IETF Logo Mail Archive

Re: [dmarc-ietf] Are Evaluators motivated to switch to Tree Walk?

John Levine <johnl@taugh.com> Sat, 18 June 2022 18:10 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B1D44C14F6EC for <dmarc@ietfa.amsl.com>; Sat, 18 Jun 2022 11:10:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.86
X-Spam-Level:
X-Spam-Status: No, score=-1.86 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=WSh9evEi; dkim=pass (2048-bit key) header.d=taugh.com header.b=TTU0bLPn
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id if7VSAGlp0dy for <dmarc@ietfa.amsl.com>; Sat, 18 Jun 2022 11:10:13 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C941EC15791D for <dmarc@ietf.org>; Sat, 18 Jun 2022 11:10:12 -0700 (PDT)
Received: (qmail 82638 invoked from network); 18 Jun 2022 18:10:09 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=142cc.62ae1501.k2206; bh=QvshdXc1tGpabGBRAa1/rt0/wMWeICR7VszuXHpUu+8=; b=WSh9evEi7fhvc9NI7y+OLuEu+CG74rX2vUEqS1T4osowemWQWNlAnu5h4NQ8ScVaOU7uGXQhTeMEDISg8ft6CW1oWrU2CC1nkXKuOyhyQ1p6dRO787H7E/qbSmWLoGuU/ruJ28JSdxzvnuGanmmvbq7b2Q5JwNQeb/hJuF+xAl4ij5jd26aN7ATDelfX3V5DEsO7TL9jvn79HxoB8tojj40E98Asz3zzisj17lcwR/zGSMHJNzmRPjsuFVtJp9pdulMQgrfXev3Uzc6J/gPCmUfZZl3sEe2+7cYFFD/NCOZunWOBdtTq5ZhYqsVIZ3/1BdOnvP95DBRKXy3RHe09Fg==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=142cc.62ae1501.k2206; bh=QvshdXc1tGpabGBRAa1/rt0/wMWeICR7VszuXHpUu+8=; b=TTU0bLPn8nvnSWSlf0fkVuQWRdc5KLf+WAD7bspM+EJcHGZ4DX1DCsG4byY1t7MQIaeJiyGwn9GAWvrQ0CsVlM5XXQ++4ZWiImPr988/pxLYgWkTD9LrTZ9aZQnLRN3xDNAx5sE7vxWKXkoenwgK4TK4QxvJCqL380qlH6z6Z2xnN0LOXBG5wwdD/oBvfvVEdzNEusfxFibmsXFNMveYvIVkNt3MfSZPO+6HbznvQFPAmEwCLX0tJ9fQggSq/xLM+oNnZl8qrsLymHz+g7FfpsjrqSg1uIQNIOaSFzMX+Dz0XUbbJNZ8g0a9DVoBQeqtTgayJpPjEix2jgW4TV6Yrg==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.3 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 18 Jun 2022 18:10:08 -0000
Received: by ary.qy (Postfix, from userid 501) id 3D0E243C75B5; Sat, 18 Jun 2022 14:10:06 -0400 (EDT)
Date: Sat, 18 Jun 2022 14:10:06 -0400
Message-Id: <20220618181008.3D0E243C75B5@ary.qy>
From: John Levine <johnl@taugh.com>
To: dmarc@ietf.org
Cc: superuser@gmail.com
In-Reply-To: <CAL0qLwa0fGJRGXaueKERwM_bfSBjwB4dG8=-iTTWQ6trPohuxQ@mail.gmail.com>
Organization: Taughannock Networks
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/kJ7iiTTiK0CJlXLrwhOXYn6hdBk>
Subject: Re: [dmarc-ietf] Are Evaluators motivated to switch to Tree Walk?
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Jun 2022 18:10:17 -0000

It appears that Murray S. Kucherawy  <superuser@gmail.com> said:
>The tree walk might be the DBOUND solution, for all we know.  Having it in
>a separate, generic-as-possible, document might make the technique usable
>by other applications as well.

We had a few plausible proposals in the DBOUND group, and none of them
were anything like a tree walk. Most of the things that use the PSL
are related to browser UI and do not have their own DNS records. I
don't think it's a great idea to assume that people will invent cookie
records and browser box records and safe browsing records and so on
and so forth.

The schemes that Casey and I proposed used a dedicated new RRTYPE and wildcards
so there's no tree walk, just one deterministic lookup per boundary level.  If
the boundaries for different applications are different, there are flags so each
boundary can say which apps it applies to.

>I rather liked the idea of DMARCbis saying "You need some way to determine
>the Organizational Domain.  One way is with the PSL as described in X, or
>you could do a tree walk as described in Y." 

That seems like a pessimal way to make things interoperate: use one of
an unknown set of algorithms and the other party can't tell which one
you're going to use. If we can't agree that the tree walk is better
than piggybacking on the PSL, I don't see any of the other changes
we're proposing to be worth the effort to republish so we should stop
now and not waste more time.

R's,
John

v2.23.0 | Report a Bug | By Email