IETF Logo Mail Archive

[dmarc-ietf] Version bump: was DMARC2 & SPF Dependency Removal

Scott Kitterman <sklist@kitterman.com> Sat, 10 June 2023 19:03 UTC

Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02E98C17B321 for <dmarc@ietfa.amsl.com>; Sat, 10 Jun 2023 12:03:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.097
X-Spam-Level:
X-Spam-Status: No, score=-7.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b="tVnRHBh1"; dkim=pass (2048-bit key) header.d=kitterman.com header.b="GzcIZZ4h"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5fD2Gn5rolU3 for <dmarc@ietfa.amsl.com>; Sat, 10 Jun 2023 12:03:32 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 449EEC1782D5 for <dmarc@ietf.org>; Sat, 10 Jun 2023 12:03:31 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) by interserver.kitterman.com (Postfix) with ESMTPS id CA7E0F80249; Sat, 10 Jun 2023 15:03:20 -0400 (EDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903e; t=1686423785; h=date : from : to : subject : in-reply-to : references : message-id : mime-version : content-type : content-transfer-encoding : from; bh=DNYaUunins81GcAGjPiY+mKk1KH9/4S4Wue42s57EvA=; b=tVnRHBh1/DUis10Zneo5XKUdoon8Boi6N3Y8KOfEfQcC5gU/m/rHFCQtAMXbq/XfGvf48 aHhhdD+kyepOPeUAw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903r; t=1686423785; h=date : from : to : subject : in-reply-to : references : message-id : mime-version : content-type : content-transfer-encoding : from; bh=DNYaUunins81GcAGjPiY+mKk1KH9/4S4Wue42s57EvA=; b=GzcIZZ4h+OunBwYV42szb8Uka1pQvVKKaeoNbCLiajgGnxptDibXDLzcFtL9Q1yBD4+5R BzdN/1+iWMlwxmmiVWDD6iyZy8RYoM27tYwJwwJwfz8Ai422O3h8yeVKDrr3Did9YVwYMny B6pc9tWJe9+mrqFI9ocNxIVrdlqVWHDyW65neEkpaVIsztcXrhHwuLlYXdFD2RpyMfCxoy7 bRuyr2KLXZx3QQrZvWgHdG5bqv+YeQKD5jh1vxRx22AArD2rTITSHckr45+MaVA+FGCRKWK w2KpTw3VF912N/koa9pIvz2x7lNMBdp1AbL7JcDxpTZ/SWKeaJdLvfSZHDGQ==
Received: from [127.0.0.1] (mobile-166-171-58-12.mycingular.net [166.171.58.12]) by interserver.kitterman.com (Postfix) with ESMTPSA id B1614F801FF; Sat, 10 Jun 2023 15:03:05 -0400 (EDT)
Date: Sat, 10 Jun 2023 19:03:00 +0000
From: Scott Kitterman <sklist@kitterman.com>
To: dmarc@ietf.org
In-Reply-To: <30BB83B2-B454-41B8-992B-8E2569802D9C@1und1.de>
References: <30BB83B2-B454-41B8-992B-8E2569802D9C@1und1.de>
Message-ID: <502ADE6F-E01E-4DF0-BF79-6A5E810A3F96@kitterman.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/i_5lITcBNjGQUJuD2t389tXhUSc>
Subject: [dmarc-ietf] Version bump: was DMARC2 & SPF Dependency Removal
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Jun 2023 19:03:38 -0000


On June 8, 2023 12:58:51 PM UTC, Tobias Herkula <tobias.herkula=401und1.de@dmarc.ietf.org> wrote:
... 
>
>However, such a fundamental shift in the protocol's architecture warrants a clear signifier. I suggest we upgrade our DMARC version string from the current state to 'DMARC2.' This upgrade would not only denote the change of SPF removal, but also the switch from the Public Suffix List (PSL) to the Tree-Walk algorithm.
>
>By moving towards DMARC2, we not only update our standard to better reflect our present requirements, but we also make a clear commitment to the ongoing evolution and improvement of the protocol.


There's been a fair amount of discussion of the drop SPF part of this proposal, but I think less about the question of version bumps.  I'm going back to the top of the thread to focus on that.

I don't think there's much precedent for version bumps being successful in any reasonable time frame.  How long did it take to transition from SMTP to ESMTP?  Is it done yet?  Absent IPv4 address exhaustion, how many more decades would it have taken for IPv6 deployment to take off?  SSL/TLS is the best example I can think of, but even that, where there are very strong security and privacy incentives, has been too slow and very painful.  We have nothing like that level incentive for people to support an incompatible break between non-IETF DMARC and IETF DMARC.

Technically, it's a new protocol.  There's no technical difference between saying records now have to start with v=DMARC2 and they have to start with v=NOTDMARC.  It's a decision to abandon all existing deployments and start over.

What's the incentive that any existing DMARC users (senders or receivers) would have to invest additional resources in another email authentication protocol?  My expectation is that if the IETF decides to bump the version, very little deployment of the IETF variant.  "The IETF says this one is better" doesn't move budgets in any meaningful way.

My suggestion is that if we determine that a change requires a version bump, out response should be to not make that change instead.

For clarity, I don't think the tree walk should drive a version bump (and we already went over that, let's resist the temptation to do it again), but if it did, then I would rather stay with the PSL.

Please, no version bumps.

Scott K

v2.23.0 | Report a Bug | By Email