Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-psd-03.txt
Scott Kitterman <sklist@kitterman.com> Wed, 15 May 2019 11:24 UTC
Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CEDE6120091 for <dmarc@ietfa.amsl.com>; Wed, 15 May 2019 04:24:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b=7Tf15eGP; dkim=pass (2048-bit key) header.d=kitterman.com header.b=WjaxkDGd
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BG6SsIgL8Uvu for <dmarc@ietfa.amsl.com>; Wed, 15 May 2019 04:24:29 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4A533120047 for <dmarc@ietf.org>; Wed, 15 May 2019 04:24:29 -0700 (PDT)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) by interserver.kitterman.com (Postfix) with ESMTPS id C69D4F80041 for <dmarc@ietf.org>; Wed, 15 May 2019 07:23:00 -0400 (EDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903e; t=1557919380; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from; bh=Sl9Wxi0KFqgGNELUysaiEhq2E7UZRe29qeWgX/1nFW0=; b=7Tf15eGP4C/0hz4VR99llRYU6/TN7Ls2B06Y7Ssy84QTPGBfKBXVdB/O 0KCHbygQVhvM0vxIsFEl42DJD9uHDA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903r; t=1557919380; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from; bh=Sl9Wxi0KFqgGNELUysaiEhq2E7UZRe29qeWgX/1nFW0=; b=WjaxkDGd48WpkhmeZvt8F44TC8u1ZDyE9ShUrKVmtxh+Gg1ixKJPR6mA J19XSCeYgXrfNx7EvsmzxuH9hQBjE4fkK1v1wCIxhois5P6BMNiaKPet/o zwT9aUxlDFBXmuNJjBx+jn/XbhyUn9F74Utxa9/S2tEVzXmxm2kUxjodfS QNapBwFWBqQJ2qT5M1Lkzs+LG5aOq5FrKWnJwfEngyYTG4MH05AQjIgm2f ZmrGpjwZVWDnZcBTliaRxBelBbzwlL6R8o48fKLpqMiikHqjP+Cm6/ej6d 5JWJTzV5y/pvl/QwLw55O2HKhWBwf9+WvoVb6ZxHWISjgJDKMoMFhw==
Received: from l5580.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) by interserver.kitterman.com (Postfix) with ESMTPSA id 93CEFF8003E for <dmarc@ietf.org>; Wed, 15 May 2019 07:23:00 -0400 (EDT)
From: Scott Kitterman <sklist@kitterman.com>
To: dmarc@ietf.org
Date: Wed, 15 May 2019 07:22:59 -0400
Message-ID: <3063446.ceL4kMytFt@l5580>
In-Reply-To: <e94283b9-5706-89be-dc4e-78bdf372510f@tana.it>
References: <155728145158.24534.10112720017814447505@ietfa.amsl.com> <CAD2i3WMKUm51tjXc+cQVqri-wQqJJENd=33Ah45knm0BtODXew@mail.gmail.com> <e94283b9-5706-89be-dc4e-78bdf372510f@tana.it>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/olwsuT90hoD4Gc2oQtjrBRS6tEo>
Subject: Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-psd-03.txt
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 May 2019 11:24:32 -0000
On Wednesday, May 15, 2019 6:17:24 AM EDT Alessandro Vesely wrote: > On Fri 10/May/2019 01:16:58 +0200 Seth Blank wrote: > > To reiterate: > > > > This normative MUST NOT is a mistake from many different angles, as it: > > 1) codifies a policy decision that doesn't affect interoperability > > 2) adds complexity because reporting against the third lookup is now > > different than reporting for the other lookups > > 3) doesn't apply for all use cases (specifically, it would prevent .com > > from gathering RUF data, but also prevents .google from operating in the > > same manner as google.com <http://google.com>) > > 4) reverses a key value of DMARC: giving control of policy to domain > > owners > > > > I strongly agree that RUF is potentially problematic here, and it would be > > better off if no one got it, but I really believe that's a policy decision > > for a domain owner / PSO (and a policy decision for who is allowed in a > > registry of PSOs), not something that should be normative in the spec. > > In part I agree. However, RUF is potentially problematic in general. > Whether and how to honor RUF requests deserves a better discussion in the > DMARC specification. I certainly wouldn't send a non-redacted failure > report to an unknown domain. > > That said, I agree that control of PSDs should be given to PSOs, by the same > logic of bullet (4) above. > > On Thu 09/May/2019 18:39:13 +0200 Scott Kitterman wrote: > > I disagree. That puts the (potential) fox in charge of the hen house. > > It is true that we cannot trust the generic domain owner. However, PSOs are > somewhat more constrained by policies and contracts. In addition, their > public DNS records are quite easy to check. Perhaps we could concede a > little bit of trust to those foxes? > > In addition to Seth's "if you're a PSD, don't ask for RUF", I'd propose that > multi-organization PSDs (e.g., ".com") that do not mandate DMARC usage > SHOULD publish a blank DMARC record, that is policy=none, no ruf, no rua. > PSOs that violate those recommendations would not do so in a concealed or > unanticipated way, but as an integral part of their legalities. There are multiple types of entities running PSDs under multiple sets of rules. I don't think it's nearly that simple. Transparency only helps moderate bad behavior where there are alternatives. Scott K > > Best > Ale
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-psd… Scott Kitterman
- [dmarc-ietf] I-D Action: draft-ietf-dmarc-psd-03.… internet-drafts
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-psd… Seth Blank
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-psd… Scott Kitterman
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-psd… Seth Blank
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-psd… Scott Kitterman
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-psd… Seth Blank
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-psd… Alessandro Vesely
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-psd… Scott Kitterman
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-psd… Seth Blank
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-psd… Murray S. Kucherawy
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-psd… Dotzero
- Re: [dmarc-ietf] I-D Action: draft-ietf-dmarc-psd… Scott Kitterman