IETF Logo Mail Archive

Re: [dmarc-ietf] Thoughts on choosing N

Douglas Foster <dougfoster.emailstandards@gmail.com> Mon, 15 April 2024 12:14 UTC

Return-Path: <dougfoster.emailstandards@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B0A8C14F610 for <dmarc@ietfa.amsl.com>; Mon, 15 Apr 2024 05:14:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.094
X-Spam-Level:
X-Spam-Status: No, score=-2.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z6UOum_WDjfP for <dmarc@ietfa.amsl.com>; Mon, 15 Apr 2024 05:14:28 -0700 (PDT)
Received: from mail-lj1-x232.google.com (mail-lj1-x232.google.com [IPv6:2a00:1450:4864:20::232]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 40837C14F5F4 for <dmarc@ietf.org>; Mon, 15 Apr 2024 05:14:28 -0700 (PDT)
Received: by mail-lj1-x232.google.com with SMTP id 38308e7fff4ca-2da08b06e0dso33225481fa.2 for <dmarc@ietf.org>; Mon, 15 Apr 2024 05:14:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1713183265; x=1713788065; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=IwSJ9inoEoPPBxmzpHJAwccZVWPMW4uKnjvjbHZn8IM=; b=hecDlPRtBb7FGiydxQA0GGhdcvy1GyK2iw0g0kx/BNK2GFGmUXM8k+VnQTuNfThOkQ Ibh2GiNZWiRM2yNjBVmSPFnJjU3xemhFYpIiDiy8wZfbMtozL/wcvH9hrshxb1b08Cwl HeyuvSWgkwQWEGe98sExFxtE5ku3zx71gkRQecFR81HkVgWwVwD7qr7MV2zuqGBD0gtO ORaumZtTnRahTdVQvmjeTRtwrgGUOF/c4YFjO+TX/iHFltS4W+uLyy9SfE4osBiJSRjH WNTk91zag7k/hqfaogCnH1AA1X9H8Dk9M6NsxhnGZtNVQqrExKlD3PC2XFAtx5sqdJdS FeSQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713183265; x=1713788065; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=IwSJ9inoEoPPBxmzpHJAwccZVWPMW4uKnjvjbHZn8IM=; b=DFiojfDqgSx29A2hkVjleO80Ss4aQZG3AiI2Kdhk6KzLZidH+T0YHLojct2shlykuD FYRUVP0O9NSGW5zSiB7088oDvd905x+rzo5aUUWq9+5wIup9F3OysWiqwznD8gtbQVMq jEJxoOZ6ib1IL3C4/MNa4l3tSLAsWmewR4mZvCUbbhRnq7mOvO9kDfNoi0Mj49baJdE3 2lvZACtJDyQppR5dCokk5g6Cy/ZEINx0zGoLTRRoC0i+nrt/g57Tb/smJNtmxzsTdVoJ pIK4U8r3t09X8Pa3GKRLy7VjidBAmNHsr6OIv7Hb5ZjKnnxbUtp9acr/fjCW1laHqojw rP8g==
X-Gm-Message-State: AOJu0Yyi78QiS6fviZPaivGLu1IICw7UGYpAX/9bde1xsHyubrQ2kZBb NMreYlO3Nvmf5Sq/F+tAyWbjZbzkENcepKqQXqZh2iJpfdhMLTLKJrXgIYDus4sWhXiaWqOCqK+ B3LBjgIb7wF/W9ANLAvMKP+Bae4M=
X-Google-Smtp-Source: AGHT+IHd1Qqn5W+xQymV2Bnx5yHgzjgtxlFEIjiFpdeFZ5bnMvN5yiI8SUYZX1VE91jVCarl51gTofT9pJCrv3YTMvY=
X-Received: by 2002:a2e:8012:0:b0:2d8:d23a:f440 with SMTP id j18-20020a2e8012000000b002d8d23af440mr5804043ljg.6.1713183265178; Mon, 15 Apr 2024 05:14:25 -0700 (PDT)
MIME-Version: 1.0
References: <CAOZAAfPwJHKGyLjTkdGDqkMeK4RQX4Fj0rw-Upn0cLZ+cE74aA@mail.gmail.com> <2764165.rv8vZNihtd@zini-1880> <53f29df5-031a-8711-aed6-25c310f539a2@iecc.com> <8C54A48A-5665-41A1-B64F-93A39CF0B12C@kitterman.com> <CAL0qLwZ2TuV_EW6D9HZYwErmwL_n7q4ZKTEpHBZbyxnkKJ8m6w@mail.gmail.com> <CAH48ZfzckPscoSPUVEqy1WS71iAnKyj7gQVDOW4Hi=FXo0PzYg@mail.gmail.com> <a2bd52d6-7bb3-4526-a0d8-075f4ab44f33@tana.it>
In-Reply-To: <a2bd52d6-7bb3-4526-a0d8-075f4ab44f33@tana.it>
From: Douglas Foster <dougfoster.emailstandards@gmail.com>
Date: Mon, 15 Apr 2024 08:14:15 -0400
Message-ID: <CAH48ZfyQbntah9Ecfv9C0PqfJf9PaGeF82P0FS9Dey0nzAcSZw@mail.gmail.com>
To: Alessandro Vesely <vesely@tana.it>
Cc: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f4ca5a0616218f89"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/xvxKTPzK-zXGhYtJG5-b5d-cMPY>
Subject: Re: [dmarc-ietf] Thoughts on choosing N
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Apr 2024 12:14:32 -0000

We have a request for 8, however weakly documented

We set N to prevent using long names as. DoS attack.   I am doubtful that
such attacks would appear beneficial to an attacker, but a limit is
appropriate.

I do not see 8 as a significant incremental performance problem, over 5, so
not a DoS issue.

On the other hand, we created the ability to have partitioned
organizations, so equity considerations come to mind.  If any org is to
have ability to partition at org+2,:then rhee number should be at least 6,
right?

On Mon, Apr 15, 2024, 7:43 AM Alessandro Vesely <vesely@tana.it> wrote:

> On Mon 15/Apr/2024 13:16:50 +0200 Douglas Foster wrote:
> > Our original choice of N was based on the PSL.    The PSL could not
> detect
> > organizational boundaries could not boundaries below level 5, because it
> had no
> > entries longer than 5 labels, and we determined that the 5-label entries
> were
> > not used for mail.    Therefore, any increase in N is new capability.
>  That
> > new capability is probably desirable, but need not be limitless.  Using
> an N of
> > 8 introduces a lot of new capability.
>
>
> 8 is not needed and not justified.  A mail site using 8 labels would have
> troubles with the RFC 7489 version, which uses the PSL.  They'd have to
> ask for
> PSL upgrades, right?
>
> Now, we can relax our ambition to be PSL-free and state N=max number of
> labels
> of public suffixes used by mail.  Or we could put N in an IANA registry
> that
> can be updated by expert review.  Such methods allow to have N low enough,
> yet
> upgradable and equal for all (compliant) implementations.
>
> Otherwise we can drop the requirement that N be equal for all
> implementations,
> and just make it configurable.  After all, it is an anti-abuse measure,
> akin to
> SPF lookup limit.  We can also keep it fixed at 5 and be sure that
> implementations will differ anyway.
>
>
> Best
> Ale
> --
>
>
>
>
>
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>

v2.23.0 | Report a Bug | By Email