Re: [dmarc-ietf] New authentication method, DNSWL

Alessandro Vesely <vesely@tana.it> Thu, 27 June 2019 09:10 UTC

Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 073EE12004A for <dmarc@ietfa.amsl.com>; Thu, 27 Jun 2019 02:10:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1152-bit key) header.d=tana.it
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KRQrsokuzX75 for <dmarc@ietfa.amsl.com>; Thu, 27 Jun 2019 02:10:41 -0700 (PDT)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9AFDD12000F for <dmarc@ietf.org>; Thu, 27 Jun 2019 02:10:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1561626639; bh=VXcBC1dXd+ij3Blb9yO21YcF5Z3YciWdb5sUBYOlwuU=; l=7904; h=To:Cc:References:From:Date:In-Reply-To; b=BZ5Hwb5pf+CKEIViHs35jmkuKGZdI9iv00o+Y62vUzZHmenM0HHPdKvnozmbZHjAS twqoC9pdPwPoMEUmbhRytUUAFCaYo0H9QfazmuBR2vH23cF692+gK+StQ7ETNui0V7 74brDkq8Mlv6jTS1d5NRJZ287okfmOgRaJuDHeTrNCVUR7Zo5q63O4TjYLo8P
Authentication-Results: tana.it; auth=pass (details omitted)
Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k) by wmail.tana.it with ESMTPA; Thu, 27 Jun 2019 11:10:39 +0200 id 00000000005DC043.000000005D14880F.00004D0B
To: "Murray S. Kucherawy" <superuser@gmail.com>
Cc: IETF DMARC WG <dmarc@ietf.org>
References: <e580ada3-d9b5-0e5b-9ac3-eade41ac92d2@tana.it> <CAL0qLwa5yR5dVzkDSD48MDgpUa11+ri=KOwrNSqOxi8fB2i6PA@mail.gmail.com>
From: Alessandro Vesely <vesely@tana.it>
Openpgp: id=0A5B4BB141A53F7F55FC8CBCB6ACF44490D17C00
Message-ID: <eabefc6b-7542-1a46-4272-b786433ed0b5@tana.it>
Date: Thu, 27 Jun 2019 11:10:39 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.1
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="=_north-19723-1561626639-0001-2"
In-Reply-To: <CAL0qLwa5yR5dVzkDSD48MDgpUa11+ri=KOwrNSqOxi8fB2i6PA@mail.gmail.com>
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/uemIF5rMbOWT_g0Ukx0llUAbN7U>
Subject: Re: [dmarc-ietf] New authentication method, DNSWL
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Jun 2019 09:10:44 -0000

On Wed 26/Jun/2019 22:27:46 +0200 Murray S. Kucherawy wrote:
> On Tue, Jun 4, 2019 at 4:01 AM Alessandro Vesely <vesely@tana.it>; wrote:
> 
>> Appendix D1 of rfc7208 mentions DNSWL as a way to mitigate SPF's 
>> reject-on-fail.  The score attributed to the sender by a trusted DNSWL is 
>> also useful after DATA, thence the need to store that value for
>> downstream filters.>>
>> However, as an authentication method, a DNSWL TXT response can provide a 
>> domain name, which is possibly aligned with From:.  In that sense, this
>> method might be of interest for this WG.  Probably not, but I felt
>> compelled to make sure before trying independent submission.  (Already
>> tried ART.)  The I-D is here:>> https://tools.ietf.org/html/draft-vesely-authmethod-dnswl
>>
> 
> With my Designated Expert hat on and co-chair hat off, a procedural point
> here:
> 
> The IANA registry for these is Expert Review, which means you don't have to
> publish an RFC to get it registered.  You can, but it's not necessary if
> your registration request can sufficiently describe what you're doing.  See
> RFC8601 Section 6.2, fourth paragraph.


I just submitted the form attached.  This path seems to be quicker.  Thanks.


Let me paste the parameters, for list readers, and point out that dnswl can
yield a domain name like, e.g., policy.txt=example.com.  Whether the domain
name alignment can be meaningful or not is the reason why this topic appears on
this list.


   +--------+--------+----------+-------------------+--------+---------+
   | Method | ptype  | property | Value             | Status | Version |
   +--------+--------+----------+-------------------+--------+---------+
   | dnswl  | dns    | zone     | DNSWL publicly    | active |       1 |
   |        |        |          | accessible query  |        |         |
   |        |        |          | root domain       |        |         |
   | dnswl  | policy | ip       | type A response   | active |       1 |
   |        |        |          | received (or      |        |         |
   |        |        |          | comma-separated   |        |         |
   |        |        |          | list thereof)     |        |         |
   | dnswl  | policy | txt      | type TXT query    | active |       1 |
   |        |        |          | response          |        |         |
   +--------+--------+----------+-------------------+--------+---------+

                   Table 1: Email Authentication Method

   +-------+------------+----------------------------------------------+
   | ptype | Definition | Description                                  |
   +-------+------------+----------------------------------------------+
   | dns   | [this doc] | The property being reported belongs to the   |
   |       |            | Domain Name System                           |
   +-------+------------+----------------------------------------------+

                Table 2: Email Authentication Property Type

   +---------+-----------+------------------------------------+--------+
   | Auth    | Code      | Specification                      | Status |
   | Method  |           |                                    |        |
   +---------+-----------+------------------------------------+--------+
   | dnswl   | pass      | Sender is whitelisted, up to       | active |
   |         |           | returned code interpretation       |        |
   | dnswl   | none      | NXDOMAIN or no record, sender is   | active |
   |         |           | not whitelisted                    |        |
   | dnswl   | temperror | Transient DNS error during the     | active |
   |         |           | query                              |        |
   | dnswl   | permerror | Query cannot work, human           | active |
   |         |           | intervention needed                |        |
   +---------+-----------+------------------------------------+--------+


Best
Ale
-- 
























--- Begin Message ---
To whom it may concern:

This is an automatically generated message to notify you that we have
received your request, and it has been recorded in our ticketing
system with a reference number of 1146140.

There is no need to reply to this message right now. IANA staff will review
your message and reply to your inquiry within three (3) business days.

If this message is in reply to a previously submitted ticket, it is 
possible that the previous ticket has been marked as closed. As we 
review this ticket, we will also review previous correspondence and 
take appropriate action.

To expedite processing, and ensure our staff can view the full history 
of this request, please make sure you include the follow exact text in
the subject line of all future correspondence on this issue:

         [IANA #1146140]

You can also simply reply to this message, as this tag is already in 
the subject line.

Thank you,

IANA Services
iana-questions@iana.org
PTI

Please note: By submitting my personal data, I agree that my personal data
will be processed in accordance with the Privacy Policy
<https://www.icann.org/privacy/policy>;.

-------------------------------------------------------------------------

Contact Name:
Alessandro Vesely

Contact Email:
vesely@tana.it

Type of Assignment:
Protocol Registries, Email Authentication Parameters

Registry:
Email Authentication Method, Property Type, and Result Names

Description:
The method is being used by the Courier-MTA mail server.
Registration helps documentation and avoids confusion in case the same names are used for different functions.

Additional Info:
https://tools.ietf.org/html/draft-vesely-authmethod-dnswl-08#section-4
(three tables of respectively three, one, and four entries.)


--- End Message ---