IETF Logo Mail Archive

Re: [dmarc-ietf] Overall last-call comments on DMARC

Douglas Foster <dougfoster.emailstandards@gmail.com> Thu, 04 April 2024 17:21 UTC

Return-Path: <dougfoster.emailstandards@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32227C151545 for <dmarc@ietfa.amsl.com>; Thu, 4 Apr 2024 10:21:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.094
X-Spam-Level:
X-Spam-Status: No, score=-7.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 29X6S6OuYKm0 for <dmarc@ietfa.amsl.com>; Thu, 4 Apr 2024 10:21:00 -0700 (PDT)
Received: from mail-lj1-x234.google.com (mail-lj1-x234.google.com [IPv6:2a00:1450:4864:20::234]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 402A1C15106C for <dmarc@ietf.org>; Thu, 4 Apr 2024 10:21:00 -0700 (PDT)
Received: by mail-lj1-x234.google.com with SMTP id 38308e7fff4ca-2d48d75ab70so16753461fa.0 for <dmarc@ietf.org>; Thu, 04 Apr 2024 10:21:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1712251258; x=1712856058; darn=ietf.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=QDS4oatRw/EfIjhZ2e0VSpxGKLlVzem77nXTI9hWcn8=; b=gY3Mhyp+qx+SnZ7HRQawyw/r6QeOhM0+Q/Z2go24OATa9f589u5FcnqKOi63Fyp3Fw cWsDWqZj0BeKmVxF2W3lDE8DRn5yjXXLcEILcEpLSSTJ/bIm+mjKURsJbKXks5/ki6t+ OZ7VzstM0l9XWTXo6vPzQMtls0k7Tfq0dfi7xCKs7vXr/mfcGwA1lSc1MYAgKjQGqp+s 3yZVSPtxZRNpuZXAi2orFAx6H/J0j82lvMSjeSGcFADLqh4Y65jIcSSclzMhITPz+Hv6 Baw5aO/xCgF+zBHJscD+PHg/I9GHH95cOdnypCRbAfGewT7DiwZzzjS7dECh9+VZzKu4 jBFQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712251258; x=1712856058; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=QDS4oatRw/EfIjhZ2e0VSpxGKLlVzem77nXTI9hWcn8=; b=nFd8Az10jCNuezRgff4w0ncNzbnIC9Qg4GPrq7T8esVYUc0bq1yLPxOgWgwZKEj3KR fT6t8c4J6NI+hMBeAs0sTCVLgjHpqvE6f3DrwSAco5NSUk8p5WDMlQvcZh+wJuhNrceT tfEV58ASUd45XDjbFuOfTTlh5RgZdkGzyBYmiNeSrIPoThtCg3ECCSWwuwecW1GGwpFV o+TlDfGjfrx/1wDJAxa7oyLoHsSrr9eqV0TzjdSD9DXJDJJinrb8i12//45fC9Sicpws 9fEvXDU3AP8LiWyQKmOdcyLNBy7sHdFik3jwm9IpAU3zmFa+SvVyLxPTS3t4bMSxloYT 6N8g==
X-Gm-Message-State: AOJu0YxdseN2guGF/LHsbApgPt94iPmLbQLBYIkGSfNkFQefsvhXlfKg 2jPbP+E1T/mBxlK+zAequVcAgM9KQQqrVNFe1s56liwyCnS1e3LQaPEpd7U7I6epPcXimxFX5GW X08gCB0LMnO4cBQ5d2j7RgwOQQicWHOYT
X-Google-Smtp-Source: AGHT+IGAc77zIQa8Q9oZObd+rAsOqUixoY7ERGaP/gYi/MSbBHFkxHzaBGuqVXZerAr7J0T5csnPrLb+UDoJGoB30bw=
X-Received: by 2002:a2e:989a:0:b0:2d8:60a4:d0d with SMTP id b26-20020a2e989a000000b002d860a40d0dmr866916ljj.53.1712251257636; Thu, 04 Apr 2024 10:20:57 -0700 (PDT)
MIME-Version: 1.0
References: <CFEA2796-9213-4847-836B-81E8770973F5@bluepopcorn.net> <5208da1b-ecfb-4d41-8506-a734a27ab3a0@tana.it> <CAL0qLwbnSe77Wdt+M8bi2pBmZFCZjDUQc6je9bjCzP5TQ0N6XA@mail.gmail.com> <49859572-18a4-483b-bb99-62c1c231896e@tana.it> <CAL0qLwZc6idmMra11pVx2bbtk2Em9-vy6+962M7jDWOMnP+UHQ@mail.gmail.com> <1ee6df39-a622-4060-83db-bcc9a7a835d4@tana.it> <CAL0qLwYX_D7S_-Vn9RwwRzwyNO=8=3UVqbP8rz3SCWG4dvGZig@mail.gmail.com> <f5f55a39-127d-4a84-a66b-950379ecb013@tana.it> <CAL0qLwZzfnDA=7bwCu26S1SJPEE3hBq929674hH6naKXWuyh5g@mail.gmail.com> <ebf343ed-ee60-47b0-a02f-8518a8369bb0@tana.it> <CAL0qLwagtzjYYJmyyGpMeMTtKLtYyk_JjagkXGtscvN61kSDbw@mail.gmail.com>
In-Reply-To: <CAL0qLwagtzjYYJmyyGpMeMTtKLtYyk_JjagkXGtscvN61kSDbw@mail.gmail.com>
From: Douglas Foster <dougfoster.emailstandards@gmail.com>
Date: Thu, 04 Apr 2024 13:20:55 -0400
Message-ID: <CAH48ZfyKE6n2Q_GfW8oZv9y=MxOBV8sRPPMPV8akHdu6W_jn1A@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000fa50010615488f2b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/lnVfQdaLtbROrRLiBnybgN9Lvek>
Subject: Re: [dmarc-ietf] Overall last-call comments on DMARC
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Apr 2024 17:21:01 -0000

Murray, I was hoping your proposal to advance ARC was serious.

Google has solved the problem of limited ARC deployment.  To my mind, this
means that we cannot revoke the experiment and we cannot do much to change
it, so we might as well advance it to standards track.  It became a
de-facto standard on February 1.

When an evaluator wants to accept Special Sender traffic, he needs two
pieces of information:

   1. How to detect that the message might qualify as a Special Sender
   2. How to authenticate the Special Sender to differentiate that source
   from malicious actors.

As my proposed text should have indicated, the evaluator has a huge
obstacle when the Special Sender's Mail From address has been lost due to
secondary forwarding.
ARC fixes that problem rather well, while facilitating the entire process.

To Ale's concerns, I think a registration process would help mailing lists,
but there are many options, and we do not need to define one single
solution.   Most of the mailbox providers already have a registration
process for bulk senders, with a feedback loop for problem situations.  I
see plenty of opportunity for them to build on that.

On the other hand, I don't see our current document having much impact
toward better message disposition; it simply does not break enough new
ground.  So I see no need to rush to completion.  However, I can envision
how the benefit from having ARC integrated into our text.  I don't think we
have satisfied our charter without it.  I see every reason to proceed with
ARC first.

Doug Foster



On Thu, Apr 4, 2024 at 12:14 PM Murray S. Kucherawy <superuser@gmail.com>
wrote:

> On Thu, Apr 4, 2024 at 8:50 AM Alessandro Vesely <vesely@tana.it> wrote:
>
>> > I know what "contract" means abstractly, but what does this actually
>> look
>> > like to someone that's looking for specific guidance?  The text you
>> have
>> > here, by itself, is vague and I don't think many operators will know
>> what
>> > to do with it.
>>
>> A file in each user's home directory listing allowed pairs of ARC's d=
>> domain
>> and the list-id identifier of a List-Id: field?
>
>
> I'm a Gmail user.  What's a "home directory"?
>
>
>> Whatever.  What do Google use
>> to determine if an ARC seal is trusted?
>>
>> We don't have much concrete experience on how to set up a contract,
>> though.
>>
>
> This is what I'm worried about.  We're in WGLC for the base document, so
> this discussion is in that context.  But is WGLC really a good time and
> place to be introducing abstract ideas about how this might or might not
> work?  Aren't we looking to create something fairly complete and concrete
> in a Proposed Standard?
>
> >> Meanwhile, we can mention ARC, in Section 5.8  (minimal text proposed
>> in
>> >> another thread[*]).  How much can we expand that?  For example, can we
>> >> whisper something about the need to trust specific sealers for
>> specific
>> >> streams?
>> >
>> > If you really need ARC to make all of this work and interoperate with
>> > lists, then I think we need to start talking about how we want to move
>> ARC
>> > out of "Experimental" first so it can become a normative reference.
>>
>> Back to timing here.  DMARCbis I-Ds seem to be mature enough to go out,
>> even if
>> there are not yet a practical solutions to the ML problem.  Further
>> delaying
>> them until we find one is inadvisable.
>>
>
> Then why are we tossing about all these ideas during WGLC, muddying the
> waters?
>
>
>> Yes, we need ARC, but we also need a method to convey agreements based on
>> it.
>> We couldn't spell out a solution even if ARC were standard track already.
>>
>
>> We can just hint at it.  Parts of the Doug's text sound good for that.
>> Here's
>> a variation on it, mixed with the 2nd paragraph of Section 5.8:
>>
>> [...]
>>
>
> So if I can summarize, I believe you're saying:
>
> Here's a Proposed Standard.  In some common deployment scenarios, we know
> that it has some undesirable side effects.  There isn't any concrete way to
> fix that as part of the PS.  You could do some X, which is this new-ish
> experimental thing, or you could do some Y, or maybe both, and Z might
> help, "whatever", but only one of those is well-defined, and none of them
> are part of this PS nor are they published yet, and there's a non-zero
> chance that we'll run out of energy and not actually do so.
>
> Is that what you want to send to the IESG?
>
> -MSK
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>

v2.23.0 | Report a Bug | By Email