Re: [dmarc-ietf] PSD simplification

Scott Kitterman <sklist@kitterman.com> Thu, 13 December 2018 04:21 UTC

Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 90C42128CFD for <dmarc@ietfa.amsl.com>; Wed, 12 Dec 2018 20:21:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b=WGo7yGPS; dkim=pass (2048-bit key) header.d=kitterman.com header.b=wuBl9UA1
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0YGIzDRRr0HT for <dmarc@ietfa.amsl.com>; Wed, 12 Dec 2018 20:21:16 -0800 (PST)
Received: from softlayer.kitterman.com (softlayer.kitterman.com [IPv6:2607:f0d0:3a01:a3::9]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D3C3129A87 for <dmarc@ietf.org>; Wed, 12 Dec 2018 20:21:16 -0800 (PST)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201812e; t=1544674874; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from : subject : date; bh=JdN2/RoLZ+Calt3S2D5Jvdpsh+/QUiZhQEYg7En613o=; b=WGo7yGPS7jtQryKY3muCuU2IPjapProRnZybRUUrsFE0v+2T+++tkL01 uJli06v1NfHV1HGnO5FNHry4KqxdBw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201812r; t=1544674874; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from : subject : date; bh=JdN2/RoLZ+Calt3S2D5Jvdpsh+/QUiZhQEYg7En613o=; b=wuBl9UA1C237vSbIHnPGdflqrQYCK6wXZ9DVN8Xa1Mi4jQBvyFFUoueV qdYAvMUH2B0O+mZyJHyTT8XcxzL4hvhe5BWpRAO+guDcDx2qEyz5VR2DJQ 97PxX3pcdS6d/elohT/2d44mN9XNCqc+fjabwaAYFzMQHY+Gc3tSb/RmYW 989Xkc5p/hEqNCtiHfqCYaOLMqk4A983dBo984GBX40974+k3Q6r3yvUCg h7aAVCBO5vc8ek76wY/TCKeH80DFzvRjiHFyTZTCv+R/XfcQOQAsAX8W5o c5up5rcOwhHHJJGwhW9bqGmtP6IjrJ1Fn0rl7ALPh3JCdrRHiavxfg==
Received: from kitterma-e6430.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by softlayer.kitterman.com (Postfix) with ESMTPSA id E25D92D4062B for <dmarc@ietf.org>; Wed, 12 Dec 2018 22:21:14 -0600 (CST)
From: Scott Kitterman <sklist@kitterman.com>
To: dmarc@ietf.org
Date: Wed, 12 Dec 2018 23:21:14 -0500
Message-ID: <2657505.cCtalkmY2s@kitterma-e6430>
User-Agent: KMail/4.13.3 (Linux/3.13.0-163-generic; KDE/4.13.3; x86_64; ; )
In-Reply-To: <4e253157-3397-b901-4c1d-132c709b996e@gmail.com>
References: <b3ab712a-74b3-d580-65bc-a97bf8c4652d@gmail.com> <B64DD715-DFC4-42E1-87FC-15A5ED0B83F9@kitterman.com> <4e253157-3397-b901-4c1d-132c709b996e@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/vOcm5u17zh5buQ_WqMdL4tEI8Kg>
Subject: Re: [dmarc-ietf] PSD simplification
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Dec 2018 04:21:18 -0000

On Wednesday, December 12, 2018 05:46:08 PM Dave Crocker wrote:
> On 12/12/2018 5:27 PM, Scott Kitterman wrote:
> >> And the draft makes no reference to privacy issues.  Or rather, the
> >> Privacy Considerations section says the draft doesn't introduce any.
> > 
> > As written, it doesn't.  If you change it the way you propose, it will.
> 
> Please elucidate.  I don't have a guess as to what those issues are.

RFC 7489, Section 9.1 describes the data exposure considerations associated 
with DMARC.  If we extend DMARC with PSD and no limitations on PSO 
participation, then those considerations will apply to every domain that does 
not participate in DMARC (because the PSO can now get the data - publishing a 
DMARC record will prevent that, but let's not make DMARC participating more 
coercive than it already is).

I think it would be interesting to get more details from John Levine on his 
experience with this as he has (in a later message in the thread) mentioned 
he's getting this kind of data now for odd architectural reasons.

Back to this draft, without the registry or some equivalent mechanism, we'd 
have to look at the part of Section 4.1 on Multi-organization PSDs and give a 
detailed explanation of the privacy risks to non-DMARC participants.  It's not 
relevant as the draft is currently scoped because as currently defined it's 
only for PSDs where every domain is required to participate in DMARC, so no 
issue.

Scott K