Re: [dmarc-ietf] Do is need a new ptype? Was Re: New authentication method, DNSWL

"Murray S. Kucherawy" <> Tue, 03 December 2019 20:22 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C301F120033 for <>; Tue, 3 Dec 2019 12:22:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ZaeJ6_b9ICxu for <>; Tue, 3 Dec 2019 12:22:42 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::a29]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id ECC8A12000F for <>; Tue, 3 Dec 2019 12:22:41 -0800 (PST)
Received: by with SMTP id i18so1467028vkk.7 for <>; Tue, 03 Dec 2019 12:22:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=4/3gEX4+uo4vNfdHZv0rB3sQ6Kkwjp1BKc/+0PLlN7o=; b=Zjiappp1PEtwb9pakc9MNX9CK+7Hos3S4wMa6r3ZVt3lQM7Z4Z1VcTcdbziKEw5ZN7 zne5Fm825r2wlCi9HBzMqMTi8YOdZKKUpIzomtjZphC++XUGL5EA2n4swjrnE2dhXBjg E6f3IcviuPlnTma/oGDNeOg3hosmYy4+CRRYJmuzrchoygtO1ZxckipuTbf/sognXPTN 8a5/0lplTfNPC64E3ZHueywHRo40FkMbHcS5d4Z6t+jFM9oLxtODJ+YpjJU1g9wOjVxM MUs2gf4hceN94XqnRoZO/CkV2f6xlaLENaB6VAkx0wxDmxFQMVfagKz8OkLR1odEseqz PZEA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=4/3gEX4+uo4vNfdHZv0rB3sQ6Kkwjp1BKc/+0PLlN7o=; b=XUoGyEYE8LvCSU6nfY4iUcZrMMpS5hyE3ldbtZ26abJ6d/thiLsz8LIvtK8VybvfId fpwGl0hz941ueaC3qYLrijQrfYXgfrXxN+4THvhry0DOi0ZxFAUva59MMIfyQeKoQHNs 8IthHlkhJbxXeRv+50Vf1vHOG5+dnF/gtCzzUUQiD2U3IoSzcPxCvJ64H/UdEssprOBK OSg1TvsrIfEDzrce4bVgURyxmuV0RkbqUx/+D/fhs9hGBYX/NEK+0Hk2L+DCgZEsGaRa Og9xuN9RQ4qZLfFceRVeu8V1tnilUQk0EWbB84/U5vtyzqk97uVWsV49M4JHN1nzJo/t YDVw==
X-Gm-Message-State: APjAAAXpdaYtBgcnaKth5nPwFM2EFpE8z8N8ebI3D5XXGHVPKyB9QHgO eS6PdCkp8Ll/ISQedzPG4+T99WzanjurJfBXRJRy7w==
X-Google-Smtp-Source: APXvYqwg3qLRyFL9nPKeICKT9b0j+svgRJ1CfSQ9dzSdE23vTR+ZTRtQjb/tqc/+5WA+o+zRfV/ZfqpuFf2EWphTmHI=
X-Received: by 2002:a1f:2a82:: with SMTP id q124mr4898601vkq.8.1575404560663; Tue, 03 Dec 2019 12:22:40 -0800 (PST)
MIME-Version: 1.0
References: <> <20191111155410.12A31E9E35A@ary.qy>
In-Reply-To: <20191111155410.12A31E9E35A@ary.qy>
From: "Murray S. Kucherawy" <>
Date: Tue, 3 Dec 2019 12:22:28 -0800
Message-ID: <>
To: John Levine <>
Content-Type: multipart/alternative; boundary="0000000000003749560598d2759d"
Archived-At: <>
Subject: Re: [dmarc-ietf] Do is need a new ptype? Was Re: New authentication method, DNSWL
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 03 Dec 2019 20:22:44 -0000

On Mon, Nov 11, 2019 at 7:54 AM John Levine <> wrote:

> In article <CAL0qLwbo1AtJ6LG1UuSSoBC-GwjdQsc5CA2h6q5VqMxH=
>> you write:
> >Just to be clear: The policy for changes to that registry is "Expert
> >Review", but since the action that put it there was a document with IETF
> >consensus, I'm pretty hesitant about just approving this change based on a
> >formal request.  I'd rather at least see some consensus discussion about
> >it, or even better, a revision/update to RFC8601.
> Hey, wait, Expert Review is supposed to be considerably looser than RFC
> Required.

Sure is.

Since there's no danger of running out of token names, I'd encourage
> you to accept new ptypes if they have a clear spec and a plausible use
> case.  In this instance, I think the description in the I-D is OK, but
> for the use case I would like some evidence that someone, somewhere is
> implementing it and doing something with the result.

As far as I know we're talking about "dnswl" which is a method, not a
ptype.  There is one known implementation (CourierMTA, I believe) which is
the impetus for the registration.  I think the name is constrained to
whitelists even though DNS-published lists might have the opposite meaning,
so I wish there had been some discussion before there was an
implementation.  But unless someone wants to argue a risk of actual harm
from that, I don't see any reason not to approve it given its very limited
deployment so far.

Assuming the ptype we're talking about is "dns" which is defined in the
same document, the definition is terse and there's not much guidance for
the designated expert about what things should be allowed with respect to
future registrations.  I think Scott basically said the same thing.  I'd
like to see those points addressed before green lighting it.