IETF Logo Mail Archive

Re: [dmarc-ietf] PSD Related Privacy Considerations For Aggregate Reporting Draft

Scott Kitterman <sklist@kitterman.com> Wed, 01 February 2023 22:39 UTC

Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94FC9C1516FF for <dmarc@ietfa.amsl.com>; Wed, 1 Feb 2023 14:39:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.798
X-Spam-Level:
X-Spam-Status: No, score=-2.798 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b="3jT4Jw76"; dkim=pass (2048-bit key) header.d=kitterman.com header.b="CzxBCm+6"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5MK5jaBeoQeo for <dmarc@ietfa.amsl.com>; Wed, 1 Feb 2023 14:39:27 -0800 (PST)
Received: from interserver.kitterman.com (interserver.kitterman.com [IPv6:2604:a00:6:1039:225:90ff:feaa:b169]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9ACFC1516F3 for <dmarc@ietf.org>; Wed, 1 Feb 2023 14:39:27 -0800 (PST)
Received: from interserver.kitterman.com (interserver.kitterman.com [IPv6:2604:a00:6:1039:225:90ff:feaa:b169]) by interserver.kitterman.com (Postfix) with ESMTPS id CF1DBF802F7; Wed, 1 Feb 2023 17:39:14 -0500 (EST)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903e; t=1675291136; h=date : from : to : subject : in-reply-to : references : message-id : mime-version : content-type : content-transfer-encoding : from; bh=I1uSfQtnh9y2p4VXuZNynQ9JdLtiA+eJ8gLJBKHf0vg=; b=3jT4Jw76VWvIdc7TItbHFhIbVVCUbTEhRu2rHIaOr0J6DaVWJK1Ab21WG8ckhZ5lwkHmD Nsaft3l5Fpg8KRjBw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903r; t=1675291136; h=date : from : to : subject : in-reply-to : references : message-id : mime-version : content-type : content-transfer-encoding : from; bh=I1uSfQtnh9y2p4VXuZNynQ9JdLtiA+eJ8gLJBKHf0vg=; b=CzxBCm+6/SURP89BofzWVWPY26R2KPfYGEY/d7DCYPqYtyD0CRsIbJ4vmErfYymqsRdtc Entjpk1RMWO63F5gnksEctynn2lG4wvnM6gXz9Q8eo7v3k6CmPurGfmgq67tOVRmn5vufsh BIOn2dr2ltDktlxiIA/AYDVwPSuSmSru2X+RQ/gxfC95gEnGXVqIsin5vZEZhc9wrXxdPps xB+7zczP0xB1PBqWT1GmH8Dv2qtHytz0/5EezK+9oNu7cXweZjN7VcGM6v6Y9nMzYxx1i0Q w6/Mjm87iEEqfymEvAbiVKGv1V7cPKVb9buzCEMFFtZi8FQ8IcleqUwLXpsw==
Received: from [127.0.0.1] (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) by interserver.kitterman.com (Postfix) with ESMTPSA id BC563F8020E; Wed, 1 Feb 2023 17:38:56 -0500 (EST)
Date: Wed, 01 Feb 2023 22:38:51 +0000
From: Scott Kitterman <sklist@kitterman.com>
To: dmarc@ietf.org
In-Reply-To: <20230201210711.B2ACF86BE8D9@ary.qy>
References: <20230201210711.B2ACF86BE8D9@ary.qy>
Message-ID: <727BD3F7-A855-43D1-A7AD-7284224C3574@kitterman.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/wTxHd-9IFesILSmRsMVmKLpRHGs>
Subject: Re: [dmarc-ietf] PSD Related Privacy Considerations For Aggregate Reporting Draft
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Feb 2023 22:39:32 -0000


On February 1, 2023 9:07:11 PM UTC, John Levine <johnl@taugh.com> wrote:
>It appears that Scott Kitterman  <sklist@kitterman.com> said:
>>I agree there's no chance a PSD like .com would be authorized to publish a 
>>DMARC record, but a big part of why is the privacy implications of allowing 
>>it.  I think we should document the concerns.  ccTLDs will need to develop 
>>their own policies and we should give them the relevant information to support 
>>that.
>
>That's reasonable.
>
>>DMARC record or not.  For a mail receiver I think it's reasonable to assume 
>>any PSD (psd=y in their record) should be treated conservatively and only send 
>>reports for non-existent domains. 
>
>That's OK with me although it's not what the draft says now. I can do
>a pull request. I hope we agree that a non-existent domain is one for
>which a DNS query returns NXDOMAIN, as the current dmarcbis draft
>says, and not anything else.
>
>Fun fact: we don't define "policy domain" anywhere although it's blindingly obvious
>what it means.

Sounds good.  Please @ me on the PR.  If it's a significant change, we should bring it back here for discussion.

If I've learned one thing in the IETF it's that nothing is blindingly obvious to everyone.  We should probably define it.

Scott K

v2.23.0 | Report a Bug | By Email