IETF Logo Mail Archive

Re: [dmarc-ietf] Search for some consensus, was: Proposed text for p=reject and indirect mail flows

Alessandro Vesely <vesely@tana.it> Thu, 27 April 2023 16:02 UTC

Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 213B7C151701 for <dmarc@ietfa.amsl.com>; Thu, 27 Apr 2023 09:02:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.799
X-Spam-Level:
X-Spam-Status: No, score=-2.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=tana.it header.b="LfGxKkGP"; dkim=pass (1152-bit key) header.d=tana.it header.b="CP4pZL1Q"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hCfl6kRu77dD for <dmarc@ietfa.amsl.com>; Thu, 27 Apr 2023 09:02:37 -0700 (PDT)
Received: from wmail.tana.it (wmail.tana.it [94.198.96.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 657AEC151553 for <dmarc@ietf.org>; Thu, 27 Apr 2023 09:02:35 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=tana.it; s=epsilon; t=1682611352; bh=5QmwFcj310f8UfaaEEckvYTZ6GsocGAMVKwctZfVmio=; h=Author:Date:Subject:To:References:From:In-Reply-To; b=LfGxKkGPXhshPffZzR/G5ShuBn/ARomrRWfuqAVzuI6nzfDiq+/HkRcPABe+1vmlz MGEE/YURNUyJzpM9saADQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1682611352; bh=5QmwFcj310f8UfaaEEckvYTZ6GsocGAMVKwctZfVmio=; h=Date:Subject:To:References:From:In-Reply-To; b=CP4pZL1QlpCikUNV8PIUgd1yPlaiTRuffAfN86jLyFFMLqL8Z0CmcM7g0vPJ9msww 3+7t6VEbqCjnUOYWkFx+fGvUy7c6GE9JhFccYdL/6vIu67dyG5Muwg3TpApfnopFpG bAQ6TGzHOi1+8jrioqYrBrpuOT4x7fjL7tYDjoR5JbL4tnaDnCp0zFgE5buNN
Original-Subject: Re: [dmarc-ietf] Search for some consensus, was: Proposed text for p=reject and indirect mail flows
Author: Alessandro Vesely <vesely@tana.it>
Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3, 128bits, ECDHE_RSA_AES_128_GCM_SHA256) by wmail.tana.it with ESMTPSA id 00000000005DC134.00000000644A9C98.0000277D; Thu, 27 Apr 2023 18:02:32 +0200
Message-ID: <94a3da06-2ee9-ddb9-6c17-1dfa8aa5ba21@tana.it>
Date: Thu, 27 Apr 2023 18:02:32 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.9.0
Content-Language: en-US, it-IT
To: dmarc@ietf.org
References: <CALaySJ+NBg9vzqa0_t-sBf7EKXQ3A=DTyy-Vc7M-ZK9-vfJxmw@mail.gmail.com> <29216533.CRhL9lMF2B@localhost> <9aaeadee-c29a-efe8-2c43-ed6fc1b3ed0d@tana.it> <D29CB79C-AAEB-4999-92C7-D19389916D98@kitterman.com>
Authentication-Results: tana.it; auth=pass (details omitted)
From: Alessandro Vesely <vesely@tana.it>
In-Reply-To: <D29CB79C-AAEB-4999-92C7-D19389916D98@kitterman.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/tN-V4OvczVbr2aSi5-k8bZSSFBY>
Subject: Re: [dmarc-ietf] Search for some consensus, was: Proposed text for p=reject and indirect mail flows
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Apr 2023 16:02:44 -0000

On Wed 26/Apr/2023 13:21:33 +0200 Scott Kitterman wrote:
> On April 26, 2023 8:08:39 AM UTC, Alessandro Vesely <vesely@tana.it> wrote:
>>On Tue 25/Apr/2023 20:27:18 +0200 Scott Kitterman wrote:
>>> My recollection is that a general formulation that I proposed had at least 
>>> some traction out of both groups:
>>>
>>>> [some appropriate description] domains MUST NOT publish restrictive DMARC
>>>> policies due to interoperability issues
>>>
>>> Leaving aside (for now) the question of what goes into [some appropriate 
>>> description] and with the assumption that there will be some non-normative 
>>> discussion to amplify whatever that is and probably give some indication about 
>>> what domains might do to not be one of those domains, is there anyone who just 
>>> can't live with that formulation of the situation?
>>
>> Me, for one.  Because more than 98% of domains are going to fall into the description, however we word it, that statement makes the whole I-D nonsensical.  Cannot we just tell the problem without MUSTard?
>>
>> In any case, using the complement of [some appropriate description] is certainly easier.  For example:
>>
>>    Forcing authentication into Internet mail by publishing restrictive DMARC
>>    policies breaks some well established patterns of usage.  Publishing such
>>    policies is thus RECOMMENDED only for domains [in this other appropriate
>>    description].
>
> Thanks.
> 
> I understand your objection to be that the proposed description of the interoperability problems would apply to too many domains, regardless of the modifier we might use.  Is that correct?


Nearly.  Too many would be 40%.  98% is practically all.  Indeed, we're talking 
of mailboxes used by humans...


> I don't understand the technical issue associated with that objection.  I get that you feel the construction is too negative, but I don't have a sense you think it's inaccurate.  Focusing on the technical aspects of this, would you please help me understand what you think is technically incorrect about it?


Perhaps MUST NOT would have some sense if DMARC were breaking a well known 
protocol.  The established patterns of usage we break are in turn breaking some 
other RFCs, aren't they?

Why would the applied workaround have less merit than the original hack, from a 
formal POV?  I mean, if we stand by the letter of the protocols so much as to 
feel the need to say MUST NOT.


Best
Ale
--

v2.23.0 | Report a Bug | By Email