Re: [dmarc-ietf] Comment on draft-ietf-dmarc-psd

Scott Kitterman <sklist@kitterman.com> Fri, 06 September 2019 01:28 UTC

Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6833F1200A3 for <dmarc@ietfa.amsl.com>; Thu, 5 Sep 2019 18:28:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b=JXfQs96P; dkim=pass (2048-bit key) header.d=kitterman.com header.b=DUVGX0Zu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PZMct54Pbhpc for <dmarc@ietfa.amsl.com>; Thu, 5 Sep 2019 18:28:47 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 151CB120043 for <dmarc@ietf.org>; Thu, 5 Sep 2019 18:28:47 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) by interserver.kitterman.com (Postfix) with ESMTPS id 062E3F8066A for <dmarc@ietf.org>; Thu, 5 Sep 2019 21:28:16 -0400 (EDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903e; t=1567733295; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from; bh=9jr4hcU/DiZcAR/Znu4Nw6JLZ2P7l2bv6K6sVFMeFOE=; b=JXfQs96PPw5A4AJGwONTomEQDe0DbjLpErymShjAMAjy63kJxyrDf5D7 eeKTPJPERwJ+E5BM6WL+94c7qw5TCw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903r; t=1567733295; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from; bh=9jr4hcU/DiZcAR/Znu4Nw6JLZ2P7l2bv6K6sVFMeFOE=; b=DUVGX0ZubLn6fuQ9JlhPM9L89KJPnLl1+nXmfab08fMcay2Kc9cg3qki lcti21xQ26ozU2zKX0u5Z7c4G8mMfGTZNdsW4ibW73sbbJSjQn8dFlU3ss 22/Wc0+6kqvgSdCrYNHduhyITV91DVRtZgdZQx2r7bA+dmfzS/WxDaL0ZP FBYz1tOvX5Qdglx3gK1f75wHdJ5lpE3tq735k/Cy4BMzhkLsZQ85hlpdD3 dJXL1D84aTNPXy3ZY2qjkAvYAeSx2W1KPkRPhrfC81d7Nk8GpRyPavkZtY 8aHzo7TT2Jb2xO7hluYx1NJF5gXG9eHzvIwCKYSR2Idm/5hiKWqDLw==
Received: from l5580.localnet (unknown [IPv6:2600:380:763d:e46:d882:bd7e:9619:debb]) by interserver.kitterman.com (Postfix) with ESMTPSA id 5F6E0F801E5 for <dmarc@ietf.org>; Thu, 5 Sep 2019 21:28:15 -0400 (EDT)
From: Scott Kitterman <sklist@kitterman.com>
To: dmarc@ietf.org
Date: Thu, 05 Sep 2019 21:28:16 -0400
Message-ID: <2071051.MakTsmbkZq@l5580>
In-Reply-To: <1e1aa6bd-82cb-5ce0-290c-c3eaf8566c4d@gmail.com>
References: <728d7df1-d563-82f4-bfb3-a65a75fdd662@gmail.com> <C64C3370-6D04-43C9-9602-CDCB13406981@kitterman.com> <1e1aa6bd-82cb-5ce0-290c-c3eaf8566c4d@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/jVd59RWrRnkJGHIHFrzg3kIqSJk>
Subject: Re: [dmarc-ietf] Comment on draft-ietf-dmarc-psd
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Sep 2019 01:28:49 -0000

On Thursday, September 5, 2019 9:02:45 PM EDT Dave Crocker wrote:
> On 9/5/2019 2:49 PM, Scott Kitterman wrote:
> > I don't think so.  The draft defines PSD as org - 1.
> 
> Writing a definition for something you don't control and that can (and
> has) change tends to be problematic.
> 
> As it is here.

Now that I'm at a computer where I can review the draft as it stands (as 
opposed to the draft as I remember it), I agree the current definition is 
problematic.  However, I think it's easily fixable.  Here's where I see a 
problem:

> 2.3.  Longest PSD
> 
>    The longest PSD is the PSD matching more labels in the domain name
>    under evaluation than any other public suffix list entry.

As you suggest, it leverages PSL in a way that's sub-optimal at best.  
Fortunately I think we can fix it.  I'd suggest this instead:

2.3.  Longest PSD

   The longest PSD is the Organizational Domain with one label removed.

With that change, PSD DMARC makes no claims based on use of the PSL that 
aren't inherited from DMARC.

How's that?

Scott K