IETF Logo Mail Archive

Re: [dmarc-ietf] what to document about the tree walk

Dotzero <dotzero@gmail.com> Thu, 14 July 2022 15:26 UTC

Return-Path: <dotzero@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B942C14F737 for <dmarc@ietfa.amsl.com>; Thu, 14 Jul 2022 08:26:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kJFJ9sYb3G3n for <dmarc@ietfa.amsl.com>; Thu, 14 Jul 2022 08:25:58 -0700 (PDT)
Received: from mail-pg1-x529.google.com (mail-pg1-x529.google.com [IPv6:2607:f8b0:4864:20::529]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 65707C15948E for <dmarc@ietf.org>; Thu, 14 Jul 2022 08:25:58 -0700 (PDT)
Received: by mail-pg1-x529.google.com with SMTP id e132so1868567pgc.5 for <dmarc@ietf.org>; Thu, 14 Jul 2022 08:25:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=AMUef31Ajr4CtodPc2SujmsQ2+RAPYKHmW2D57hgIvQ=; b=miIXTmTQmO5ZfI7x9IydJ58DSLlJAp3WH6KTxAD1yt7dzYIxSDOXdZGXkrpMzDWL6A fbo7Jd84XoSz1xEHVTuJcUnpiwIMTysYpb8QafNEX4UQUQb7f/ncF8/SKOpFGmxuViVv xXOo0Qx871FG2qmvDp1kqVRFD6bD2DS1OcQjkAj8+3PYqu8pDzklRXpSgVyrc+rHbw5n fsLwotLDbgWuC0yWTNAyhf/J1dShEwZ4k7E2ERXhlWoalCX1EiJNkB2wHkXXCBZdkfcW rmPbUQjp4Hs+64aVTrkpRPYnC7V7486i4pxZgxqEvEJXuJUN5+7jZxL7uIjrCdG2jXdS 6A7Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=AMUef31Ajr4CtodPc2SujmsQ2+RAPYKHmW2D57hgIvQ=; b=6zRLdsUmiXwJVQGYGJ52dAw+X8CBCFF0hpFQ3fdtPJU/dBmURa6GhhdSo+be7DiVyq XoT38XUuVxIVC4WBP3DETgibyWQKQFskvCDKcbW2Im+ZHeBE8/4CJGEDPc+o/ZGq281m FeUgFeaNrzQjphVyL+Puy1D6qnneEDhbElVoge5wZS5IHF0QIvQx18Kjn6utZDMENPR+ tGMAiVpruiCoKHmRKLEQ83QCtBmehmBr3SoR/1IDP6z4bh2/URTD8OIWWNr3tcwrPyw7 w7a8/4/IQUvts67WABuIkwmyahptBXBGL90LtQSKMnJlXZR7yMAwzjwZSPO5YtIgKI1x od3A==
X-Gm-Message-State: AJIora8m1IhLEkNa/bBYhoaHa2mU68dA1BItt6MzZQPe5xiW+xTSDc2/ c8+maf/cYVEY3r0i0/WsRZumUs0ZjVwaldqVxREjYC7SOzQ=
X-Google-Smtp-Source: AGRyM1uDARvJO/vgdSuFGtrOSxV1ml5Xn56wqTiQz8ZoFFG0+Qvr3FbXiulF1cYYaSN8hlqqQQndO9J/tkzXujsd8DM=
X-Received: by 2002:a63:6:0:b0:419:7b89:69ff with SMTP id 6-20020a630006000000b004197b8969ffmr8052375pga.442.1657812357663; Thu, 14 Jul 2022 08:25:57 -0700 (PDT)
MIME-Version: 1.0
References: <20220710010547.DB3B04532F40@ary.qy> <d8716435-8a52-dac4-ede2-6c27fced7f0f@tana.it> <84DDA91C-26E2-4803-8C6C-0369ED67298F@kitterman.com> <c4a7fd03-eae8-497f-3133-73523a9c1ca2@tana.it> <5197ba5f-9de4-d838-1579-eae67683e2d4@taugh.com> <650cadee-db8f-a54a-4d14-082c2d0bed02@tana.it> <0f3a343b-e7ea-7509-ceab-e5670aac8616@taugh.com> <CAH48ZfxHgxZwu3zLh99pc1JS4s==9bxU-0nS78O=7UAnZ=DtUQ@mail.gmail.com> <CAHej_8nkpGo30b9-ZkRc_wokymJ2ry_hsMgzaB2m4EH-WWG_zw@mail.gmail.com> <CAH48ZfzoVocPRKeVTqf6AE6Z48AWKFObm7X5oDa1ic1sQ5V1zg@mail.gmail.com> <CAL0qLwZFO_KK3+RUdzMLyjW0uOnzi4mXcVww1Mqx8tmhe-x2hA@mail.gmail.com> <CAH48ZfwTaf75HiJS2_VJKez8s3FqMh-K_6eD2eqaJatXWwcKww@mail.gmail.com> <CAL0qLwbxoijfdfxpS5-LRPifxg+4e_ndBGQhne5s5of0zxBbMQ@mail.gmail.com> <D3807517-98C3-4F20-A594-F3109BCB831A@kitterman.com> <f5e3f92b-f95e-a3a5-c74d-bd0957bec61a@tana.it> <4293C636-9656-4122-80D6-5E2DE4D790B4@kitterman.com> <CAL0qLwZN8VfB2SLTindAO4P0_h47wphh2OZy8p8U3xM7-ZNGWA@mail.gmail.com>
In-Reply-To: <CAL0qLwZN8VfB2SLTindAO4P0_h47wphh2OZy8p8U3xM7-ZNGWA@mail.gmail.com>
From: Dotzero <dotzero@gmail.com>
Date: Thu, 14 Jul 2022 11:25:46 -0400
Message-ID: <CAJ4XoYc4m3dtH0RSH+JYm9HBVjuGPYY48n4vqcK_BM1_MTVVcQ@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Cc: Scott Kitterman <sklist@kitterman.com>, "Murray S. Kucherawy" <superuser@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000aecf6205e3c58456"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/p7kGUmcDBqbp50ubms39JvoXSgc>
Subject: Re: [dmarc-ietf] what to document about the tree walk
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Jul 2022 15:26:02 -0000

On Thu, Jul 14, 2022 at 11:12 AM Murray S. Kucherawy <superuser@gmail.com>
wrote:

> On Thu, Jul 14, 2022 at 6:13 AM Scott Kitterman <sklist@kitterman.com>
> wrote:
>
>> >> I think a choice within DMARCbis is a bad idea.  Effectively the
>> choice exists.  Evaluators will have the choice to stay with an RFC 7489
>> design or to upgrade to DMARCbis.
>> >
>> >The incentive to upgrade is not clear.  DMARC filters can run based on
>> an obsolete version of the PSL with no inconvenience, for a different
>> flavor of "upgrade".  Indeed, according to John's figures, we could have
>> done without any psd= tag.
>> >
>> Using obsolete data is a bug, not a feature.
>>
>
> Or using data that is accidentally correct most of the time, where
> alternatives are available.  Either way, +1.
>
> >Doug's idea of checking the results is a means to draw the attention of
>> operators on both the PSL version they use and its agreement with the DNS
>> at large.  New implementations could be encouraged to track the differences
>> and produce some kind of report about them.  IME, although running a very
>> small mail site, it does happen to hit some PSL entry, a fact which I
>> realized by chance —browsing the logs— so I cannot tell figures.
>>
>
>> What would operators do with such a report?  Receivers tracking sender
>> configuration issues and reporting issues back to them is a very 1990s
>> approach to making the Internet work. I don't think it's relevant to
>> anything useful these days.
>>
>
> If we think this is important data to put in front of people, this WG
> could do that sort of survey once there are implementations and include the
> result in an appendix, or put it in the WG's wiki or in the IETF's
> collection of implementation reports:
> https://www.ietf.org/how/runningcode/implementation-reports/
>
> It sounds like we're mostly there already given the analysis John did
> previously.
>
> >> We can't get rid of the PSL without getting rid of the PSL.
>> >>
>> >> There's no way to constrain it within the document.  If we have a
>> 'choice', we are essentially signing up the IETF to a future effort to
>> produce an update to actually get rid of it.
>> >
>> >Right, that would be the Internet Standard.
>>
>> Not really.  To drop functionality going to Internet Standard, don't you
>> have to show it's not used?  How would that even work?
>>
>
> RFC 2026 lays out the criteria for progressing a Proposed Standard to a
> Draft Standard and then to Internet Standard, and RFC 6410 later
> consolidated the latter two.  The criterion to which I think you're
> referring asserts that any unused features need to be removed before a
> protocol can advance.  However, RFC 7489 is not a Proposed Standard, so
> we're not constrained by that here.
>
> In any case, I agree that the longer the PSL remains in the equation, the
> longer we have to keep it, due to both inertia and growth of the deployed
> base.
>
> My understanding is that the IETF, based on past experiences, doesn't do
>> flag days where everyone has to switch to some new thing by a specific date.
>>
>
> I think that's right, though Barry's memory on this might be better than
> mine.  At a minimum, they're exceedingly rare.  A working group or other
> community pushing for a flag day needs to have quite a bit of momentum to
> make it work.
>
>
>> Currently we don't have any procedural requirement for backward
>> compatibility, since RFC 7489 isn't an IETF document.  Based on the working
>> group charter and good engineering practice we should limit changes that
>> affect existing deployments, but we have more flexibility now than we will
>> ever have again.
>>
>> In my view, standardizing two ways to do policy discovery and alignment
>> would be a substantial danger to interoperability and we'd be stuck with it
>> approximately forever.
>>
>
> +1 to this, for the reasons John gave in the email right below this one
> that just came in.
>
> Bite the bullet and mark use of the PSL historical for DMARC. As has been
pointed out, there will always be a long tail but we are talking rare
corner cases where the results from the two approaches diverge.

Michael Hammer

v2.23.0 | Report a Bug | By Email