Re: [dmarc-ietf] Ticket #42 - Expand DMARC reporting URI functionality

John R Levine <johnl@taugh.com> Mon, 07 December 2020 16:49 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D3B33A15BE for <dmarc@ietfa.amsl.com>; Mon, 7 Dec 2020 08:49:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=ZXUWwaB9; dkim=pass (2048-bit key) header.d=taugh.com header.b=mFZJC4uE
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a4exyF3YJDl4 for <dmarc@ietfa.amsl.com>; Mon, 7 Dec 2020 08:49:16 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F29F73A12E7 for <dmarc@ietf.org>; Mon, 7 Dec 2020 08:49:15 -0800 (PST)
Received: (qmail 49134 invoked from network); 7 Dec 2020 16:49:10 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type; s=bfec.5fce5d06.k2012; i=johnl-iecc.com@submit.iecc.com; bh=deJ2q432PefvW84XgxaKDw6k/BXBnJH0sWXVJNpmexQ=; b=ZXUWwaB9TQ/IiVoaidXoOCB/fL1zG5awM9nAg61wItCLbY4lVyfABKXYjnryHqRcuhrGx5PJ2fzPokiM1E0qo7YBQYZyZULO4VmN9q+Zyc3dAneyIfPJl3lgIVZUmF4/oFd2RRnrddgSYkgxoIC/QRIRUqUn1hA8s+kAu8Qbn6oy0hG/78KUjVwQO8XgiQMZ+CjVVXvv6Hs5jOqtOjZYE+05v5GgELVU4FLMOJ16PhVVIB8fLwvfGUXIEbPYWAVaRyY5PFRw19WLi5s1eBw2vT7x/S3nrGcV4FzLQNVxXWcTFoOc1ICYk++GDMLeTzBuk0VLFVV8OseueZWeUMZeTw==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type; s=bfec.5fce5d06.k2012; olt=johnl-iecc.com@submit.iecc.com; bh=deJ2q432PefvW84XgxaKDw6k/BXBnJH0sWXVJNpmexQ=; b=mFZJC4uEW9y1EhUtdlA9/5FbC1s2Ci6Yr+mduaWb7A2Rh9rKuGLU4j8c/87DJgfdQD3zkGCYXo+2KdogWykbpRQqgus/ZNmBUGVs+HZFptJJEV0s/6UhjTcoKXTvL+XIa6nG8WmY6Md2JPVxYrcB9cPuLSF2wrAfd2aaMY3ynppqVgih5M8OKtFddT/nMgnRjrmjNGKFtGsiIey5voiKwcdyZ2ndkw6W4vttl++ug7Ai15xQ0WHH/Q/zG1yrERZe+veOuFBf/v4xgnkiMqFHtf3AU64eJLG9mJ0NKyrZbwLXJqHLM39GuEa9M5CqokhHnmcn7DJC3abL3pG5qsXG5A==
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPSA (TLS1.3 ECDHE-RSA AES-256-GCM AEAD, johnl@iecc.com) via TCP6; 07 Dec 2020 16:49:10 -0000
Date: 7 Dec 2020 11:49:09 -0500
Message-ID: <bf90e25d-b0de-5f41-095-e7a4c9a7c9cd@taugh.com>
From: "John R Levine" <johnl@taugh.com>
To: "Dotzero" <dotzero@gmail.com>, "Murray S. Kucherawy" <superuser@gmail.com>
Cc: "IETF DMARC WG" <dmarc@ietf.org>
In-Reply-To: <CAJ4XoYeQRr5yx=CEA45mpRmJVpKGfvzHS1Ana8wDfP33PNaE+g@mail.gmail.com>
References: <eb3d06f-c89f-2511-3528-d421473e4d42@taugh.com> <CAL0qLwa3-qdYfDXo2awWzgFQuihq-OOSenbUz8Rx89LKYOPu4g@mail.gmail.com> <CAJ4XoYeQRr5yx=CEA45mpRmJVpKGfvzHS1Ana8wDfP33PNaE+g@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/wnLVylEDI7ql7Zv5boosDgBHtuE>
Subject: Re: [dmarc-ietf] Ticket #42 - Expand DMARC reporting URI functionality
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Dec 2020 16:49:20 -0000

>>> poorly defined http report which we took out.  I propose we add back
>>> https reporting similar to that for mta-sts, with a POST of the gzipped report
>>> to the HTTPS URI.
>>
>> Was this requested by someone?
>
> I don't recall a strong security and privacy concerns discussion around
> HTTP(S) reporting. Presumably the report contents are protected in transit
> but to what extent is access by arbitrary parties an issue. Notwithstanding
> that things like GDPR are political issues, they are worth noting as a real
> life operational consideration.

The original motivation was performance, since uploading a big file via 
https is a lot faster than base64 encoding it and relaying it by mail.

I don't understand the security or GDPR references.  For one thing, these 
are aggregate reports which generally don't have any PII.  For another, 
https reporting would be considerably more secure than mail reporting. 
The report goes via an encrypted channel directly to the target server 
which is identified by its ssl certificate.  There's no relaying through 
intermediate servers.  If the report can't be delivered, the upload just 
fails and there's no possibility of it being diverted by spam filters or 
bouncing into some random admin mailbox.

Regards,
John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly