IETF Logo Mail Archive

Re: [dmarc-ietf] "psd=" tag early assignment

Douglas Foster <dougfoster.emailstandards@gmail.com> Wed, 06 July 2022 18:00 UTC

Return-Path: <dougfoster.emailstandards@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E351C15A745 for <dmarc@ietfa.amsl.com>; Wed, 6 Jul 2022 11:00:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.104
X-Spam-Level:
X-Spam-Status: No, score=-7.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jnbrKuKA3R7M for <dmarc@ietfa.amsl.com>; Wed, 6 Jul 2022 11:00:54 -0700 (PDT)
Received: from mail-oi1-x22d.google.com (mail-oi1-x22d.google.com [IPv6:2607:f8b0:4864:20::22d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2ED48C15A742 for <dmarc@ietf.org>; Wed, 6 Jul 2022 11:00:54 -0700 (PDT)
Received: by mail-oi1-x22d.google.com with SMTP id be10so20749300oib.7 for <dmarc@ietf.org>; Wed, 06 Jul 2022 11:00:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=77dBvqrXoi1G7aDsPQcelBAFT81UD93j8NfRUeNAV2w=; b=MtOpksZFPcBArY03tcdkowLstSno2/FKPTkBPnsUGbCqTFqthmC1Z5TsIDaw/3SWPK e5r0E3sj3ajpP0s31wBrjJZNYUrYh0Vk/J/+1q6SU6QpTxFXJ+g1+E+4qRsWVHY7IXQ4 NsUxH3Aqx3eCm17PFIWGypVPBWEmEqCmnKejg20ILuWbV0VtcetC2VXApW6XStlmSafQ mhsuZG5HH2y4hUdU6IANskY6CCT8LlAPqRcPLGGH1c0NjzOMPEDTCdOCVoZWPZFiekHB xoqNh0ixYfyIGh0zQQKB9k6qAM9eGlMEIPfkOMF4qEz8kgReA5OuvqHHGVuQrSvQA3ky qojw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=77dBvqrXoi1G7aDsPQcelBAFT81UD93j8NfRUeNAV2w=; b=qLnjgLwU6P88HHUDD1/MRNN0ZpEMsCRFT76CzUxzjykrrmbzTk/H/3O0rUrs9A0FRr Oo6vnBhnz7WzQDhfFXZWv0+7X4xVQ8LU4ZRMYYyTkG7gs7FB/blg1FW92sc7WKBUP0Of yGJ+h3jcGmHsYdJ6EDTV+D8j0xxfDx96hWV5ojOPVRqzAKo4qNvg0c4qRm4grlmZbgHh MmHKUwU/3HwWaTlB86CBAkd9eoDkHLfCoS5ME4EvHP5SmENMa3q/rdv6hh+gvZ1Q8+PG FtiC0JfAI4XYp30OJ0wPzSE3oobnv3qleL0wiYhGtua1e/3Dsf0Q2yAZ+LHxIt4L7eoh FFaA==
X-Gm-Message-State: AJIora83rMjORHnoaOZSm1VhQtAlbyLM6FQ8bLBZ6N+5Py40w9tPQsC0 kIkTolhJsKWahRiGP7jnOqbNUMmcE3tYCUd/l4g=
X-Google-Smtp-Source: AGRyM1ukfyRtzx0DnpLmz3DGl4ICWJuJej2WiW+LzTCkI2MxZzXFu+WzNgVzY9r5s4k6VIsZPvWW28I/QqgsOIX4XLI=
X-Received: by 2002:a05:6808:144b:b0:335:9d14:be9 with SMTP id x11-20020a056808144b00b003359d140be9mr23850024oiv.58.1657130453129; Wed, 06 Jul 2022 11:00:53 -0700 (PDT)
MIME-Version: 1.0
References: <2106279.dWI8RDzgUi@zini-1880> <CALaySJLFY6s6+4xFs9iu-YSbrihnThgDEkb1+g2NUAt-QS_mTw@mail.gmail.com> <95b1d241-0e3c-edf3-4768-cf08b7d73283@tana.it> <CALaySJJcd1e+iT0CwbQ738fMaX2-UQ+q7NvduK4a7J+H5Q0dVg@mail.gmail.com> <05AB0F55-F8EF-40F7-97BE-23C9B96747D2@kitterman.com> <CALaySJKzL4BsvaMb23XCsExfF2ns8C=n1x1PyA7W0+Xt4DsY2g@mail.gmail.com>
In-Reply-To: <CALaySJKzL4BsvaMb23XCsExfF2ns8C=n1x1PyA7W0+Xt4DsY2g@mail.gmail.com>
From: Douglas Foster <dougfoster.emailstandards@gmail.com>
Date: Wed, 06 Jul 2022 14:00:42 -0400
Message-ID: <CAH48ZfzVZzE+4AuVxRRfeDPwe4+dWo_zLE3KP6_vQ_4487Rmvw@mail.gmail.com>
To: Barry Leiba <barryleiba@computer.org>
Cc: Scott Kitterman <sklist@kitterman.com>, IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000015cbf05e326c05c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/ytXxq9JXWcSQHhhtLkvisGWhOHg>
Subject: Re: [dmarc-ietf] "psd=" tag early assignment
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Jul 2022 18:00:55 -0000

Yes, PSD is still the appropriate term for a PSO-controlled domain.   We
need an additional definition for a "Private Registry Domain" (optionally
"PRD" if we want to create another acronym.)   Collectively, PSDs and PRDs
are "registry domains".   We intend to use a single DNS token for both PSD
and PRD policies, so the token definition needs to be clear on this point.

RFC 7489 was amiss by not defining private registries, and that has created
confusion about how to interpret the PSL.    But as long as the PSL had
correct information, the distinction did not affect DMARC accuracy.    With
the tree walk, the possibility of multiple registry domains in a single DNS
path creates some challenges, and these need to be explained.

We can resolve an ongoing dispute by providing two approaches to
implementing the tree walk.    John's approach makes some simplifying
assumptions in order to replace the entire PSL immediately.   My approach
is more cautious and is inclined to use the PSL when explicit tagging is
not available.   Evaluators can chose which to use based on their
perception of the tradeoffs.   Domain owners can solve the problem by
providing explicit tags to ensure that both approaches obtain the same
result.

DF
Then the text needs to be clear about when PSDs and PRDs are similar, and
when the differences are noteworthy.

On Sat, Jul 2, 2022 at 7:32 AM Barry Leiba <barryleiba@computer.org> wrote:

> That's true, while we won't have the PSL in the algorithm, we will
> still be talking about PSDs, so the term will remain defined.  OK,
> that makes sense, Scott; thanks.
>
> Barry
>
> On Mon, Jun 27, 2022 at 9:46 AM Scott Kitterman <sklist@kitterman.com>
> wrote:
> >
> > If we use a different term, we'll need to define it.  Fundamentally, I
> think changing the name only adds a level of indirection (and thus
> complexity).
> >
> > Current:
> >
> > PSD (which is defined in the document) yes or no or use tree walk.
> >
> > Proposed:
> >
> > Role (needs a definition) PSD (defined), Org (defined as not a PSD), and
> Subdomain (which isn't defined and is technically wrong - all three might
> be subdomains).
> >
> > Whether you directly use psd as the tag or not, the question is still is
> it a PSD or not.  The suggested change doesn't do anything towards getting
> away from PSD as a concept or a defined term.
> >
> > I think that by hiding it in the definitions, it will be more confusing,
> not less.
> >
> > Scott K
> >
> > On June 27, 2022 1:27:37 PM UTC, Barry Leiba <barryleiba@computer.org>
> wrote:
> > >I have to say, as a participant, that I have more than a little
> > >sympathy for this suggestion or some derivative of it.  Using "psd" as
> > >the tag name is rooted in history that will be lost as we move away
> > >from using a public suffix list.
> > >
> > >Barry
> > >
> > >On Mon, Jun 27, 2022 at 6:20 AM Alessandro Vesely <vesely@tana.it>
> wrote:
> > >>
> > >> On Sun 26/Jun/2022 18:05:44 +0200 Barry Leiba wrote:
> > >> >
> > >> > Please comment in this thread about whether you agree with making
> the
> > >> > registration now, or whether you do not agree and why.
> > >>
> > >>
> > >> I'd like to make a last appeal to use more intuitive symbols to be
> used instead
> > >> of the current ones:
> > >>
> > >> instead of | use      | to mean
> > >>
> -----------+----------+-----------------------------------------------------
> > >> psd=u      | role=sub | the default subdomain role (never needed)
> > >> psd=n      | role=org | the org domain (only needed with non
> compliant PSDs)
> > >> psd=y      | role=psd | a PSD (needed if PSD published DMARC record.)
> > >>
> > >>
> > >> The reason to use cryptic symbols seems to be to discourage their
> usage, which
> > >> I can hardly understand.  I'd be OK with the current symbols if the
> WG can
> > >> explain somewhat better, possibly as part of the spec itself, the
> rationale of
> > >> using counter-intuitive yes/ no/ undefined to express that
> three-valued value.
> > >>
> > >>
> > >> Best
> > >> Ale
> > >> --
> > >>
> > >>
> > >>
> > >>
> > >>
> > >> _______________________________________________
> > >> dmarc mailing list
> > >> dmarc@ietf.org
> > >> https://www.ietf.org/mailman/listinfo/dmarc
> > >
> > >_______________________________________________
> > >dmarc mailing list
> > >dmarc@ietf.org
> > >https://www.ietf.org/mailman/listinfo/dmarc
> >
> > _______________________________________________
> > dmarc mailing list
> > dmarc@ietf.org
> > https://www.ietf.org/mailman/listinfo/dmarc
>
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>

v2.23.0 | Report a Bug | By Email