Re: [dmarc-ietf] PSDs in draft-ietf-dmarc-psd

"Hollenbeck, Scott" <shollenbeck@verisign.com> Fri, 07 June 2019 11:03 UTC

Return-Path: <shollenbeck@verisign.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A8E51201D7 for <dmarc@ietfa.amsl.com>; Fri, 7 Jun 2019 04:03:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zm_PEkdHm-Tn for <dmarc@ietfa.amsl.com>; Fri, 7 Jun 2019 04:03:02 -0700 (PDT)
Received: from mail6.verisign.com (mail6.verisign.com [69.58.187.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2437712008A for <dmarc@ietf.org>; Fri, 7 Jun 2019 04:03:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=10598; q=dns/txt; s=VRSN; t=1559905382; h=from:to:cc:date:message-id:references:in-reply-to: mime-version:subject; bh=+9uMMHJC2T9WX74tYtyRKy156M42bi8F6KzQsYTOt/Y=; b=PQ5UTIop4syPuTwsxZWikNeh9qN4D8UoFB8A7dyQffTPMti2xrDYd2hS JHEzYgZ+6SPCJnV51LbyjBVu4YMW2ieJTDD1sXSuNe+cW2dgLhXk/nR8Z 5/ZEasUtPDg+IsG1lb3ew7tcneGqGnWvvBpiMm3d32CM5ubPOG4lJIEZe Fu0tun+RFaqs/+iArE0VDUiV7qZXdQv6Jeio9KQseT/xdZzl3sew34f7I nb+NO2AawZ5rh2wEf34jmUVVcpE3ul0b8QeS857QoFTJsdRn/BiTVdADs E4mZPWCS88oYI6l2CdG3Ed/l++9Xs4NYNdXcdfqUJe4ox+vzSOqohsSW7 g==;
X-IronPort-AV: E=Sophos;i="5.63,562,1557201600"; d="scan'208,217";a="7741140"
IronPort-PHdr: 9a23:41TtiRxBAtaO3LHXCy+O+j09IxM/srCxBDY+r6Qd0uoXKvad9pjvdHbS+e9qxAeQG9mCsrQd17Sd6PqocFdDyK7JiGoFfp1IWk1NouQttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXdrXKo8DEdBAj0OxZrKeTpAI7SiNm82/yv95HJbAhEmSexbalvIBi5rAjduccbjZV/Iast1xXFpWdFdf5Lzm1yP1KTmBj85sa0/JF99ilbpuws+c1dX6jkZqo0VbNXAigoPGAz/83rqALMTRCT6XsGU2UZiQRHDg7Y5xznRJjxsy/6tu1g2CmGOMD9UL45VSi+46ptVRTljjoMOTwk/2HNksF+jLxVrg+9pxJxwIDUboOaNPticazSZt4VX3ZNXsRLWiBdHo+xbY0CBPcBM+ZCqIn9okMDoRW8CwmrAOPvziFHhnnt0qIkz+shEhnK1xE9Ed0St3TUsMn1OKkPWu2y16nIzTLDb/dS2Tjj7ojHaQ4uru2PXb9rb8re11MvFwLejlWRpozlOSmZ2fgKs2ie9udtU/+khWAgqwF0uDevx8Esh5HUiYIQ0F/E7zl2zJwpKt2/TU52Z8OvHphItyyCKod6XtkuT3xqtSs00LEKpJ62cSYQxJkowxPTc+GLf5SS7h7+VuudPS10iG9qdb+8nRq+7EutxvXyVsaq01tGsi9In9zOu38RyxDc8M2KRuZh8Ui93DuC1x3c5f9KIU0xkafUNoMuzaA2m5EOq0rMBDX2l1/zjKKOc0Uk/fWn5Pr/b7X9o5+cK5d0igbjMqQygsC/Afo3MgwJX2WD5OmyyKXt8VD5T7tSgfM5k7XVvI7AKcQFuqG5BBVV0p455xmlEjiqysoYnWMcLFJDYh6Ik4/pO1TWLPD5C/ewnUisnS92y/zaJLHtH5fAI3bZnLv8fbtw5VRQxQU3wNxH4pJbELABIPb9Wk/rs9zYCwc0Mxe0w+bgDNV90p0RWWSUDaCHLKzSskSF5vwxLOmWZY8Vozf9K/cj5/L0kXA5nlodcbGz3ZQLcHC4AuhmI0KBbHXwmNcOC2YKvgUmQeHllFGCXyJTZ3KvUK4m+j47D4emAJzeSYComrOBxju0EodXZm9YFlCMH23kd4KeW/cDcCiSONNukiQYVbi9TI8szQyhtArgxLp9MuXZ4SwYuoz/1Nh7/eHTkgsy9TMnR/iahiuGVWh1kTZUHzEq2Kw5qkt44luG2LJzxf1VCdIV4OlGGE9uPoTVzuMvV4j8RgbNONyOTX6qR9y8CncwQ84/hdgUbBAuNc+li0WJ/y2uB7ITnbGAB9h8yanbw2S7b5Jmy3HC0KQnhVQtQeNROHenna9w8U7YAIufwBbRrLqjaalJhH2Fz2yE12fb5Ew=
X-IPAS-Result: A2HgAgDPQ/pc/zGZrQpPFhwBAQEEAQEHBAEBgWWBD1OBGYEsCoQLg0qOfYI7mloJAQEBAQEBAQEBBwEbFAEBhEACF4J3OBMBAwEBAQQBAQEBAwEBAQKBBQELgjoigVMsNzkBAQEBAyMKRQcQAgEIEQQBARQXAgICMB0IAQEEDgUIgxuBHagigTGDdYFShHCBNItygUE+gRGDEj6CYQSBHIEBgkyCWASOIYRslhcDBgKCDoZDjHYjgiRpihOJcY0PhxOPIwIEAgQFAhWBZoF6cIM8CYV2ilNyAY43gSEBAQ
Received: from BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) by BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Fri, 7 Jun 2019 07:03:00 -0400
Received: from BRN1WNEX02.vcorp.ad.vrsn.com ([fe80::7c0a:1cc:5def:9dde]) by BRN1WNEX02.vcorp.ad.vrsn.com ([fe80::7c0a:1cc:5def:9dde%4]) with mapi id 15.01.1713.004; Fri, 7 Jun 2019 07:03:00 -0400
From: "Hollenbeck, Scott" <shollenbeck@verisign.com>
To: "craig=40ftld.com@dmarc.ietf.org" <craig=40ftld.com@dmarc.ietf.org>
CC: "dmarc@ietf.org" <dmarc@ietf.org>
Thread-Topic: [EXTERNAL] Re: [dmarc-ietf] PSDs in draft-ietf-dmarc-psd
Thread-Index: AdUciY2y4WRjNep5RxiJQapQPwT8pgAMPUEAABlOi6A=
Date: Fri, 07 Jun 2019 11:02:59 +0000
Message-ID: <bb2dff4230404b0c8845f0a78d943e3a@verisign.com>
References: <5130c7f40b444b97ab95864e6fc243ce@verisign.com> <CAJ+U=1oa1jWbc00-+r=btA_4Tn9zx_rkpq7W4oEEngD674y9JA@mail.gmail.com>
In-Reply-To: <CAJ+U=1oa1jWbc00-+r=btA_4Tn9zx_rkpq7W4oEEngD674y9JA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.170.148.18]
Content-Type: multipart/alternative; boundary="_000_bb2dff4230404b0c8845f0a78d943e3averisigncom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/k3FaQMKx5fSdR656pM0HtT-SSnw>
Subject: Re: [dmarc-ietf] PSDs in draft-ietf-dmarc-psd
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jun 2019 11:03:04 -0000

From: dmarc <dmarc-bounces@ietf.org> On Behalf Of Craig Schwartz
Sent: Thursday, June 6, 2019 2:52 PM
To: Hollenbeck, Scott <shollenbeck=40verisign.com@dmarc.ietf.org>
Cc: dmarc@ietf.org
Subject: [EXTERNAL] Re: [dmarc-ietf] PSDs in draft-ietf-dmarc-psd





>On Thursday, June 6, 2019 at 1:12 PM EDT Scott Hollenbeck wrote:

>I recently had a chance to read through draft-ietf-dmarc-psd. If I understand it correctly (and I'm not sure that I do), the document suggests that it's possible for a TLD like ".com" >to be a PSD and a TXT record like "_dmarc.com<http://dmarc.com/>" can be published in the com zone. I found this part of the draft confusing because it's not possible to add TXT records like that >to the com zone. It might help to explicitly note somewhere (perhaps in Section 2.2) that there may be policy restrictions in place that disallow the publication of DMARC policy >records in some DNS zones, including some top-level domain zones.




The purpose of the document is to convey technically how PSD DMARC can be accomplished rather than who can or cannot undertake this due to policy considerations. As the operator of .BANK and .INSURANCE, fTLD initiated this stream of work with the IEFT because of the explicit prohibition by ICANN from inserting TXT records in the DNS. The goal is to get to an RFC that specifies the technical aspect of PSD DMARC and ultimately seek ICANN's approval to allow publication of such a record in the DNS. In contrast, gTLDs not under contract with ICANN such as .MIL and .GOV, who are both involved in this work, do not have a contractual relationship with ICANN and thus are not prohibited from this activity, and the same goes for ccTLDs.



It would be helpful to the reader if the draft were either clear about potential limitations to deployment or more descriptive about the domains for which the approach can work. Right now, PSD DMARC cannot be deployed ubiquitously. That reality should not be overlooked.



Scott