IETF Logo Mail Archive

Re: [dmarc-ietf] Definitely no Delegated authentication for Gmail

Douglas Foster <dougfoster.emailstandards@gmail.com> Sun, 23 April 2023 05:49 UTC

Return-Path: <dougfoster.emailstandards@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D65BC151B23 for <dmarc@ietfa.amsl.com>; Sat, 22 Apr 2023 22:49:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uF6zdHft9hjq for <dmarc@ietfa.amsl.com>; Sat, 22 Apr 2023 22:49:04 -0700 (PDT)
Received: from mail-lj1-x235.google.com (mail-lj1-x235.google.com [IPv6:2a00:1450:4864:20::235]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 72D2FC151B12 for <dmarc@ietf.org>; Sat, 22 Apr 2023 22:49:04 -0700 (PDT)
Received: by mail-lj1-x235.google.com with SMTP id 38308e7fff4ca-2a7ac89b82dso30302461fa.1 for <dmarc@ietf.org>; Sat, 22 Apr 2023 22:49:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1682228942; x=1684820942; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=jVd+PAMT2HVnCrpDolbsSpJOM9as2ATrXAOrETQp02E=; b=Q0Aig8ytseEfuJxWYFoWwXIyZWewjTyp6M8BgTQW8XnhrpdSafd1lW+FPqTw9hV5wg KdRKxHp3Hzp+l4DqYn/4hs01gSJvqIukisSUv9f63sMBOO6NyXcby8IWxP+s9RuakYFL usgSnYbMPPqTiEUPvquZTwZi9Awr2/wesGVn7Uv8+SPwSuWxsfvvTbdZj5NdKG35SEBf SsMsDV94FtgKVu8dteY9ic/nD/JUDM/PwQ9kLfiJDDZ/iG7y16/5HSbsVfmZt8zeZ+Uq 66Od+HfGhfVs3hh2U67Y7xSwBwH37D9PSltc2GlzRFW26ToC0qjdacgCvLpx3UN5qEYF 6qpw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1682228942; x=1684820942; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=jVd+PAMT2HVnCrpDolbsSpJOM9as2ATrXAOrETQp02E=; b=e+pvJz4uQmZBK86yS4Q0V3dAC0kjA4vQbb70kF99DCu2L89xpO/bAQQSHS4ypDwgou ws8A70V+V08DNmiSz470w484axsVwlLBp7jYsrM1WJU5+Ut8O6c3ST8v3Cuj7dWVGHmO /IC7xOACI9MH2iIKkuhtyJdNigqdjNx/YjYxpOp+f7f/I1BUIUXPltohRUgXRVV2/8Ut aEbCSh6OhjfQtL/Ra/3p/S0LuIQk2cOJxNaJ8RzuTbyCtY9oSdwAIFUWCph9grCHz3Dg v0FWBMw9m46/Iv51DWhkOPzPVsg7DRAbN2G4vSllE5vun+7QTIprEKYlEbIr4lJUgY3W /apw==
X-Gm-Message-State: AAQBX9cfK6Uqb/gjhMZ54zPcfgkKJMgDuOoVggoy4B7Jhi5ceO30zkxm OdNPb7lQU9nMLNnCOqUwQGP9Bo/UYwF2bkT9RVCk24mH
X-Google-Smtp-Source: AKy350ZNOtZTO5nu/UX7+NTvbsvFKwzA9bYO6y0spVZ9EwUJZHw/9ehdP3rVzBoCYqLtaKyksZAyM/BvN85MeP25Q8s=
X-Received: by 2002:a2e:8643:0:b0:2a8:dcea:196e with SMTP id i3-20020a2e8643000000b002a8dcea196emr1935657ljj.21.1682228941927; Sat, 22 Apr 2023 22:49:01 -0700 (PDT)
MIME-Version: 1.0
References: <20230422212208.38049C251264@ary.qy> <20230422220115.A5425C253CA8@ary.qy>
In-Reply-To: <20230422220115.A5425C253CA8@ary.qy>
From: Douglas Foster <dougfoster.emailstandards@gmail.com>
Date: Sun, 23 Apr 2023 01:48:52 -0400
Message-ID: <CAH48ZfziyWdHJamj3tXSq-P3e+xxjPbO-Nk080hxWx=YrpAHDQ@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000083ba0505f9fa7261"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/kLPUXzLCusO02HFm2OenZkU6zpw>
Subject: Re: [dmarc-ietf] Definitely no Delegated authentication for Gmail
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Apr 2023 05:49:08 -0000

Well John, we have some things to talk about, and it will have to be in
public.   You should remember that you blocked me from direct communication
when I tried to start a side conversation about improving ARC.

I conclude that I am one of the trolls that gets in your way, since I have
been driving the current topic.  You seem to be sorry for calling me names
in public, rather than repenting for the attitude behind it.
Consequently, the apology must have been intended for the chairs, and I
trust they will accept it.  For my part, I have learned to forgive quickly
because I have been forgiven of much.

For my part, I am sorry that you don't like me.    I try to follow the
Biblical maxim that says, "to the extent it lies within you, live at peace
with all men."  Usually, I am successful.  I have searched my own attitude
toward this group in hopes that I am not disliked with reason.

It certainly seems that our relationship soured because I was adamantly
opposed to Dave Crocker's proposal, which repudiated From authentication as
an illegitimate concept, and sought to replace DMARC with impersonation for
everyone.   I joined this group expecting to say little and learn much, but
suddenly I was the only defender of the status quo, so silence was not an
option.

You said in the course of that discussion, "Would you be surprised if I
told you that the From address is not important to me?"   I believe you
also said that DMARC has done more harm than good.

Oddly, the chairs were happy to let the Crocker discussion fester for a
long time.   Dave frequently repeated his original assertions, without
modification, even after they had been thoroughly debunked in the
discussion.   The chairs only objected when I accused Dave of not listening
to me, which was evident.   They assured me that participants had no
obligation to listen to each other.  Eventually, Scott jumped in and
settled the matter with, "this is not DMARC."

I remain a lot confused by your change in roles.   After being DMARC's
fiercest enemy, you became entrenched as the one who controlled what
DMARCbis has become, and the current draft is unimportantly different from
the original.  I was also surprised when Scott became your strong ally.

To be clear, this has become your document.  Your most powerful weapon is
silence, but when talk is needed you have allies who will solidify your
power and your control on this document.   Nothing made this more obvious
than when you said your personal preference would override any pretense of
consensus, and the chairs let that announcement stand unchallenged.
Unfortunately, limiting the document to one viewpoint has introduced
weaknesses.   I am confident that you can move DMARCbis to publication, but
I will most likely ask for my name to be removed, since I have been
prevented from having a meaningful role in avoiding those weaknesses.

The process of creating this document has been slow, so I sympathize with
your frustration.  My wife calls this group "my mistress", because it takes
so much personal time and because it has dragged on for so long.  (It was
illuminating to hear that the original document was completed in 18
months.)   But your control works against progress, not in favor of it.
Topics which are ignored tend to keep coming back.

We have a strange and difficult assignment: a very small group of people
are supposed to figure out what is in the general interest of the large
subset of 8 billion people who will either use email or be affected by
other's use of email.   The intended path to that outcome is collaboration,
with each of us contributing our individual understanding of what is needed
to achieve that goal.   Too much of this archive is filled with
combativeness, rather than collaboration, for which I mostly blame the
chairs.

Which brings us back to my part of the collaboration.   I came to this
group from my role as an evaluator of an incoming mail stream, frustrated
with the vendors who are supposed to protect us, and eager to find a way to
improve email defenses against the combined effects of malicious actors and
bungling vendors.  I had little experience with mailing lists, and my early
participation was not sympathetic to them.  But the Crocker discussion did
change me.   I have been looking, ever since, for ways to bring mailing
lists into the authentication world, even while expressing my frustration
that the problem is one of their own making.

After multiple other options have been considered and failed, I have landed
on ATPS as a solution which is pretty well suited to the problem that the
Crocker proposal was trying to fix.   It is a very serious proposal, and
not an attempt to waste your time.   I hoped you and other mailing list
advocates would be excited, and hoped that you specifically would turn your
considerable brain power toward turning the concept into reality.  Instead,
you are annoyed and the other power players have been oddly silent.

I am ready to collaborate on creating an actual solution to the mailing
list problem, which would make  my years-long investment in this group
worthwhile.  Let's please do this.

Doug Foster






On Sat, Apr 22, 2023 at 6:01 PM John Levine <johnl@taugh.com> wrote:

> My apologies, that was not supposed to go to this list.
>
>
> It appears that John Levine  <johnl@taugh.com> said:
> > [[ rather off list ]]
>
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>

v2.23.0 | Report a Bug | By Email