[dmarc-ietf] Purpose of aggregate reports / Re:Two new fields in aggregate reports

Дилян Палаузов <dilyan.palauzov@aegee.org> Mon, 18 November 2019 15:45 UTC

Return-Path: <dilyan.palauzov@aegee.org>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F7B3120982 for <dmarc@ietfa.amsl.com>; Mon, 18 Nov 2019 07:45:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (4096-bit key) header.d=aegee.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zkh7-RBRUYUB for <dmarc@ietfa.amsl.com>; Mon, 18 Nov 2019 07:45:34 -0800 (PST)
Received: from mail.aegee.org (mail.aegee.org [144.76.142.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0D245120971 for <dmarc@ietf.org>; Mon, 18 Nov 2019 07:45:33 -0800 (PST)
Authentication-Results: mail.aegee.org/xAIFjTAi029603; auth=pass (LOGIN) smtp.auth=didopalauzov
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=aegee.org; s=k4096; t=1574091930; i=dkim+MSA-tls@aegee.org; bh=3OJUUyGo1y60TR7Ioy0XLA3710pnWy0FqInc1tvn7d8=; h=Subject:From:To:Date:In-Reply-To:References; b=YZ5d2egjxHLjGrFbKnhEMRJelreuzR/cPpH93I098+8zRNbdQgy5LRJlrI2QU1ZSQ 086DoyrDvlRvkZaPxCllkyF5LSpE1X+BpWvWpTevM6hITUlRpof7/mJ9L+Nv9qfTCI Do/NHxhpRm29/DN46863XTpAiRgbA3PLY7oy2Nfo0Qhq4NKV1BZR5t7EAtzIi9Dki8 OhKQ529F6Vu7WzalZ0wII1xA5xWG9c6aZYzkTufRzeHmI6vi1ln1Tf8zwlBK4CrdE/ 9FyIxEL8J2a0w9w8jjeIG6roB2bMz53iY7iDTW4itY18pwaYegoXw0JlR5nqS/f1V7 hLGeTj8rpmUbky+WJx1UMjpQZEDl6AzEiky7BDT0sbyfnbq2xr1UtV5+ah3UE7lhaX zNQQlktH+Z0f8RDg/E+x5VuS6qoNOaVwDvdFCeph/4XKLv99Ufll80wuE7GMpAMc+N vWo29TTlftFngws2SDn9yIXoBKswxMdkgVQiRTqN3FKUeeT4vRrNLFAAGEZCzBYu01 dvYh0RJUc3YlofJfKDL4vU7w4HD2dmOxHPpO3UajuWyxKzq7SIMGZLshkPnLxKzoYw KWHw5QrtrwCnmPbvu5vozDEHPKFywGIYAUxQ4v8UmlLls622FAxyeuFvOUyXcGCFfz cy9aKpKN+vZYG4R/gvPL4ZMg=
Authentication-Results: mail.aegee.org/xAIFjTAi029603; dkim=none
Received: from Tylan (87-118-146-153.ip.btc-net.bg [87.118.146.153]) (authenticated bits=0) by mail.aegee.org (8.15.2/8.15.2) with ESMTPSA id xAIFjTAi029603 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO) for <dmarc@ietf.org>; Mon, 18 Nov 2019 15:45:29 GMT
Message-ID: <36e81f7d45fb2c2f90c6b831d1f939e02251d0c4.camel@aegee.org>
From: =?UTF-8?Q?=D0=94=D0=B8=D0=BB=D1=8F=D0=BD_?= =?UTF-8?Q?=D0=9F=D0=B0=D0=BB=D0=B0=D1=83=D0=B7=D0=BE=D0=B2?= <dilyan.palauzov@aegee.org>
To: dmarc <dmarc@ietf.org>
Date: Mon, 18 Nov 2019 15:45:28 +0000
In-Reply-To: <20191025174918.E8CAFD66F4D@ary.qy>
References: <20191025174918.E8CAFD66F4D@ary.qy>
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.35.2
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: clamav-milter 0.101.4 at mail.aegee.org
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/uPWe67-hN6oW4t98J6TXkLOqmYM>
Subject: [dmarc-ietf] Purpose of aggregate reports / Re:Two new fields in aggregate reports
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Nov 2019 15:45:36 -0000

On Fri, 2019-10-25 at 13:49 -0400, John Levine wrote:
> In article <e5bc55efd6ef01ab849505a0872c9dc9a36e738f.camel@aegee.org>; you write:
> > What is the purposes of the aggregate and non-aggregate reports?  What are non-goals?  I asked several times here,
> > nobody answered.  Perhaps a discussion on the goals and non-goal would help.
> 
> As far as I know, the point of DMARC reports is to help domain owners
> understand who is sending mail that purports to be from them.  In a
> large organization it can be remarkably hard to track down every mail
> server in every department or every subcontractor that might be sending
> real mail with the domain in the From: header.
> 
> The domain owners use the reports to do things like update SPF records
> to include all of the sending hosts, update server configs to add DKIM
> signatures, or to fix servers that are adding invalid signatures, and
> often to shut rogue servers down that shouldn't have been sending mail
> in the first place.
> 

An additional purpose of the aggregate reports, currently missing but should be present in the future, is permit the
domain owner to migrate from one software for DKIM signing to another software and from one type of signatures to
another type of signatures (RSA→ED25519), allowing smooth transition.

I mean:

I domain owner uses software A for DKIM signing with a=rsa-sha256; when communicating to site B.  This works reliably,
as demonstrated by the aggregate reports.  If the domain owner wants to check if software C also works reliably, when
communicating to site B, the domain owner has to use software A and software C at the same time for signing (with
differecnt selectors).

The aggregate reports shall show, if software C (the other selector) causes any problems, while software A continues to
sign the messages.

The other use case is when software A continues to sign the messages, but in addition adds a=ed25519 signatures.  There
must be a way to evaluate, looking in the aggregate reports, if ed25519 between both sites works reliably, while rsa-
sha256 does not cause any problems.

This was previously rised on this list (Subj: spec nit - which DKIM to report, From: Tomki, on 21st June), I just want
to make clear that this belongs to the purpose the aggregate reports should have.

Regards
  Дилян