Re: [dmarc-ietf] Nonexistent Domain Policy was: Re: Working Group Last Call: draft-ietf-dmarc-psd

Scott Kitterman <sklist@kitterman.com> Wed, 17 July 2019 23:45 UTC

Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D4CD120173 for <dmarc@ietfa.amsl.com>; Wed, 17 Jul 2019 16:45:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b=CvtbDx9P; dkim=pass (2048-bit key) header.d=kitterman.com header.b=qZiF8axf
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b5_T5W9JWYRm for <dmarc@ietfa.amsl.com>; Wed, 17 Jul 2019 16:45:13 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9761E120170 for <dmarc@ietf.org>; Wed, 17 Jul 2019 16:45:12 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [IPv6:2604:a00:6:1039:225:90ff:feaa:b169]) by interserver.kitterman.com (Postfix) with ESMTPS id BBDE8F805D5; Wed, 17 Jul 2019 19:45:11 -0400 (EDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903e; t=1563407111; h=date : in-reply-to : references : mime-version : content-type : content-transfer-encoding : subject : to : from : message-id : from; bh=EcJw1TR0RJ/7tU3rX+CgtsVod5z2Ure3OluWkXN6xwQ=; b=CvtbDx9PDJAQ0KbbvXe1UZXT4W+r4so1jPLiqbr0CnYiZSO8r0JEJfVw fcLYuRiu7D7L7YUBJxdj+Sj7wbSACA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903r; t=1563407111; h=date : in-reply-to : references : mime-version : content-type : content-transfer-encoding : subject : to : from : message-id : from; bh=EcJw1TR0RJ/7tU3rX+CgtsVod5z2Ure3OluWkXN6xwQ=; b=qZiF8axfT2WIvthTN/rfc+Qj+cti9J8Op0MQMk+wdahBuCITiuj/Gr+J BkIjHXeiHJvF033Dqnubo1x4IuXXbDc6dpCigKdCyDNYtbqR0PpP1lqKlL Fk5diMCXd7lXI1DeS4UeHSK888qsdaR8Tpe5UsOizvUcIDo4pP2+nkTnTK Wv1IRSdaWKacFITtqoIWbjfQnQWqoMw/FS+kHTeE9jsKX5/HR5H6CfMB1g vPYsy1d+8JKp9XD9dcB4qOLAYmQ7JIAC4EJfRsw5YpamETzcH/mbNfVacH riIHBl1gEghCmRTuOFKM62Di6aJsZmnJklAIj+QuBmGgkf48ejBTzw==
Received: from [10.65.244.24] (mobile-166-170-51-136.mycingular.net [166.170.51.136]) by interserver.kitterman.com (Postfix) with ESMTPSA id 250E5F80042; Wed, 17 Jul 2019 19:45:11 -0400 (EDT)
Date: Wed, 17 Jul 2019 23:45:08 +0000
In-Reply-To: <CABuGu1rSyifv0B9RtD3_R2ex-sh+nVrh4Q3H=kU=ZsDWzVRAgQ@mail.gmail.com>
References: <CAL0qLwbbz_UhBLsURg=eXhRBC2g9OghiN==T9Uq9pFuLtd=b7w@mail.gmail.com> <1958020.28HeBAo97T@l5580> <4789054.Ip9ilXyiH0@l5580> <7295017.bxVsTnSgkA@l5580> <CABuGu1rSyifv0B9RtD3_R2ex-sh+nVrh4Q3H=kU=ZsDWzVRAgQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
To: dmarc@ietf.org
From: Scott Kitterman <sklist@kitterman.com>
Message-ID: <E272FCC0-1616-4172-9B2D-D397EC2024FB@kitterman.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/npMGUpv80ubv3S8DP_xsqkci5DQ>
Subject: Re: [dmarc-ietf] Nonexistent Domain Policy was: Re: Working Group Last Call: draft-ietf-dmarc-psd
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Jul 2019 23:45:15 -0000

On your first point, I'll go double check.  I copied that text from the 'sp' definition.  I'm not sure why 'np' would be different.

On the second, I'm slightly reluctant to present redefine existing terms in an experimental document, but it is clearer and more explicit the way you suggest.  I'm curious what others think?

Scott K

On July 17, 2019 8:14:54 PM UTC, "Kurt Andersen (b)" <kboth@drkurt.com>; wrote:
>On Tue, Jul 16, 2019 at 10:07 PM Scott Kitterman <sklist@kitterman.com>;
>wrote:
>
>>
>> Updated rfcdiff attached.  The only change other than typos is to add
>> mention
>> of 'np' to Appendix A.
>>
>
>Having reviewed the thread and the diff insofar as it pertains to the
>"np"
>tag, I'm in favor of the "np defaults to sp" approach.
>
>Generally, I think that the proposed text works, but have two concerns:
>
>Firstly, I'm a little concerned with the sentence which says 'Note that
>"np" will be ignored for DMARC records published on subdomains of
>Organizational Domains and PSDs due to the effect of the DMARC policy
>discovery mechanism described in DMARC [RFC7489] Section 6.6.3.' I
>don't
>think that is an accurate portrayal. When DMARC evaluation libraries
>are
>updated to do both PSD lookups and handle the np tag, I would expect
>the
>presence of np tags below the PSD level would be processed exactly the
>way
>that any other tag in a DMARC record is processed. np will only be
>ignored
>(per the terms of the DMARC spec) when it is an "unrecognized" tag. I
>realized that this text is sort of picked up from the current
>description
>of "sp", but the inclusion of "and PSDs" makes it inaccurate. You can't
>publish an np record on a non-existent Org domain or any subdomain
>thereof
>:-)
>
>Secondly, I think that we need to update the "p" and "sp" descriptions
>in
>both 7489 sections 6.3 & 11.4:
>
>- p --> 'Policy applies to the domain queried and to subdomains, unless
>subdomain policy is explicitly described using the "sp" tag.' change to
>'Policy applies to the domain queried and to subdomains, unless
>subdomain
>   policy is explicitly described using the "sp" or "np" tags.'
>   - sp --> 'Requested Mail Receiver policy for all subdomains
>(plain-text; OPTIONAL).  Indicates the policy to be enacted by the
>Receiver
>at the request of the Domain Owner.  It applies only to subdomains of
>the
>domain queried and not to the domain itself.' change to 'Requested Mail
>Receiver policy for all subdomains (plain-text; OPTIONAL).  Indicates
>the
>policy to be enacted by the Receiver at the request of the Domain
>Owner.
>It applies only to subdomains of the domain queried if they exist or if
>  there is not an "np" tag published. "sp" does not apply to the domain
>   itself."
>
>--Kurt