IETF Logo Mail Archive

Re: [dmarc-ietf] Updated mandatory tag/conditional signature draft

Hector Santos <hsantos@isdg.net> Tue, 14 April 2015 17:25 UTC

Return-Path: <hsantos@isdg.net>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D51751A01D5 for <dmarc@ietfa.amsl.com>; Tue, 14 Apr 2015 10:25:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.138
X-Spam-Level:
X-Spam-Status: No, score=-101.138 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7mM-1pBp5sOq for <dmarc@ietfa.amsl.com>; Tue, 14 Apr 2015 10:25:48 -0700 (PDT)
Received: from mail.santronics.com (catinthebox.net [208.247.131.9]) by ietfa.amsl.com (Postfix) with ESMTP id 695F71A0143 for <dmarc@ietf.org>; Tue, 14 Apr 2015 10:25:46 -0700 (PDT)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=1650; t=1429032338; h=Received:Received: Received:Received:Message-ID:Date:From:Organization:To:Subject: List-ID; bh=3o7xkJyJVeIOGPeS/l/AN/71PTg=; b=VBj9wRq+lrPmZ8vLDEbH 8HnNpIFDmktXtJ6BKln+/kUGwVItbFeV0j7rGA/Hrik8XSIsWOLkEGTNeOi1fz2q 0QbvEWEcjlFsaG4vGTpNbk3MnMWCKRYoS1puioSc/R+FQ4tz0ykl/ZLX92zQUxOs wY+FtWCVB6nNJNdnI2atGmE=
Received: by winserver.com (Wildcat! SMTP Router v7.0.454.4) for dmarc@ietf.org; Tue, 14 Apr 2015 13:25:38 -0400
Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; adsp=pass policy=all author.d=isdg.net asl.d=beta.winserver.com; dmarc=pass author.d=isdg.net signer.d=beta.winserver.com (atps signer);
Received: from hector.wildcatblog.com (opensite.winserver.com [208.247.131.23]) by winserver.com (Wildcat! SMTP v7.0.454.4) with ESMTP id 2742352739.7719.3668; Tue, 14 Apr 2015 13:25:37 -0400
DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=1650; t=1429032103; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=uhLKQrW qbvyIRqyE/neGZcUqh6qMG6VUvmBd+fSfIdE=; b=Cq9woch28fsM+JISdt+Gskl MYn4QJqn8OJFbwfGzsqeXGU9OesXihHKENK/nguv2AbPip9/OffouAXW1APEHMzf uDHkVPCcw1ycMXpKJe/74WSw5wcq/8TbDAurQfEvZhQcobr7rnx9ui6rY5V3SyOB yMgnuHhh8nE1dpDDvrSg=
Received: by beta.winserver.com (Wildcat! SMTP Router v7.0.454.4) for dmarc@ietf.org; Tue, 14 Apr 2015 13:21:42 -0400
Received: from [192.168.1.2] ([99.121.4.27]) by beta.winserver.com (Wildcat! SMTP v7.0.454.4) with ESMTP id 1334638691.9.5188; Tue, 14 Apr 2015 13:21:42 -0400
Message-ID: <552D4D8D.6070008@isdg.net>
Date: Tue, 14 Apr 2015 13:25:33 -0400
From: Hector Santos <hsantos@isdg.net>
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: dmarc@ietf.org
References: <20150410170856.730.qmail@ary.lan> <2843651.yGUcCboVsT@kitterma-e6430> <552D2E04.8030101@isdg.net> <3116002.DAz6U52Rgm@kitterma-e6430> <552D45ED.3030707@gmail.com>
In-Reply-To: <552D45ED.3030707@gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/dmarc/yvJjMML9TLv-ouZMPqIAWjN4NmE>
Subject: Re: [dmarc-ietf] Updated mandatory tag/conditional signature draft
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Apr 2015 17:25:49 -0000

On 4/14/2015 12:53 PM, Douglas Otis wrote:
> Dear Scott and Hector,
>
> DMARC offers feedback to help identify where a listing is
> needed.  This list can be placed in DNS using hash labels
> and TSIG, for example.

Sure Doug, yes, there are ways to automate this.  The feedback is there
and scripts can be written.

> Since mailing-lists are likely to receive special handling
> It might be assumed that those allowed to post have been
> limited by subscription.  Since a mediator may share a
> domain having other uses, TPA-Label is able to differentiate
> them to close a subscription gap. Any scheme to enable a
> third-party must be very concerned about restricting
> access.  How would you envision access be restricted with
> draft-kucherawy-dkim-delegate or
> draft-levine-dkim-conditional?  In many cases, the From is
> already being munged.

Too complicated.

One assertion needs to be tested:

     Does the ADID authorize the SDID?

You can query the ADID DNS database for this.  How that data gets 
there is a whole different issue.  In the mean time, the WG should 
work on the DMARC protocol making it ready for a 3rd party 
authorization method.   Doug, TPA is too complicated. I am not 
convince it does anything more than what a simpler ATPS will offer or 
a basic Yes/No Query of the ADID/SDID.  TPA is essentially the same 
lookup method but you tied extra meaning. I don't think its necessary. 
Nonetheless, lets propose a new "sam=" tag in DMARC, "Signature 
Authorization Method"

    v=DMARC1;  sam=tpa|atps|fs

This allows for the intelligent receiver to explore and learn which is 
the best method.

-- 
HLS

v2.23.0 | Report a Bug | By Email