Re: [dmarc-ietf] Last Call: <draft-ietf-dmarc-arc-protocol-18.txt> (Authenticated Received Chain (ARC) Protocol) to Experimental RFC
Scott Kitterman <scott@kitterman.com> Tue, 30 October 2018 18:40 UTC
Return-Path: <scott@kitterman.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64E18130DD9 for <ietf@ietfa.amsl.com>; Tue, 30 Oct 2018 11:40:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b=2eBFo3Lp; dkim=pass (2048-bit key) header.d=kitterman.com header.b=neboLBX3
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FehwWuTKktT9 for <ietf@ietfa.amsl.com>; Tue, 30 Oct 2018 11:40:33 -0700 (PDT)
Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [IPv6:2607:f0d0:3001:aa::2]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 06A84130DE6 for <ietf@ietf.org>; Tue, 30 Oct 2018 11:40:32 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201803e; t=1540924830; h=date : in-reply-to : references : mime-version : content-type : content-transfer-encoding : subject : to : from : message-id : date : subject : from; bh=IwEBHBHmGKb9h4y/aTqqqTTLfGulgEngh9IRVU+5luc=; b=2eBFo3LpeFCIuXM7NM8ZSQn7d53Ogz4CpURLmjTHXaBXKLhiJSUpvCgo fxbT6CIXggFa0QdwNz7sBg36c71+BQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201803r; t=1540924830; h=date : in-reply-to : references : mime-version : content-type : content-transfer-encoding : subject : to : from : message-id : date : subject : from; bh=IwEBHBHmGKb9h4y/aTqqqTTLfGulgEngh9IRVU+5luc=; b=neboLBX3dQefbvKEqstkf36zdvBrnHZ7kFvdHttx3vgik1amg1XrcUP0 4ivol1GilPDHwKCaKEwq5Y4Bu3zoF4Zk0V2lnt9g1rD9f74n5Gyy0gmRd9 gwwMvy+EUE71YRffChdEcCuhKQ5EGJiqZ8V6XRGSw03do6OcaYsJ9PesBR wcwS9OAjGwL/BUAe2n0oE5zMILRkZwhMaH969WQPx0TozXuzDldbzhJ8Q3 InEZLig0WJHa7/u14DjibOSs7qt4V4nOBYCmX2XLUZmESESk0sXaS11Rmw WsfPfj9r9jupLsKDji63w5aoPzwZXMQXFtpP9ZBbDbxH7zn49XmTMw==
Received: from [10.114.157.227] (mobile-166-170-29-135.mycingular.net [166.170.29.135]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id 55900C4027F; Tue, 30 Oct 2018 13:40:30 -0500 (CDT)
Date: Tue, 30 Oct 2018 18:40:26 +0000
In-Reply-To: <154030726741.31325.18068939197691810125.idtracker@ietfa.amsl.com>
References: <154030726741.31325.18068939197691810125.idtracker@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Subject: Re: [dmarc-ietf] Last Call: <draft-ietf-dmarc-arc-protocol-18.txt> (Authenticated Received Chain (ARC) Protocol) to Experimental RFC
To: ietf@ietf.org
From: Scott Kitterman <scott@kitterman.com>
Message-ID: <5E1058DF-99CE-4D64-A204-B7710914CFBC@kitterman.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/HX9543WoisafIHXIMLrsndyDMjU>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Oct 2018 18:40:36 -0000
On October 23, 2018 3:07:47 PM UTC, The IESG <iesg-secretary@ietf.org> wrote: > >The IESG has received a request from the Domain-based Message >Authentication, >Reporting & Conformance WG (dmarc) to consider the following document: >- >'Authenticated Received Chain (ARC) Protocol' > <draft-ietf-dmarc-arc-protocol-18.txt> as Experimental RFC > >The IESG plans to make a decision in the next few weeks, and solicits >final >comments on this action. Please send substantive comments to the >ietf@ietf.org mailing lists by 2018-11-06. Exceptionally, comments may >be >sent to iesg@ietf.org instead. In either case, please retain the >beginning of >the Subject line to allow automated sorting. ... I have reviewed the latest version of the draft in some detail, primarily with an eye towards updating the implementation that I help maintain (dkimpy) to the current requirements. It's been some time since it was updated (rev -08 and we're at -18 now). I was pleasantly surprised to find that most of the changes in the document were focused on making it more understandable. It has a few rough edges, but nothing I think is problematic for this level of maturity. I understand the desire to just ship it at this point so more operational experience can be gained before another update. With one exception, I agree with that approach. In Section 5.2. Validator Actions, I think it's highly unlikely that Step 5, AMS (ARC Message Structure) validation of AMS header fields beyond the one immediately prior in the chain is useful. Failure doesn't change the ARC result, so there are no interoperability implications for removing it from the draft. The only reason to specify anything is the notion of 'oldest-pass'. This looks like a dubious and premature optimization to me. I didn't and don't plan to implement it. Later, after there is more experience with ARC, if it's established that validation of AMS beyond the immediately prior step in the chain has utility and there is sufficient efficiency associated with 'oldest-pass', it can be added then. 'Oldest-pass' seems like an easy way to get around having downstream validators do AMS validation up the chain (by always adding arc.oldest-pass=1 to all messages). ARC is complicated enough without this and it seems like any easy win for simplicity in design to take this out for now (and we'll see about the future). Deleting it also reduces the IANA considerations. If it's decided to leave it in, it needs a MAY construction rather than OPTIONAL. Scott K
- Re: [dmarc-ietf] Last Call: <draft-ietf-dmarc-arc… Scott Kitterman