IETF Logo Mail Archive

Re: [dmarc-ietf] OpenDKIM ADSP, DMARC and ATPS support

Douglas Otis <doug.mtview@gmail.com> Tue, 05 May 2015 18:26 UTC

Return-Path: <doug.mtview@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E75F1A9023 for <dmarc@ietfa.amsl.com>; Tue, 5 May 2015 11:26:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a6cz5paFtF2g for <dmarc@ietfa.amsl.com>; Tue, 5 May 2015 11:26:16 -0700 (PDT)
Received: from mail-pa0-x22e.google.com (mail-pa0-x22e.google.com [IPv6:2607:f8b0:400e:c03::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AF5801A1AC9 for <dmarc@ietf.org>; Tue, 5 May 2015 11:26:13 -0700 (PDT)
Received: by pacyx8 with SMTP id yx8so201253626pac.1 for <dmarc@ietf.org>; Tue, 05 May 2015 11:26:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=eA0To3S6n8SPkKvZppnrlIWLlGU5ET3wp87gy4tEls4=; b=IXLOK7YZi2hjKzClbJcr7wfD/QVnaFAQOdj5/lBjJlJu9QiZ3kI/FlNboruxdTPhBa aYhfU/UJh+fL0DsyhXmOjgMkaWyU9KVwS42D+5aPWjYjMX4m7s4ec7B4MNqjad/QOUn1 b+jCPT2NtojUVnRZn0ulgLiIqkEQTSCVR5iWKAlGcafECGnqp+Y9ejLH3WoZaD06NJ7u V9X9gtxv/GpYMr2M2dubyPXXcCaiHdXP0k6aFpMru8DAysjlBJAM31KMpqAJ2ZHtEvxa na/9oyBqLADeERjFJUp5rTyd1zKcDlXOqiI1HkonI+wT9i0xQY82GTgfw0Hfk2wZvm+8 O4gg==
X-Received: by 10.70.91.37 with SMTP id cb5mr54210925pdb.151.1430850372937; Tue, 05 May 2015 11:26:12 -0700 (PDT)
Received: from US-DOUGO-MAC.local (107-0-5-6-ip-static.hfc.comcastbusiness.net. [107.0.5.6]) by mx.google.com with ESMTPSA id qm2sm16635196pdb.57.2015.05.05.11.26.10 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 05 May 2015 11:26:11 -0700 (PDT)
Message-ID: <55490B41.3040408@gmail.com>
Date: Tue, 05 May 2015 11:26:09 -0700
From: Douglas Otis <doug.mtview@gmail.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: dmarc@ietf.org
References: <554111FB.5040801@isdg.net> <CAL0qLwb1G3xr65UfojT2_GzqvqcaJbs-wj6177Eog6nz4J3JnA@mail.gmail.com> <87a8xqowyd.fsf@uwakimon.sk.tsukuba.ac.jp> <WM!6b5adf3c2892a4015334ce49e0a98968e816f9a8c0ea7117f1d53b67e80ddabec2783cb8f4906607437199f9edfa3eb7!@asav-1.01.com> <4046A990-2AE5-4975-AE39-B829B29E19E7@peachymango.org> <CABuGu1qMXP9yWFCbiDkHAbftjw-sy6x2HaP=k8ToNgaAyuuWSw@mail.gmail.com> <87r3qyor3n.fsf@uwakimon.sk.tsukuba.ac.jp> <WM!e69269add8ccceccb7d5a142e6870d75bf04e24636c22dce9ae84c8681dd9302d9e471f9658ca09e40943ff65ee5bddf!@asav-3.01.com> <1560828201.22399.1430781642344.JavaMail.zimbra@peachymango.org> <87wq0n3sq7.fsf@uwakimon.sk.tsukuba.ac.jp> <12DB7EB5-8EDE-4163-B96F-17CCCDD7A23D@kitterman.com> <5548FD17.7050901@isdg.net> <47FA94B2-67CA-43DD-A2E3-57C6D444183A@kitterman.com> <CAL0qLwZ72cn+x_Zcg+gauy_BN6H3m7bBotDfJzzCSD9nf4Lcsw@mail.gmail.com>
In-Reply-To: <CAL0qLwZ72cn+x_Zcg+gauy_BN6H3m7bBotDfJzzCSD9nf4Lcsw@mail.gmail.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/dmarc/xsqEm_Aif_-EU8HFNfe3M3twol8>
Subject: Re: [dmarc-ietf] OpenDKIM ADSP, DMARC and ATPS support
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 May 2015 18:26:23 -0000


On 5/5/15 11:01 AM, Murray S. Kucherawy wrote:
> On Tue, May 5, 2015 at 10:33 AM, Scott Kitterman <sklist@kitterman.com>
> wrote:
>
>> Wrapping a 'somebody else's problem field' around the registration piece
>> of this doesn't make it any more feasible.
>>
> Is it sufficient to say something like this?:
>
> "A participating operator needs to solve the registration problem.
> Different operators will have different capabilities, requirements, and
> limitations here.  A very simple approach would be <List-Id magic here>;
> however, this has the following drawbacks: <List-Id anti-magic here>.
> Non-trivial solutions may or may not appear in later documents."
>
> This illustrates the problem and the importance of solving it in some
> detail which would give someone "skilled in the art" enough context to come
> up with something in his or her particular environment, while not
> constraining DMARC to something that is not universally useful.

Dear Murray and Hector,

Almost.  Consider the DDoS concern issue that made ATPS
impractical by requiring special TP DKIM signatures.  This
problem can be solved with standard DKIM signatures in
conjunction with a domain wide semaphore provided by a DMARC
assertion ignored by recipients lacking the TP enhancement. 
Special DKIM signatures are really not necessary and will
introduce more DNS overhead than would be caused by a simple
hash reference.  Faster, smaller message size, and far
simpler signing processes become possible.  As illustrated
in
http://tools.ietf.org/html/draft-otis-dmarc-escape-02#section-4
,--

DMARC could make an
assertion of "sam=tpa; and tpa=third-party-authority.example.com;"
when the DMARC domain offers the Specific Advisory Methods "sam="
tag indicating the third-party advisory methods supported.  The
"tpa=" tag can also indicate the domain location where third-
party-authorization hashes have been consolidated with an assumed
prefix of "_smtp._tpa.<tpa-domain>".

'--

This would allow large ESP a simple means to share the
registration profiles that should greatly benefit all of
their recipients.

Regards,
Douglas Otis

v2.23.0 | Report a Bug | By Email