Re: [dmarc-ietf] Adam Roach's Yes on draft-ietf-dmarc-eaiauth-05: (with COMMENT)

"John Levine" <johnl@taugh.com> Wed, 10 April 2019 22:26 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2617312008B for <dmarc@ietfa.amsl.com>; Wed, 10 Apr 2019 15:26:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=AciAlyuB; dkim=pass (1536-bit key) header.d=taugh.com header.b=k1F9R0Lz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pGdm2qHvgfn7 for <dmarc@ietfa.amsl.com>; Wed, 10 Apr 2019 15:26:57 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 556F8120049 for <dmarc@ietf.org>; Wed, 10 Apr 2019 15:26:57 -0700 (PDT)
Received: (qmail 61875 invoked from network); 10 Apr 2019 22:26:55 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=f1b0.5cae6daf.k1904; bh=3Kn3n+xMRqPl/IYSNrmUuRscbjSGTngfZKtaKoS0+0s=; b=AciAlyuBDiE45yZm7qjxx1zYryws07HJLmw9oYShSyCydzaaiKskZew/N5DSkiOOj32LJyBdDESFL3orA7Hg150SlyR73K7Xlq3VEpkMUALBe9vplnZJu4uF23Ri2Fe8a0J8p3Ei/Y3lAL/b3Fi2iY+SN9vO48xwQa0MgEcBc3qpgaxX9zXSA5huC7eIsHlwGWkjQNsCobQ4EVJKOGKNYFhns0ab6Fk+Zpq6sj28gt5W3LUE5Oq7hCg7s54yoWY/
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=f1b0.5cae6daf.k1904; bh=3Kn3n+xMRqPl/IYSNrmUuRscbjSGTngfZKtaKoS0+0s=; b=k1F9R0LzMa6iP6k8aQ/nL7JsQl0ewM7aqsouruzllvgJXvnFzdF/p3BofHhnGLLuZPQ3ohK1h/PSlKutUv9mL5Fsm0h5iLHM3+T3EvQq5eDRyj6NTwqtGVMYeXmABlCQbTycSc/OtxktnOA5EarsEwckgyG0ZCKITRax7LrB3DpaJl4Kvn/y8RkUnQJk8kC7i4pGjbD8WgebdFauXe9hxs2WVHe64SO9nD3upkc3s0oBU1Db/NkydX5OYS2sv0RL
Received: from ary.intern ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTP via TCP6; 10 Apr 2019 22:26:54 -0000
Received: by ary.intern (Postfix, from userid 501) id 671832011D4FED; Thu, 11 Apr 2019 00:26:54 +0200 (CEST)
Date: 11 Apr 2019 00:26:54 +0200
Message-Id: <20190410222654.671832011D4FED@ary.intern>
From: "John Levine" <johnl@taugh.com>
To: dmarc@ietf.org
Cc: adam@nostrum.com
In-Reply-To: <155486669171.19715.14014281020759221500.idtracker@ietfa.amsl.com>
Organization: Taughannock Networks
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/kT5Y6yXi73t5_t_lHTmnf7ZlPSs>
Subject: Re: [dmarc-ietf] Adam Roach's Yes on draft-ietf-dmarc-eaiauth-05: (with COMMENT)
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Apr 2019 22:26:59 -0000

In article <155486669171.19715.14014281020759221500.idtracker@ietfa.amsl.com> you write:
>I agree with Benjamin's DISCUSS comment: this document needs to better
>explain the consequences of the inability to match %{s} and %{l}.

It has no consequences at all.  As Scott noted, it documents what the code does now.

 He talks about
>it from a security perspective, but I think there's also a discussion to be had
>here about whether this disadvantages users who elect to have non-ASCII
>characters in their mailbox names.

I have to object here -- this is asking us to put a tutorial about SPF
into this minor update document.  Anyone who is familiar with SPF
knows that local part macros are useless and it makes no difference.

Even if they weren't useless and we we wanted to encode UTF-8 local
parts in the DNS, that doesn't work because the semantics of local
parts and of domain names and the way they are interpreted are very
different.  The obvious problem is case folding which has in the past
kind of mostly worked because the ASCII DNS case folding rule and
ASCII mail case folding conventions happen to be similar, but it goes
straight downhill from there with characters other than ASCII letters
and digits.  This has been argued to death many times, and again this
is not the place for a tutorial.

R's,
John