Re: [dmarc-ietf] spec nit - which DKIM to report

Elizabeth Zwicky <zwicky@otoh.org> Fri, 21 June 2019 19:06 UTC

Return-Path: <zwicky@otoh.org>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B8ADF120472 for <dmarc@ietfa.amsl.com>; Fri, 21 Jun 2019 12:06:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MIME_QP_LONG_LINE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=otoh.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ViuKtGDf_xzR for <dmarc@ietfa.amsl.com>; Fri, 21 Jun 2019 12:06:48 -0700 (PDT)
Received: from suricate.otoh.org (suricate.otoh.org [173.11.101.67]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF721120456 for <dmarc@ietf.org>; Fri, 21 Jun 2019 12:06:37 -0700 (PDT)
Received: from [172.132.15.241] (unknown [209.131.62.183]) (Authenticated sender: zwicky) by suricate.otoh.org (Postfix) with ESMTPSA id C4D3C11988; Fri, 21 Jun 2019 19:06:29 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=otoh.org; s=2014-12-30; t=1561143990; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=NE/UgPErBEYp9DNkHcmnbXKYsH1TFvTmyF8G4BUgqus=; b=aufVSV9HKkQQkf5xd+wmS7WlpNPMdqEXYVneAmUl2atZYeHNqiiRK15Hl1rGziCZbvwe2n PYvXRdLVhziWxSR4Y6YyCBjTl17BPZsRVg8AWtj6jfsoGDVT9ojoSIA+OU2uqwtuSiNsiH IxbaSmnMk0zmibWCA8H/BS4+TvUID5I=
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (1.0)
From: Elizabeth Zwicky <zwicky@otoh.org>
X-Mailer: iPhone Mail (16F203)
In-Reply-To: <20190621184626.AE1B52016298ED@ary.qy>
Date: Fri, 21 Jun 2019 12:06:13 -0700
Cc: dmarc@ietf.org, tki@tomki.com
Content-Transfer-Encoding: quoted-printable
Message-Id: <8C941177-5B45-4B69-A2CB-C774BFB543FD@otoh.org>
References: <20190621184626.AE1B52016298ED@ary.qy>
To: John Levine <johnl@taugh.com>
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=otoh.org; s=2014-12-30; t=1561143992; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=NE/UgPErBEYp9DNkHcmnbXKYsH1TFvTmyF8G4BUgqus=; b=d8RsHhrvFx9Fzn+bTCkbWjPa7fwlAxjGUHr1wE7RxNfyb0w4Tc/0tozl/CPITovfAvItQ9 T9S5mDruUCGewaSYh/O6mVULkjbDpcXe6LHvO7pIUQ8Nhly/z/yWxbJzMg81GjjtLepHau +ldPq6OyunpV2Hn0rOWPRkioJwWiDN4=
ARC-Seal: i=1; s=2014-12-30; d=otoh.org; t=1561143992; a=rsa-sha256; cv=none; b=uOIIFF+1NsXflwPQLyYFEDCt3tbwxgqYtKJJa1Tra9gp0bDcFJ+p/mtkhsg7Mg5uvJt8rS r27jpA3XgtwkVcYG0HnDzxAqeMTQd0ZtgeagT6KHxaIXDhUQ82IW+XKCneSNsiul8r+Zrb hjs5Rett0E3WpRVFTW9wTyT5AhP1r1w=
ARC-Authentication-Results: i=1; suricate.otoh.org; auth=pass smtp.auth=zwicky smtp.mailfrom=zwicky@otoh.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/zDALDe2zbXhqfQ-_RVeUO1BT084>
Subject: Re: [dmarc-ietf] spec nit - which DKIM to report
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Jun 2019 19:06:52 -0000

I believe they MUST contain any aligned DKIM signature regardless of validity and SHOULD  contain an entry for each domain, selector, result triple. 

Elizabeth 

> On Jun 21, 2019, at 11:46 AM, John Levine <johnl@taugh.com>; wrote:
> 
> In article <7cd366d2-ab8d-cce8-67ff-59b79183cd67@tomki.com>; you write:
>> As mentioned by Elizabeth recently:  (Elizabeth please chime in if this 
>> doesn't capture your meaning)
>> 
>> the spec does not define *which* DKIM signature should be reported in 
>> the DMARC RUA created by a receiver.  The proposed resolution to this is 
>> that if the receiver does not provide the complete set of DKIM 
>> signatures found, they should provide (in order of preference)
>> 1. a signature which passed DKIM in strict alignment with the From: 
>> header domain
>> 2. a signature which passed DKIM in relaxed alignment with the From: 
>> header domain
>> 3. some other signature that passed DKIM
>> 4. some other signature that didn't pass DKIM
> 
> This seeems overcomplex.  How about saying the reports SHOULD include
> all valid DKIM reports.  If they can't, they can't, and I don't see
> any benefit in offering advice on how not to comply.
> 
> 
> 
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc