IETF Logo Mail Archive

Re: [dmarc-ietf] PSD Related Privacy Considerations For Aggregate Reporting Draft

John R Levine <johnl@taugh.com> Tue, 31 January 2023 21:06 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F16F5C152561 for <dmarc@ietfa.amsl.com>; Tue, 31 Jan 2023 13:06:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b="1823Wk28"; dkim=pass (2048-bit key) header.d=taugh.com header.b="iUrc3qYF"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gXgGdv8xN2n4 for <dmarc@ietfa.amsl.com>; Tue, 31 Jan 2023 13:06:22 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B87B1C152574 for <dmarc@ietf.org>; Tue, 31 Jan 2023 13:06:21 -0800 (PST)
Received: (qmail 14703 invoked from network); 31 Jan 2023 21:06:18 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type; s=396c.63d982ca.k2301; bh=pPglSjnvBIkrSGuXfOPKz7vne5c+QCrv0PJm/RouxGc=; b=1823Wk28d8rHmCV+ulMo9CgTC2IRbSrMDtCOITnbtzl0DkscSZ/nF+purs8LAyUVgTev/Iea+1H6Nh8jD1hljvp8c9MvnfqXsrZHzK8iOC6J4jURMyhK1puhxoPKCS4TGZoRYOqWzoIXzCmuTHVCex8/1R5oZUo9gXiQzyxWSyvl6nnObFK0G8Kykvnmy/x+J4NnAkQ1Ocv/yJ496uf3TBT5ymhCVttG973sa58f/WOWzdOzxLKDLjwgfYFUqX8vy+9uy65kfKSo/4cWGUy6eE68BHmghcPOgJHhEhEcisR8wTUt2A2RDnVfW3HMMVj3nRS1yVKKAxskvwuLsTZiYA==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type; s=396c.63d982ca.k2301; bh=pPglSjnvBIkrSGuXfOPKz7vne5c+QCrv0PJm/RouxGc=; b=iUrc3qYFLdNOAlUJiM8BQrGqq5TBdFTSsg9PyZpA2M9ZqJFDRJVl4FqPdZfBsw+rOa5n/oN1wnQ4Os73weMWo3PG+P2G2StJA6kmtM+8CiN9Xa5hZWSrEY8mOvVn9gl9RwkDrlhWkYeXIFYR4Usx/K7Ve07HCjMcOOGLfuuIYE8q2m17hfH9c8tIW6+OGOgywjLY0W4n9JlxVWFPRLYiC/uds0qXunm4T0BAcdBNunyPpIoxbvXBog5JjywspEdd65Lr+v/bxNPFtIinivBOzfVRxVV1dgtxAzwQQULqzkLXZTksdU3q20OsjZkpYMKLLsIf94fAi5U3kxaJmB2WpQ==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.3 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 31 Jan 2023 21:06:18 -0000
Received: by ary.qy (Postfix, from userid 501) id 14739852A199; Tue, 31 Jan 2023 16:06:16 -0500 (EST)
Received: from localhost (localhost [127.0.0.1]) by ary.qy (Postfix) with ESMTP id A9F6B852A179; Tue, 31 Jan 2023 16:06:16 -0500 (EST)
Date: Tue, 31 Jan 2023 16:06:16 -0500
Message-ID: <0b43a598-0905-bd3d-ed09-aa9d97a72764@taugh.com>
From: John R Levine <johnl@taugh.com>
To: Emil Gustafsson <emgu@google.com>, Todd Herr <todd.herr@valimail.com>, Scott Kitterman <sklist@kitterman.com>
Cc: dmarc@ietf.org
X-X-Sender: johnl@ary.qy
In-Reply-To: <CABZJ8kmbWGpZ-JBEN_hzf5K5X-PbXY0r0WGu2rwfUyi-i6na0Q@mail.gmail.com>
References: <CABZJ8k=Rkh9+AoDA+N2tawU+GkizNRS-MG14sRayYHWBmFP62A@mail.gmail.com> <20230131193010.EC345851C6F8@ary.qy> <CAHej_8kkq_RBwE-sRcy0GbJ8NPXqRw25=wirgig+uB36uvbzvA@mail.gmail.com> <CABZJ8kmbWGpZ-JBEN_hzf5K5X-PbXY0r0WGu2rwfUyi-i6na0Q@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/o8PNIFYrQVbODf8A728VSI6Wvmo>
Subject: Re: [dmarc-ietf] PSD Related Privacy Considerations For Aggregate Reporting Draft
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Jan 2023 21:06:28 -0000

> example, but what matters is really the existence of example.com as I think
> the purpose is to not leak information to a PSO for a domain that do exist
> without a DMARC record.

The ENTIRE POINT of PSD records is to send reports about subdomains that 
exist but don't have their own DMARC records, so the PSD can tell the 
subdomain to fix it.

The only domains that will ever publish a PSD record are ones like .BANK 
and .INSURANCE that have contracts with their registrants, or like .GOV 
that are effectively a single organization.

There no chance whatsoever that .COM or any other unrestricted TLD will 
ever publish a PSD record.

Now that I look at the privacy considerations, we need to rip out stuff 
about Multi-organization PSDs (e.g., ".com") that do not mandate DMARC
usage because it makes no sense, and the bit about nonexistent only doubly 
makes no sense since it's impossible to implement.

Regards,
John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly

v2.23.0 | Report a Bug | By Email