Re: [dmarc-ietf] Definitely no Delegated authentication for Gmail
Douglas Foster <dougfoster.emailstandards@gmail.com> Sun, 23 April 2023 05:49 UTC
Return-Path: <dougfoster.emailstandards@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D65BC151B23 for <dmarc@ietfa.amsl.com>; Sat, 22 Apr 2023 22:49:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uF6zdHft9hjq for <dmarc@ietfa.amsl.com>; Sat, 22 Apr 2023 22:49:04 -0700 (PDT)
Received: from mail-lj1-x235.google.com (mail-lj1-x235.google.com [IPv6:2a00:1450:4864:20::235]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 72D2FC151B12 for <dmarc@ietf.org>; Sat, 22 Apr 2023 22:49:04 -0700 (PDT)
Received: by mail-lj1-x235.google.com with SMTP id 38308e7fff4ca-2a7ac89b82dso30302461fa.1 for <dmarc@ietf.org>; Sat, 22 Apr 2023 22:49:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1682228942; x=1684820942; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=jVd+PAMT2HVnCrpDolbsSpJOM9as2ATrXAOrETQp02E=; b=Q0Aig8ytseEfuJxWYFoWwXIyZWewjTyp6M8BgTQW8XnhrpdSafd1lW+FPqTw9hV5wg KdRKxHp3Hzp+l4DqYn/4hs01gSJvqIukisSUv9f63sMBOO6NyXcby8IWxP+s9RuakYFL usgSnYbMPPqTiEUPvquZTwZi9Awr2/wesGVn7Uv8+SPwSuWxsfvvTbdZj5NdKG35SEBf SsMsDV94FtgKVu8dteY9ic/nD/JUDM/PwQ9kLfiJDDZ/iG7y16/5HSbsVfmZt8zeZ+Uq 66Od+HfGhfVs3hh2U67Y7xSwBwH37D9PSltc2GlzRFW26ToC0qjdacgCvLpx3UN5qEYF 6qpw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1682228942; x=1684820942; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=jVd+PAMT2HVnCrpDolbsSpJOM9as2ATrXAOrETQp02E=; b=e+pvJz4uQmZBK86yS4Q0V3dAC0kjA4vQbb70kF99DCu2L89xpO/bAQQSHS4ypDwgou ws8A70V+V08DNmiSz470w484axsVwlLBp7jYsrM1WJU5+Ut8O6c3ST8v3Cuj7dWVGHmO /IC7xOACI9MH2iIKkuhtyJdNigqdjNx/YjYxpOp+f7f/I1BUIUXPltohRUgXRVV2/8Ut aEbCSh6OhjfQtL/Ra/3p/S0LuIQk2cOJxNaJ8RzuTbyCtY9oSdwAIFUWCph9grCHz3Dg v0FWBMw9m46/Iv51DWhkOPzPVsg7DRAbN2G4vSllE5vun+7QTIprEKYlEbIr4lJUgY3W /apw==
X-Gm-Message-State: AAQBX9cfK6Uqb/gjhMZ54zPcfgkKJMgDuOoVggoy4B7Jhi5ceO30zkxm OdNPb7lQU9nMLNnCOqUwQGP9Bo/UYwF2bkT9RVCk24mH
X-Google-Smtp-Source: AKy350ZNOtZTO5nu/UX7+NTvbsvFKwzA9bYO6y0spVZ9EwUJZHw/9ehdP3rVzBoCYqLtaKyksZAyM/BvN85MeP25Q8s=
X-Received: by 2002:a2e:8643:0:b0:2a8:dcea:196e with SMTP id i3-20020a2e8643000000b002a8dcea196emr1935657ljj.21.1682228941927; Sat, 22 Apr 2023 22:49:01 -0700 (PDT)
MIME-Version: 1.0
References: <20230422212208.38049C251264@ary.qy> <20230422220115.A5425C253CA8@ary.qy>
In-Reply-To: <20230422220115.A5425C253CA8@ary.qy>
From: Douglas Foster <dougfoster.emailstandards@gmail.com>
Date: Sun, 23 Apr 2023 01:48:52 -0400
Message-ID: <CAH48ZfziyWdHJamj3tXSq-P3e+xxjPbO-Nk080hxWx=YrpAHDQ@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000083ba0505f9fa7261"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/kLPUXzLCusO02HFm2OenZkU6zpw>
Subject: Re: [dmarc-ietf] Definitely no Delegated authentication for Gmail
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Apr 2023 05:49:08 -0000
Well John, we have some things to talk about, and it will have to be in public. You should remember that you blocked me from direct communication when I tried to start a side conversation about improving ARC. I conclude that I am one of the trolls that gets in your way, since I have been driving the current topic. You seem to be sorry for calling me names in public, rather than repenting for the attitude behind it. Consequently, the apology must have been intended for the chairs, and I trust they will accept it. For my part, I have learned to forgive quickly because I have been forgiven of much. For my part, I am sorry that you don't like me. I try to follow the Biblical maxim that says, "to the extent it lies within you, live at peace with all men." Usually, I am successful. I have searched my own attitude toward this group in hopes that I am not disliked with reason. It certainly seems that our relationship soured because I was adamantly opposed to Dave Crocker's proposal, which repudiated From authentication as an illegitimate concept, and sought to replace DMARC with impersonation for everyone. I joined this group expecting to say little and learn much, but suddenly I was the only defender of the status quo, so silence was not an option. You said in the course of that discussion, "Would you be surprised if I told you that the From address is not important to me?" I believe you also said that DMARC has done more harm than good. Oddly, the chairs were happy to let the Crocker discussion fester for a long time. Dave frequently repeated his original assertions, without modification, even after they had been thoroughly debunked in the discussion. The chairs only objected when I accused Dave of not listening to me, which was evident. They assured me that participants had no obligation to listen to each other. Eventually, Scott jumped in and settled the matter with, "this is not DMARC." I remain a lot confused by your change in roles. After being DMARC's fiercest enemy, you became entrenched as the one who controlled what DMARCbis has become, and the current draft is unimportantly different from the original. I was also surprised when Scott became your strong ally. To be clear, this has become your document. Your most powerful weapon is silence, but when talk is needed you have allies who will solidify your power and your control on this document. Nothing made this more obvious than when you said your personal preference would override any pretense of consensus, and the chairs let that announcement stand unchallenged. Unfortunately, limiting the document to one viewpoint has introduced weaknesses. I am confident that you can move DMARCbis to publication, but I will most likely ask for my name to be removed, since I have been prevented from having a meaningful role in avoiding those weaknesses. The process of creating this document has been slow, so I sympathize with your frustration. My wife calls this group "my mistress", because it takes so much personal time and because it has dragged on for so long. (It was illuminating to hear that the original document was completed in 18 months.) But your control works against progress, not in favor of it. Topics which are ignored tend to keep coming back. We have a strange and difficult assignment: a very small group of people are supposed to figure out what is in the general interest of the large subset of 8 billion people who will either use email or be affected by other's use of email. The intended path to that outcome is collaboration, with each of us contributing our individual understanding of what is needed to achieve that goal. Too much of this archive is filled with combativeness, rather than collaboration, for which I mostly blame the chairs. Which brings us back to my part of the collaboration. I came to this group from my role as an evaluator of an incoming mail stream, frustrated with the vendors who are supposed to protect us, and eager to find a way to improve email defenses against the combined effects of malicious actors and bungling vendors. I had little experience with mailing lists, and my early participation was not sympathetic to them. But the Crocker discussion did change me. I have been looking, ever since, for ways to bring mailing lists into the authentication world, even while expressing my frustration that the problem is one of their own making. After multiple other options have been considered and failed, I have landed on ATPS as a solution which is pretty well suited to the problem that the Crocker proposal was trying to fix. It is a very serious proposal, and not an attempt to waste your time. I hoped you and other mailing list advocates would be excited, and hoped that you specifically would turn your considerable brain power toward turning the concept into reality. Instead, you are annoyed and the other power players have been oddly silent. I am ready to collaborate on creating an actual solution to the mailing list problem, which would make my years-long investment in this group worthwhile. Let's please do this. Doug Foster On Sat, Apr 22, 2023 at 6:01 PM John Levine <johnl@taugh.com> wrote: > My apologies, that was not supposed to go to this list. > > > It appears that John Levine <johnl@taugh.com> said: > > [[ rather off list ]] > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc >
- [dmarc-ietf] Delegated authentication for Gmail Douglas Foster
- Re: [dmarc-ietf] Delegated authentication for Gma… Douglas Foster
- Re: [dmarc-ietf] Delegated authentication for Gma… Hector Santos
- Re: [dmarc-ietf] Delegated authentication for Gma… Douglas Foster
- Re: [dmarc-ietf] Delegated authentication for Gma… Hector Santos
- Re: [dmarc-ietf] Delegated authentication for Gma… Douglas Foster
- Re: [dmarc-ietf] Delegated authentication for Gma… Jesse Thompson
- Re: [dmarc-ietf] Delegated authentication for Gma… Alessandro Vesely
- Re: [dmarc-ietf] Delegated authentication for Gma… Jesse Thompson
- Re: [dmarc-ietf] Delegated authentication for Gma… Hector Santos
- Re: [dmarc-ietf] Delegated authentication for Gma… Hector Santos
- Re: [dmarc-ietf] Definitely no Delegated authenti… John Levine
- Re: [dmarc-ietf] Definitely no Delegated authenti… Douglas Foster
- Re: [dmarc-ietf] Definitely no Delegated authenti… Hector Santos
- Re: [dmarc-ietf] Definitely no Delegated authenti… Dotzero
- Re: [dmarc-ietf] Definitely no Delegated authenti… John Levine
- Re: [dmarc-ietf] Definitely no Delegated authenti… Hector Santos
- Re: [dmarc-ietf] Definitely no Delegated authenti… John Levine
- Re: [dmarc-ietf] Definitely no Delegated authenti… Hector Santos
- Re: [dmarc-ietf] Definitely no Delegated authenti… Douglas Foster
- Re: [dmarc-ietf] Receiver-side authorization, was… Alessandro Vesely
- Re: [dmarc-ietf] Definitely no Delegated authenti… Barry Leiba
- Re: [dmarc-ietf] Definitely no Delegated authenti… Barry Leiba
- Re: [dmarc-ietf] Definitely no Delegated authenti… Hector Santos
- Re: [dmarc-ietf] Definitely no Delegated authenti… Seth Blank