IETF Logo Mail Archive

Re: [dmarc-ietf] PSD Related Privacy Considerations For Aggregate Reporting Draft

John R Levine <johnl@taugh.com> Tue, 31 January 2023 22:26 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9212DC14F726 for <dmarc@ietfa.amsl.com>; Tue, 31 Jan 2023 14:26:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.398
X-Spam-Level:
X-Spam-Status: No, score=-4.398 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b="ooiAibij"; dkim=pass (2048-bit key) header.d=taugh.com header.b="CnVgRURJ"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SdaDPddepXXP for <dmarc@ietfa.amsl.com>; Tue, 31 Jan 2023 14:26:48 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC0BBC14F736 for <dmarc@ietf.org>; Tue, 31 Jan 2023 14:26:42 -0800 (PST)
Received: (qmail 29485 invoked from network); 31 Jan 2023 22:26:40 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type; s=732b.63d995a0.k2301; bh=w5nkc57T89EDL/ZBB7XTolfw40a8XW/xZ2fg0m9+tYo=; b=ooiAibijEsO1CAhu+Ea/NMceIdyxjR5yl/4keogzDGGrzJIb1WZhdgpWyU3RhKlkrJeQGmTZlao+uf3p0/1pMYCuKRPjM9Rqq7Cp54vyIKOvTWx931m2pzUAd7gDWTqlaPmp1VwlAaX78HwaEgDO8sJMWUgrjDEwYvxUPfJVIKdrgscyTt9Xzr7YFJvyUy2hdcB5RILKGt/Np/W/GgcXJQNC1KuM1Gtq4YBd5JI2usOH6Xm85idlmRBP6BkaXHBiiCiHLtnHQtSuMKAot6PLZKCRasdhErT1oq16HuEmfLAP2K7nORwDkIB5z+r53OkdbTmdl7wowA7LarXWhJs6fQ==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type; s=732b.63d995a0.k2301; bh=w5nkc57T89EDL/ZBB7XTolfw40a8XW/xZ2fg0m9+tYo=; b=CnVgRURJjxgZbVBAzJN1clFqf43E7yodLrYvicA+NHGBgpdTTRQDc3oiBaFmJhH7K1KAbWrdUlU6hgFxBvoK8w470DKRi3Zwl4VWnh9H1zDbyUVF0YyLtAk2+s+byJCworgkivhF5Y2NW5//JZbnr0sVp90lIRd6EKZO9jsJ95em2xrYq+jBJG9/m1VbIyTzxkpLfroW3uunyHnsVGCuJuhznVxCgBb4xJ3wpZqKMMZmEj6Ty8CbNrawLfJpXIelYBMH03Px1KtPSAt6ZnAd4JYlWKWR01Y4LfPZm9R6l/7heBFFDxpY5Rz4KAUVy1PssZjLdIOHwB6YdVUmAHF6Bg==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.3 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 31 Jan 2023 22:26:39 -0000
Received: by ary.qy (Postfix, from userid 501) id 02DC7853BE00; Tue, 31 Jan 2023 17:26:38 -0500 (EST)
Received: from localhost (localhost [127.0.0.1]) by ary.qy (Postfix) with ESMTP id A19C3853BDE1; Tue, 31 Jan 2023 17:26:38 -0500 (EST)
Date: Tue, 31 Jan 2023 17:26:38 -0500
Message-ID: <91f3012d-ae3b-4fab-ac8e-cfed6d550b6e@taugh.com>
From: John R Levine <johnl@taugh.com>
To: Emil Gustafsson <emgu@google.com>
Cc: Todd Herr <todd.herr@valimail.com>, Scott Kitterman <sklist@kitterman.com>, dmarc@ietf.org
X-X-Sender: johnl@ary.qy
In-Reply-To: <CABZJ8k=GvBuZey1ZuBgOjVK8L+WuN0E=MpEptjUTTD-Yy1HRLQ@mail.gmail.com>
References: <CABZJ8k=Rkh9+AoDA+N2tawU+GkizNRS-MG14sRayYHWBmFP62A@mail.gmail.com> <20230131193010.EC345851C6F8@ary.qy> <CAHej_8kkq_RBwE-sRcy0GbJ8NPXqRw25=wirgig+uB36uvbzvA@mail.gmail.com> <CABZJ8kmbWGpZ-JBEN_hzf5K5X-PbXY0r0WGu2rwfUyi-i6na0Q@mail.gmail.com> <0b43a598-0905-bd3d-ed09-aa9d97a72764@taugh.com> <CABZJ8k=GvBuZey1ZuBgOjVK8L+WuN0E=MpEptjUTTD-Yy1HRLQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/ymtL6-nu6xn6scN4DzPtegReT4g>
Subject: Re: [dmarc-ietf] PSD Related Privacy Considerations For Aggregate Reporting Draft
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Jan 2023 22:26:53 -0000

On Tue, 31 Jan 2023, Emil Gustafsson wrote:
> The question regarding sending reports for existing vs non-existing domain
> to a PSO came up in a discussion with Scott et.al in December. The short
> version is that we have some concerns about sending aggregate and failure
> reports to PSOs for existing domains. But I don't think there will be a
> problem to send reports for non-existing domains.

Huh.  Can you give a realistic example?  I presume you're aware that 
.bank and .insurance have contracts with their registrants so there's no 
privacy issue sending reports to the TLD.

I am fairly sure that if we come up with special complicated rules for 
reports for PSDs, two things will happen.  One is that people will just 
ignore them and send nornal reports, or else they'll say this is silly and 
send no PSD reports at all.

I can just barely imagine a rule that says for PSDs, you only send reports 
about domains that are NXDOMAIN but that's already pushing it.

Regards,
John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly

v2.23.0 | Report a Bug | By Email