Re: [dmarc-ietf] Ticket #113 - DMARCbis -01 Introduction Section

Alessandro Vesely <vesely@tana.it> Thu, 06 May 2021 09:47 UTC

Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D4023A1A86 for <dmarc@ietfa.amsl.com>; Thu, 6 May 2021 02:47:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.121
X-Spam-Level:
X-Spam-Status: No, score=-2.121 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1152-bit key) header.d=tana.it
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mtESSW6FuiSY for <dmarc@ietfa.amsl.com>; Thu, 6 May 2021 02:47:24 -0700 (PDT)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E1D9D3A1A84 for <dmarc@ietf.org>; Thu, 6 May 2021 02:47:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1620294435; bh=Vtnvj/8tCSVNWR3CuTyV+OYJ42B475AFa0NAGyBking=; l=6669; h=To:References:From:Date:In-Reply-To; b=CawdPGAq51aSBTf5gwRiYruBSKZh5bInSISSVRGA/1gyefeB4JkjAz09tl9G8XPpy wVus2VtHUSMLau7mQkosYhPuUtG2hKUL3XliHXVw+TCFxKZ3JnBnXDAtX31IefBk78 4r/ee3E7PCjN1HND2CjaLAeczyQuia5X3ZBF7E09tGb6NK9IrPcKiyZy/AU8P
Authentication-Results: tana.it; auth=pass (details omitted)
Original-From: Alessandro Vesely <vesely@tana.it>
Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3, 128bits, ECDHE_RSA_AES_128_GCM_SHA256) by wmail.tana.it with ESMTPSA id 00000000005DC0C6.000000006093BB23.00003073; Thu, 06 May 2021 11:47:15 +0200
To: Todd Herr <todd.herr@valimail.com>, IETF DMARC WG <dmarc@ietf.org>
References: <CAHej_8mU58N60MLmc4qRrUPjfUojxxv8MFzkwSZRSk5uCE8o6A@mail.gmail.com>
From: Alessandro Vesely <vesely@tana.it>
Message-ID: <7bb7bb44-e9fc-d52a-6430-d54c5717ab34@tana.it>
Date: Thu, 6 May 2021 11:47:13 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.9.0
MIME-Version: 1.0
In-Reply-To: <CAHej_8mU58N60MLmc4qRrUPjfUojxxv8MFzkwSZRSk5uCE8o6A@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/jHTh-JWVP-vlfxYLnRVirFEzP9Y>
Subject: Re: [dmarc-ietf] Ticket #113 - DMARCbis -01 Introduction Section
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 May 2021 09:47:30 -0000

Todd,

does your message assume that the relevant tickets are all accepted as valid 
indications to alter the spec?  In particular, tickets #52 and #75 have never 
been discussed on list. I'd guess they'll have to be discussed in their own 
threads.

Discussing the resulting text before those tickets entails, for example, noting 
the cumbersomeness of the locution "severity of concern" where something like 
"desired disposition" might seem more immediate.  In fact, ticket #85 was only 
discussed as a side effect of ticket #39, where the consensus, IIRC, was to 
keep the existing policy names while wavering about how to describe them.

The term RFC5322.From is consistently used, notwithstanding ticket #96.  For an 
alternative, let me attempt to define DMARC in terms of its acronym:

    The Domain-based Message Authentication, Reporting, and Conformance (DMARC)
    protocol recognizes the prevailing importance of the domain appearing in the
    From: header field of email messages.  That domain name will be called the
    Main Identifier in this document.  DMARC leverages the Sender Policy
    Framework ([RFC7208]) and DomainKeys Identified Mail ([RFC6376]) protocols
    by focusing the authentication mechanisms they provide toward the Main
    Identifier.  The Domain Owners corresponding to the Main Identifier are
    endowed with the possibility to receive feedback reports about
    authentication results at receivers.  Finally, receivers are provided with
    the Domain Owners' desiderata about messages that fail authentication, which
    receivers may or may not decide to conform to.

jm2c
Ale
-- 



On Wed 05/May/2021 20:48:51 +0200 Todd Herr wrote:
> Greetings.
> 
> This thread will be used to track discussion of the proposed text for the 
> Introduction section of draft-ietf-dmarc-dmarcbis-01.
> 
> The proposed text was influenced not only by the original text from 
> draft-ietf-dmarc-dmarcbis-00, but also by tickets 52, 75, 80, 85, 96 and 108. 
> Rather than trying to track changes to the Introduction section through all six 
> of those tickets, a new one (Ticket 113 
> <https://trac.ietf.org/trac/dmarc/ticket/113>) has been opened.
> 
> The request from the design team/editors for this ticket is as follows:
> 
>     If you object to some or all of the proposed text, please communicate the
>     part(s) to which you object, and propose replacement text for those part(s).
> 
> We would like to achieve rough consensus on this section of text by Friday, May 21.
> 
> Current proposed text follows, and side-by-side diffs with version -00 can be 
> found here 
> <https://www.ietf.org/rfcdiff?url1=draft-ietf-dmarc-dmarcbis-00&url2=draft-ietf-dmarc-dmarcbis-01&difftype=--html> 
> 
> 
> ------------------------------------begin current proposed text 
> -----------------------------------
> 1. Introduction
> 
> The Sender Policy Framework ([RFC7208]) and DomainKeys Identified
> 
> Mail ([RFC6376]) protocols provide domain-level authentication which
> 
> is not directly associated with the RFC5322.From domain, and DMARC
> 
> builds on those protocols.Using DMARC, Domain Owners that originate
> 
> email can publish a DNS TXT record with their email authentication
> 
> policies, state their level of concern for mail that fails
> 
> authentication checks, and request reports about email use of the
> 
> domain name.Similarly, Public Suffix Operators (PSOs) may do the
> 
> same for PSO Controlled Domain Names and non-existent subdomains of
> 
> the PSO Controlled Domain Name.
> 
> As with SPF and DKIM, DMARC authentication checks result in verdicts
> 
> of "pass" or "fail".A DMARC pass verdict requires not only that SPF
> 
> or DKIM pass for the message in question, but also that the domain
> 
> validated by the SPF or DKIM check is aligned with the RFC5322.From
> 
> domain.In the DMARC protocol, two domains are said to be "in
> 
> alignment" if they have the same Organizational Domain.
> 
> A DMARC pass result indicates only that the RFC5322.From domain has
> 
> been authenticated in that message; there is no explicit or implied
> 
> value assertion attributed to a message that receives such a verdict.
> 
> A mail-receiving organization that performs a DMARC validation check
> 
> on inbound mail can choose to use the result and the published
> 
> severity of concern expressed by the Domain Owner or PSO for
> 
> authentication failures to inform its mail handling decision for that
> 
> message.
> 
> 
> For a mail-receiving organization supporting DMARC, a message that
> 
> passes validation is part of a message stream that is reliably
> 
> associated with the Domain Owner and/or any, some, or all of the
> 
> Authenticated Identifiers.Therefore, reputation assessment of that
> 
> stream by the mail-receiving organization does not need to be
> 
> encumbered by accounting for unauthorized use of any domains.A
> 
> message that fails this validation cannot reliably be associated with
> 
> the Domain Owner's domain and its reputation.
> 
> DMARC, in the associated [DMARC-Aggregate-Reporting] and
> 
> [DMARC-Failure-Reporting] documents, also describes a reporting
> 
> framework in which mail-receiving domains can generate regular
> 
> reports containing data about messages seen that claim to be from
> 
> domains that publish DMARC policies, and send those reports to one or
> 
> more addresses as requested by the Domain Owner's or PSO's DMARC
> 
> policy record.
> 
> 
> Experience with DMARC has revealed some issues of interoperability
> 
> with email in general that require due consideration before
> 
> deployment, particularly with configurations that can cause mail to
> 
> be rejected.These are discussed in Section 9.
> -------------------------------------end current proposed text 
> -----------------------------------
> 
> Thank you for your time.
> 
> -- 
> 
> *Todd Herr*| Sr. Technical Program Manager
> *e:*todd.herr@valimail.com <mailto:todd.herr@valimail.com>
> *m:*703.220.4153
> 
> This email and all data transmitted with it contains confidential and/or 
> proprietary information intended solely for the use of individual(s) authorized 
> to receive it. If you are not an intended and authorized recipient you are 
> hereby notified of any use, disclosure, copying or distribution of the 
> information included in this transmission is prohibited and may be unlawful. 
> Please immediately notify the sender by replying to this email and then delete 
> it from your system.
> 
> 
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>