Re: [dmarc-ietf] Guidance around constructing an AAR when multiple AR headers are present?
Seth Blank <seth@valimail.com> Tue, 30 May 2017 17:21 UTC
Return-Path: <seth@valimail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C272128BBB for <dmarc@ietfa.amsl.com>; Tue, 30 May 2017 10:21:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jIibXpYAyYby for <dmarc@ietfa.amsl.com>; Tue, 30 May 2017 10:21:36 -0700 (PDT)
Received: from mail-qk0-x235.google.com (mail-qk0-x235.google.com [IPv6:2607:f8b0:400d:c09::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B33FE124BE8 for <dmarc@ietf.org>; Tue, 30 May 2017 10:21:35 -0700 (PDT)
Received: by mail-qk0-x235.google.com with SMTP id 19so8743044qke.2 for <dmarc@ietf.org>; Tue, 30 May 2017 10:21:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=MK6sMITXn0DRv/Xfgyl0uMfB6e853eLKLgsCx4QaE+s=; b=fnYhYthvq81mt35vYdflTPzdutYydROhy1trJ6a8PZ2h15SME3ZqThbRNDrEMq/StF zdTJdJnx98kAQFsqs0mNYj2FQbMXFA2t6NIRPDz+EPfr6GsQq3tpjnTSQaaf2WAV8EsA jCiCDVHm9gJW91JX8rN+WJSHpES2jK+DKuSb3KnfG2qFWUMZ3WbMLrjhYsJ5P3xE33cC 9cUgJ+FDHdnAuQtviFKCt5A9BCQVPY4m+owxrZ0JBhw6r7dDF3afW2wn4OEbl1XIjuDL UoQKQYPed+h7YaCdqGMRzgamB3kjTBAGl4dcQKqBTsDrGlMnL3BjiTLBFiasgTCRzg8r YuxQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=MK6sMITXn0DRv/Xfgyl0uMfB6e853eLKLgsCx4QaE+s=; b=bs/MJW7AspkwaY5KHbX+aZnKycafFS2A10sXeIM0Jvx5shQVpvj4KhwV9q0RziDmzY GnuxQ/ITWHtJOL6bmaeAIDYoA29jKy7t1fAAsQk5WCAsYNkOphIOsHKmxgoWFnU/koVO DaqRZn/EoUZAqSzec16HV5meAfRleqSA9l9UqcEJBjNq52BvakwKycqtGQLnvagS42tn IHxBiQTfF1uhTS216WF8Ub/CA42RFakWlsk6rKEGSA8L1cZMINYxVdkGwt4mHTxM7wEj EoczptQXc89iBhDd/65iv2g6iydQB/rnUHImHAO0X+wvQIc+lyAJEnS7kkI/UwslwDE+ K++A==
X-Gm-Message-State: AODbwcC95A1vczvgrZtkM9bLXjwrejQtQGKJ43ygv77e+yj+tWfkfo+R vM0pinfH1fu/NrB/Af1EYEfqDR1MSSZWnyFMtQ==
X-Received: by 10.55.126.69 with SMTP id z66mr22327966qkc.137.1496164894735; Tue, 30 May 2017 10:21:34 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.200.42.242 with HTTP; Tue, 30 May 2017 10:21:14 -0700 (PDT)
In-Reply-To: <4BC08AA6-02AE-4186-B0DB-ED773A35809C@kitterman.com>
References: <alpine.OSX.2.21.1705242026410.29429@ary.qy> <43d13efe-c0c4-62a6-490c-4e92eb265d65@gmail.com> <8F87F9DE-C87E-406E-BA49-6AEA5DC17283@kitterman.com> <ogeq97$2u0k$1@gal.iecc.com> <4BC08AA6-02AE-4186-B0DB-ED773A35809C@kitterman.com>
From: Seth Blank <seth@valimail.com>
Date: Tue, 30 May 2017 10:21:14 -0700
Message-ID: <CAOZAAfN2E--bpMOrpFWRs3gAEMWM8ziCd_o9U3sh7+87PNE_Gg@mail.gmail.com>
To: dmarc@ietf.org
Cc: Scott Kitterman <sklist@kitterman.com>
Content-Type: multipart/alternative; boundary="94eb2c05a07c1391530550c10936"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/mEv7DwiwJte6zZmreSLyBASENhU>
Subject: Re: [dmarc-ietf] Guidance around constructing an AAR when multiple AR headers are present?
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 May 2017 17:21:37 -0000
On Tue, May 30, 2017 at 9:39 AM, Scott Kitterman <sklist@kitterman.com> wrote: > On Tuesday, May 30, 2017 09:34:49 AM Seth Blank wrote: > > Resolved items: > > - Handling of multiple incoming AR headers (resolved, but language not yet > > in spec) > > If this is resolved in favor of not handling multiple AR header fields (which > IIRC is the plan), then something needs to specify the combination is > required. I think that something needs to be a DMARC document, not ARC, > because this is a requirement that's being imposed on all DMARC AR header > field providers regardless of if they care about or participate explicitly in > DMARC. I believe the consensus in this thread was about adding the following sentence to the first paragraph of https://tools.ietf.org/html/draft-ietf- dmarc-arc-protocol-03#section-5.1.3 , with added clarification that we're only talking about the current AAR[n]: "The AAR should contain all Authentication-Results results from within its ADMD, regardless of how many Authentication-Results headers are on the message." I don't think this needs a separate document, as I think it is very ARC specific because it's only about construction of the AAR header and making sure the proper information gets into it (since multiple AR headers are a reality in the wild, we just need a sentence on how to deal with them). Or am I totally misunderstanding your point? Seth On Sun, May 28, 2017 at 8:53 AM, Scott Kitterman <sklist@kitterman.com> wrote: > > > On May 28, 2017 11:27:35 AM EDT, John Levine <johnl@taugh.com> wrote: > >In article <8F87F9DE-C87E-406E-BA49-6AEA5DC17283@kitterman.com>, > >>Nothing other than potentially ARC requires multiple AR header fields > >for different authentication types to be combined. These different > >>verification operations (e.g. SPF, DKIM, and DMARC) are generally > >performed be different processes that add their own AR field. > > > >Since DMARC needs the results of SPF and DKIM, how does that work? > >Does DMARC look at the A-R that the other two created or is there a > >side channel? It occurs to me that a DMARC process has everything > >needed to make a header that combines all three. > snip > > At least for OpenDMARC, if it's not doing it's own SPF check (which seems > odd to me because it's done after DATA, but it works), it will look at > multiple AR fields for both SPF and DKIM results. > > Scott K > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc > -- [image: logo for sig file.png] Bringing Trust to Email Seth Blank | Head of Product for Open Source and Protocols seth@valimail.com +1-415-894-2724 <415-894-2724>
- [dmarc-ietf] Guidance around constructing an AAR … Seth Blank
- Re: [dmarc-ietf] Guidance around constructing an … John Levine
- Re: [dmarc-ietf] Guidance around constructing an … Brandon Long
- Re: [dmarc-ietf] Guidance around constructing an … Seth Blank
- Re: [dmarc-ietf] Guidance around constructing an … John R Levine
- Re: [dmarc-ietf] Guidance around constructing an … Brandon Long
- Re: [dmarc-ietf] Guidance around constructing an … John R Levine
- Re: [dmarc-ietf] Guidance around constructing an … Dave Crocker
- Re: [dmarc-ietf] Guidance around constructing an … John R Levine
- Re: [dmarc-ietf] Guidance around constructing an … Scott Kitterman
- Re: [dmarc-ietf] Guidance around constructing an … John Levine
- Re: [dmarc-ietf] Guidance around constructing an … Scott Kitterman
- Re: [dmarc-ietf] Guidance around constructing an … Seth Blank
- Re: [dmarc-ietf] Guidance around constructing an … Scott Kitterman
- Re: [dmarc-ietf] Guidance around constructing an … Murray S. Kucherawy