Re: [dmarc-ietf] Fwd: I-D Action: draft-ietf-dmarc-psd-01.txt

"John Levine" <johnl@taugh.com> Wed, 06 February 2019 01:59 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61DF81288BD for <dmarc@ietfa.amsl.com>; Tue, 5 Feb 2019 17:59:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=GdKyzv1e; dkim=pass (1536-bit key) header.d=taugh.com header.b=Oekl8bAg
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ijT9Vba7h9fT for <dmarc@ietfa.amsl.com>; Tue, 5 Feb 2019 17:59:19 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 96DD012D7EA for <dmarc@ietf.org>; Tue, 5 Feb 2019 17:59:19 -0800 (PST)
Received: (qmail 55021 invoked from network); 6 Feb 2019 01:59:18 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=d6eb.5c5a3f76.k1902; bh=0Y1+AfzMVOIznsk38EblhdePzmYn4WPydYfGtGLF+nc=; b=GdKyzv1enI/CRUDT0S/TYmeV2nN22X1PZYds4Qs3Up4CLXQbRG0cpNH//Vxc3DBXBJkEqn7b9LTNg8zN/G0/9ifSxIKfyw2N6OipnQ0HtyWlnoguJbb2QNFPk/oGJYAHaRpkk7uKrz6gOTpb9kFOtGA+4XLzNRyK4jxzB9LC3HUR79fVLk4z6cickd6XGw+Qnv0y4IO7OseXfK3uDlWMg5zLe3iRmpbvHIFGmgvyitW7+kBw+Y83zrkSZX9+jXYA
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=d6eb.5c5a3f76.k1902; bh=0Y1+AfzMVOIznsk38EblhdePzmYn4WPydYfGtGLF+nc=; b=Oekl8bAgXtjUt6KenZw/MJJi1y4U/TJNg5l0t9/za53fCPJwV1u9GgqO2GTv8sv3O1UCgghzW2xCsULZ8yToPCzwpeuLNXeAgb8DYOOlxqRi9KN2ZT3BUF7kiX+tpRgHHi5yNpdGLppejBUsYjMCxwFtBfGZjq9ywn6KmoEuCruD4SLNp0VZEcheMF+LP/EdTdSwUGi4Nm1XHb666YzdKITQoUfYU0ZJe6nz4nMPtXWnGZUwmZaYv1BXyquYMvhG
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTP via TCP6; 06 Feb 2019 01:59:18 -0000
Received: by ary.qy (Postfix, from userid 501) id 05BBA200DD44EF; Tue, 5 Feb 2019 20:59:17 -0500 (EST)
Date: 5 Feb 2019 20:59:17 -0500
Message-Id: <20190206015918.05BBA200DD44EF@ary.qy>
From: "John Levine" <johnl@taugh.com>
To: dmarc@ietf.org
Cc: sklist@kitterman.com
In-Reply-To: <6596039.Rh8MxG5e5K@kitterma-e6430>
Organization: Taughannock Networks
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/o683NblhaSvZE2lbjhig7f3ktDE>
Subject: Re: [dmarc-ietf] Fwd: I-D Action: draft-ietf-dmarc-psd-01.txt
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Feb 2019 01:59:21 -0000

In article <6596039.Rh8MxG5e5K@kitterma-e6430> you write:
>The current PSL is over 12K lines long.  What we're talking about here is 
>probably .1% to 1% that size.

Indeed, but since everyone has the PSL anyway to find organizational
domains, who cares about the size?  The point of asking the PSL people
to do it is to find a credible third party to evaluate "all your
domains belong to us" assertions.

>  Leaving aside for a moment the mechanism, would 
>people review the latest draft and see if they think the privacy issues are 
>adequately described and if they require some kind of mitigation?

I think it's fine.  At the end where you talk about failure reports,
you might note that since they contain actual messages, any domain
where the admistrator does not normally read its users' mail already
has the same issues.

R's,
John