Re: [Ietf-dkim] DKIM-Signature: r=y and MLM

"Murray S. Kucherawy" <superuser@gmail.com> Sat, 18 August 2018 21:45 UTC

Return-Path: <superuser@gmail.com>
X-Original-To: ietf-dkim@ietfa.amsl.com
Delivered-To: ietf-dkim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6FC59130E06 for <ietf-dkim@ietfa.amsl.com>; Sat, 18 Aug 2018 14:45:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mIHmtLFH6K_E for <ietf-dkim@ietfa.amsl.com>; Sat, 18 Aug 2018 14:45:43 -0700 (PDT)
Received: from mail-lf1-x129.google.com (mail-lf1-x129.google.com [IPv6:2a00:1450:4864:20::129]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 26B32130DE2 for <Ietf-dkim@ietf.org>; Sat, 18 Aug 2018 14:45:43 -0700 (PDT)
Received: by mail-lf1-x129.google.com with SMTP id a134-v6so8282730lfe.6 for <Ietf-dkim@ietf.org>; Sat, 18 Aug 2018 14:45:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=A+5Bud3IKMmr8FOShC26UkoJ54R+SbEwhB4NvSe+izc=; b=smEKKSr5XTufdTD6ZKhZ1tlBXHIs0fgIniaT2JK2SErV3IYJ4G5iQEnqTNFxmxF0cY oRCrYtXe/iCp5xL1i5FjQZEX8J6ICNmgdneOjsT8/ur9AMEiRuqhotaz2TiX6h3El+UK i3sOnj2VDdQGpn+MSANpRQ9q8ztPJsE6QLwzGA+RxbaZy/SJTrl0xf/RF5HZkTCU2BYI is0SoH4YHi1wzC7E8ULXHV562sHFhRVbpBqLji0iTyE/kgpnA9EP6A+r2wA16jiaFL/V yFr2dDl9PrQ6KvZfnBmAQLJYNIosH/pHakxxUasbFSEM4p7jXL4zvYwplAzPKntK/dxh 0JoA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=A+5Bud3IKMmr8FOShC26UkoJ54R+SbEwhB4NvSe+izc=; b=ift0imJTd0ySVXaBuGanc8gRUrHKi9Q5bf6bao+6MKF//w90Mjq8j1l0r+S0WRgqcH 9msw0PpO5+q9aZ5ZSTBJxH4wCKNVPmgvdVV+jW7Tg9896BuIZrlaPgZwcwpIVw1pbQr+ TjTmtCQ8P4QzaewgKRC5IeUYpPKY4SceNUYYS+FM/zQ9fpTLHEZmUiMqye2t2vjABXLm XqCu5rD1g4LQCxGruZFaJeUmYowj+qs47fV5MJtLzu0h6WeDTLFhe8CbEuahnOO5L0gD r3Jka3HlrrSuJaC+xBG0AGcI2mHIFz+m6fI5yAHBHljNKW7gilGNqxO01eVDYhrqFYXm q/7g==
X-Gm-Message-State: AOUpUlFrcFDpvGVUh5G3kP0PAWg0ZqrIdJxNEubu2FKfIUAZM4mL6qQg v4fgo9C1rXgChC98d3Lz2wnGSleW0MT78W4+gLY=
X-Google-Smtp-Source: AA+uWPxQnkDJjmuxazh90X+7rv5jjY/au7ShlOUnzFYPWQPFsZpaaXZ9jqQUtaLq/E4zXxhdZ3xMYw9qmwIH5PTkBuI=
X-Received: by 2002:a19:5353:: with SMTP id h80-v6mr10943679lfb.9.1534628741317; Sat, 18 Aug 2018 14:45:41 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a2e:3a13:0:0:0:0:0 with HTTP; Sat, 18 Aug 2018 14:45:40 -0700 (PDT)
In-Reply-To: <98aff90a-2198-854f-f1e6-85fd704cb7d1@tana.it>
References: <20180811033840.Horde.i6llD-AtvgzyNIjbhTs-nkS@webmail.aegee.org> <98aff90a-2198-854f-f1e6-85fd704cb7d1@tana.it>
From: "Murray S. Kucherawy" <superuser@gmail.com>
Date: Sat, 18 Aug 2018 14:45:40 -0700
Message-ID: <CAL0qLwYBqUGT=xJQzBvHodJdAN1Z4_dPk0toeYHsJ_T-hMzghA@mail.gmail.com>
To: Alessandro Vesely <vesely@tana.it>
Cc: Dilyan Palauzov <Dilyan.Palauzov@aegee.org>, Ietf-dkim@ietf.org
Content-Type: multipart/alternative; boundary="000000000000fd08240573bc98c9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-dkim/s5PStMliR_NIYzzD8DrSYxW3uA0>
Subject: Re: [Ietf-dkim] DKIM-Signature: r=y and MLM
X-BeenThere: ietf-dkim@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IETF DKIM List <ietf-dkim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-dkim/>
List-Post: <mailto:ietf-dkim@ietf.org>
List-Help: <mailto:ietf-dkim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Aug 2018 21:45:47 -0000

On Fri, Aug 17, 2018 at 4:15 AM, Alessandro Vesely <vesely@tana.it>; wrote:

> > The DKIM aggregate reports show whether a server signs correctly all
> mails or
> > not.  If the aggregate reports show that this is sometimes (let's say in
> 1%)
> > not done correctly, the signer has no way to find for which email the
> signing
> > has not worked and cannot fix the signing software, unless a report for
> the
> > failing mail is sent with r=y.
>
> Well, nope.  Aggregate reports belong to DMARC.  Consider adding a rua=
> address
> to your DMARC record.  Sometimes aggregate reports allow a postmaster to
> pin
> which message triggered it.  If you also set a ruf= address, you might
> receive
> ARF reports as well.
>

+1.

> I suggest here in to suggest in a more formal manner, that MLMs modifying
> a
> > message are supposed to remove the r=y part of just invalidated
> DKIM-Signature
> > and this logic is also applied for ARC, if relevant (I don't know ARC).
> Fixing
> > only ARC will not help, as there is software that follows DKIM, but has
> no idea
> > about ARC.
>
> AFAIK, ARC is not involved in reporting.  My feeling is that the whole
> topic
> now belongs to DMARC's territory.


+1.

As for rfc6651, it also specifies how to obtain reports for ADSP, which was
> moved to Historical status.  Unless your experience testifies to a relevant
> community traction, I'd propose rfc6651 be moved to Historical status too,
> and
> its format description be moved to rfc7489bis, whenever it comes about.
>

OpenDKIM still implements RFC6651 and finds it useful for debugging
problems with new implementations, so at least from that perspective I
don't think historical status for it is warranted.  If an update is needed
to cover the issues raised here, that's possibly worth pursuing.

-MSK