Re: [dmarc-ietf] Ticket #55, closing

John Levine <johnl@taugh.com> Sun, 24 January 2021 17:05 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB8EE3A0E7B for <dmarc@ietfa.amsl.com>; Sun, 24 Jan 2021 09:05:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.852
X-Spam-Level:
X-Spam-Status: No, score=-1.852 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.248, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=OsOc1Qi5; dkim=pass (2048-bit key) header.d=taugh.com header.b=E8UJgzAD
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NMcNqlUenGMW for <dmarc@ietfa.amsl.com>; Sun, 24 Jan 2021 09:05:07 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6A2B63A0E7A for <dmarc@ietf.org>; Sun, 24 Jan 2021 09:05:06 -0800 (PST)
Received: (qmail 24903 invoked from network); 24 Jan 2021 17:05:05 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=6144.600da8c1.k2101; bh=C/OdGJrZ6o1mM7pfLEzfzuRhxTHPfHW6mqpIvmPzRJc=; b=OsOc1Qi5okjEYGk1Cf9WQ2DoCbdfH+avGw84g7jjmXMKJWkVfz0BH3pr609jWSK0wdlXkZ2i7g6OMZwOZgKhlittyoLsMXdQ8DSDAf1PBNm5joCPzm9SsH9ZbUJg5OsJrsqXcRtFVcCJeR7i/9MPyWnD3wDmdUkAO6ok6xEtpUrZigPW+xfGeknVtKJh9tflw6juGsjIfLbzUAr0CkNZYvq5M2Tjveq5pKi7oXCe/cOsXbXslj3nZupoBnhhQjK+KdnMWY7I/pPxeyIPmjz6zfNmJqtxN3fYwS7SWqWUlFxD2/hiwfTmPu48VjWDKvGBoEZ/sSP3MReA4GPeUBdjmw==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=6144.600da8c1.k2101; bh=C/OdGJrZ6o1mM7pfLEzfzuRhxTHPfHW6mqpIvmPzRJc=; b=E8UJgzADQyJoTwZcqxjfBAIDHZrqCE1gO+IOqjK7klM66Bv+8lv3nPk934lKZ5TvMfZcXPTE3Rka538PXX6uXL+9Pz8P9yW9BpuhvJ/7znVrM5A/LmLcWVUczAt5/ZAl9A9+arAo8w3xYqSJCnF+YowPY1303CF/1gKiMVyEkYFvlXgrpHQZJVcLiq/LLIwxQJOUlkR22kEleuoggMclvpbmhTSbcNzGTR9PD8v8Ee5GloU9amSCay8dAy2Wo38C0RKGUKdXr1Bn3rr+mYzgN9xdwXyRMBbpPLoS6vtVw5q3A5trJONoyJSmhE/I0zaQ9Ldr440wNM1fUAuYyWzhfg==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 24 Jan 2021 17:05:05 -0000
Received: by ary.qy (Postfix, from userid 501) id 07A236C05685; Sun, 24 Jan 2021 12:05:03 -0500 (EST)
Date: 24 Jan 2021 12:05:03 -0500
Message-Id: <20210124170505.07A236C05685@ary.qy>
From: "John Levine" <johnl@taugh.com>
To: dmarc@ietf.org
Cc: vesely@tana.it
In-Reply-To: <8423eb32-2e45-77d9-dda0-306bacdd4981@tana.it>
Organization: Taughannock Networks
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/q2tfUzyirswrAPQS-MktWsilSZo>
Subject: Re: [dmarc-ietf] Ticket #55, closing
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2021 17:05:11 -0000

In article <8423eb32-2e45-77d9-dda0-306bacdd4981@tana.it> you write:
>Hi all,
>
>I'm going to post version -01 of failure reporting before 22 February.  Please express consensus or ask for changes.
>
>MD version:
>https://github.com/ietf-wg-dmarc/draft-ietf-dmarc-failure-reporting/blob/main/draft-ietf-dmarc-failure-reporting.md

My main concern continues to me that we should not have made this a
separate draft, but we should put all of the reporting in one document.

In sec 3 it says the reports SHOULD include all URIs.  That is a privacy problem since it is common
for unsubscribe URIs to contain the recipient address in plain text or an easily reversed encoding
such as base32.

The privacy considerations miss the fact that organization domains are
only an approximation to actual domain ownership, and reports may be
sent to someone unrelated to the actual sender. This is not
hypothetical; I get reports for subdomains who are not me all the time.