.com; s=20221208; t=1682377446; x=1684969446; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=yR15liCWGJNq30uWh8xXUog7s2rXh41a58AdSoJvtf8=; b=yMjeNfmk4iuvYE2pFVauKg72ZjhkCrcrn4cdY13aEaywu+P8eAMKeIHJQQ5xlqSydT Z2mWonnzxcVBStIXpR0P4Fv0tKBw3FTKusk8mNjUsN//X9XQNzSk/LlijgbKfZHXBsDI HzXuti3MjuRrN85Le1SqIhfXT04YDbdJ1Yb3iKU5x+U40mV8m6mxX+DPczhZ1F+QSd5p rR3teyEsurF+X9z7VpJxc2ZcPn64/S3rv1J7TLQgP9vGsufAo2uR5S/HVcb88bY+r3wf 5dz4Tux1JOhPkm1iz4/5LfDkGplzk0ofJtLsDn7w8dAsI987wi+r21CI+225lxmLiDGU V0Og==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1682377446; x=1684969446; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=yR15liCWGJNq30uWh8xXUog7s2rXh41a58AdSoJvtf8=; b=bnb/HNnSDx9sFzli3JgAgF5zQCjZq9JD1x1m8tojFFUKtJ0zhbT8t8WEQ7zR2MNcsi 2RDBgkwPTUaLnoHZnnA20rpwSdIv4jUhzmRN95TQI5A9jdkBGaXFgS577/pcrWeWLCzh qlxbZORSPr7efeDzXjVDY0vjHScUvDwUDy4yO7g+aePwjtpn66v4y6eFFRFWPO5juXa+ oH0DwbKT3VjDKCKwgA8+1qSVSHXVe2M/LGeuCjxGFmksonbea9msLLK0Jkz8gOVz0UXr nSZtM0Mn+ZBjNJ33NcBuGYHJd1XZDHqCcdLB8jfQZrn7XBcKWM7PxezCdq0yFuZllhEW pNDQ==
X-Gm-Message-State: AAQBX9cXYiHdAbzBl0HkfU0isi9GXk5AOGewVhjnHhjLCDm5eoFzsc6T PzLrGO7aH8e1LG3v6SmRx+VKe4ys+nzp6WYTUwtP+Q==
X-Google-Smtp-Source: AKy350YjM3WedrH/PetATItBNlHFUBXiTU56K4JQ5Gr7+KnD9++1ZPzDxPyd3lp9GhQ3Hs9Q81VQmnOh37oVXhe/P38=
X-Received: by 2002:a05:6820:553:b0:545:2420:2a77 with SMTP id n19-20020a056820055300b0054524202a77mr5904905ooj.6.1682377445590; Mon, 24 Apr 2023 16:04:05 -0700 (PDT)
MIME-Version: 1.0
References: <20230422212208.38049C251264@ary.qy> <20230422220115.A5425C253CA8@ary.qy> <CAH48ZfziyWdHJamj3tXSq-P3e+xxjPbO-Nk080hxWx=YrpAHDQ@mail.gmail.com> <CALaySJ+D-3hg3Hdu_h0eZDy7UpwFbbdxWJBHn2BNEB7JNz+0Bg@mail.gmail.com> <6446FC6F.7050101@isdg.net>
In-Reply-To: <6446FC6F.7050101@isdg.net>
From: Seth Blank <seth@sethblank.com>
Date: Mon, 24 Apr 2023 16:03:49 -0700
Message-ID: <CAD2i3WOPFB937Ny5huDF6oSExswu65R+Uj2VoXFPOCjUBPjEZg@mail.gmail.com>
To: hsantos@isdg.net
Cc: Barry Leiba <barryleiba@computer.org>, IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000005e43a05fa1d060a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/iMb_kOYFoGyny59tblaNz6GkzQE>
Subject: Re: [dmarc-ietf] Definitely no Delegated authentication for Gmail
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Apr 2023 23:04:13 -0000

Hector, Barry was explicitly clear to John:

> (1) John, please don’t send messages like that, even off list.  You can
clearly see why that’s good advice.

And to the list as a whole:

> (2) Everyone other than John, please just accept John’s word — I do —
that sending it to the list was accidental, and that he did not mean to
publicly disparage or embarrass anyone.  What happened is regrettable.
Let’s be bigger than the error and get past it.  Thanks.

And then:

> (1) Please stop this and related threads, and please avoid discussions
that are not in direct resolution of open issues.

You just crossed all three of these lines.

Stand down now. Follow Barry's guidance. Or as Barry said at the end of his
message, we will discuss what moderation is needed to keep the list civil
and on topic.

Seth

On Mon, Apr 24, 2023 at 3:02 PM Hector Santos <hsantos=
40isdg.net@dmarc.ietf.org> wrote:

> Barry,   Please excuse any expressed anger.
>
> This is not the first time.  The "Accidental Offline Post In Public On
> Purpose" was intentional posted because he has done it before and it
> will serves him no purpose to write his defamation of my character in
> private.   He got his defaming points out in publics.  He has used the
> tactic of creating chaos to get discussions killed and people shamed
> as lacking credentials.   He has done this many times and not just
> with me.
>
> As an Internet Hosting implementator, I have been long participated in
> IETF related work and I have been acknowledged by many of the IETF
> work.  I have supported most of the proposals if not all the main ones
> for SMTP.
>
> Levine and I got off the wrong foot when he started the IRTF "LMAP
> Group" that just started SPF.    I presented my 2003-2005 two years
> work with CBV call back verification and he kicked me out of the
> group.  He called my customers stupid, rejects all my email and its
> been sour ever since, only this time, I am seriously contemplating a
> defamation lawsuit.
>
> Since he "hijacked" and I will say it strongly, SSP, with a crippled
> ADSP with the main purpose to remove all 3rd party talk, we, the DKIM
> and DMARC WG has been in this non-resolution bind for the last 17
> years leaving loopholes in the DKIM policy model called DMARC.  We
> need to admit this truth because this interference to prevent TPA
> concepts has stopped completing this project.  He should of never been
> giving editorship or gatekeeper of ADSP and now DMARCbis because
> nothing will get accomplished towards DKIM Policy issues and DMARC
> risk calling the same hole ADSP did.
>
> Unfortunately, he is repeating it again with DMARCbis.  He sees
> interest in author/signer protocols and he immediately jumps in to
> kill it, like he has done in the past, by defaming people, telling
> people not to respond, telling people we are trolls and that we scare
> people away.
>
> What should I do now?  He did this for nearly 20 years and I don't
> like it.
>
> I am not going to go away again like I did in 2012 when all the stress
> was not good for my health and I was forced to take a long 6-8 years
> health sabbatical. I stayed away from here as much as I could,
> watching a promising system get pushed aside for business conflicts --
> Reputation services.  Remember Levine's Domain Assurance Council using
> VBR?
>
>      https://en.wikipedia.org/wiki/Domain_Assurance_Council
>
> I am not making this up. This was the start of all the resistance to
> DKIM Policy. He took over ADSP but didn't support it.
>
> I don't explain why. Maybe he felt DKIM POLICY would had controlled
> the market of resigners and this is why he had Section 5.3, Item 10
> added to the functional  specs - don't try to INPURGN on 3rd party
> services -- local policy. Hard to argue. It was hitting a promising
> framework in the knees with a hammer!!
>
> Barry, lets just get this finished, a document that endorses DKIM
> POLICY add-on methods. With the support of the IETF without the long
> time interference will go a long way to completing this.  The industry
> has been damaged with Levine's rewrite hack/taboo.  Who does that and
> is also the editor of DMARCbis?  Is it for it or against it?  It seems
> illogical. Conflict of Interest. Please lets try to fix it.
>
> Can there ever be proposed text to suggest a smooth transition to
> DMARCbis endorsing 3rd party authorization exploration and solutions?
>
> Maybe when it is endorsed we can get the enterprises to at least do
> verification, even if they can use it themselves for outbound mail.
>
>
> --
> HLS
>
> On 4/24/2023 4:49 PM, Barry Leiba wrote:
> > Ok, everyone, let’s take a rest here.
> >
> > First: John’s message was not nice.  We can all agree on that.  So…
> >
> > (1) John, please don’t send messages like that, even off list.  You
> > can clearly see why that’s good advice.
> >
> > (2) Everyone other than John, please just accept John’s word — I do
> > — that sending it to the list was accidental, and that he did not
> > mean to publicly disparage or embarrass anyone.  What happened is
> > regrettable.  Let’s be bigger than the error and get past it.  Thanks.
> >
> > Second: this whole thread is well beyond the scope of what the
> > working group is chartered to do.  I’ve let these sorts of
> > discussions go because I hoped they might lead us in a useful
> > direction.  It’s become very clear that they will not, and that they
> > are just distractions that prevent us from resolving the issues at
> > hand and finishing the chartered work.
> >
> > So…
> >
> > (1) Please stop this and related threads, and please avoid
> > discussions that are not in direct resolution of open issues.
> >
> > (2) Be aware that the chairs will be getting aggressive about
> > shutting down out-of-scope discussions quickly.  I will put the
> > mailing list on moderation if necessary, which would mean that every
> > post would need approval before it’s posted to the list.  I’d rather
> > not spend my time that way; please don’t make it necessary.
> >
> > Barry, as chair
> >
> >
> >
> > _______________________________________________
> > dmarc mailing list
> > dmarc@ietf.org
> > https://www.ietf.org/mailman/listinfo/dmarc
>
>
> --
> Hector Santos,
> https://santronics.com
> https://winserver.com
>
>
>
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>

v2.23.0 | Report a Bug | By Email