Re: DMARC and ietf.org

Hector Santos <hsantos@isdg.net> Sun, 20 July 2014 16:45 UTC

Return-Path: <hsantos@isdg.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 349261B2884 for <ietf@ietfa.amsl.com>; Sun, 20 Jul 2014 09:45:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.402
X-Spam-Level:
X-Spam-Status: No, score=-101.402 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, J_CHICKENPOX_16=0.6, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RrVEPJRtJqkw for <ietf@ietfa.amsl.com>; Sun, 20 Jul 2014 09:45:14 -0700 (PDT)
Received: from mail.santronics.com (listserv.winserver.com [208.247.131.9]) by ietfa.amsl.com (Postfix) with ESMTP id 572DF1B287A for <ietf@ietf.org>; Sun, 20 Jul 2014 09:45:14 -0700 (PDT)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=1846; t=1405874705; h=Received:Received: Received:Received:Message-ID:Date:From:Organization:To:Subject: List-ID; bh=sZh2VRlmE0gsj5nxHF5EVxe7Pq4=; b=jhbvApRFb+8ioKhoGWtf 1g+PFe0PVRRfFr/sF/5KfKbIA0YTzRApgXYZnwsdyErfhcnd4HI+a5yqFolRCRto uNGITPikoM+LjHkqUi4QvhIU1A53DTg/nZSIiAzmnpY8YdrklsTq/Y0A9EoGcggM OILXMeMn44y3LP2j00rncog=
Received: by winserver.com (Wildcat! SMTP Router v7.0.454.4) for ietf@ietf.org; Sun, 20 Jul 2014 12:45:05 -0400
Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; adsp=pass policy=all author.d=isdg.net asl.d=beta.winserver.com;
Received: from hector.wildcatblog.com (opensite.winserver.com [208.247.131.23]) by winserver.com (Wildcat! SMTP v7.0.454.4) with ESMTP id 1059820639.3783.3688; Sun, 20 Jul 2014 12:45:04 -0400
DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=1846; t=1405874466; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=+KbUoQU UdCFCgPmg1vrYjrpR91XpiZ6XhLxcdtmKWh0=; b=wS2FNuGiS9kh60fVk0ZRB+X WQgkRAwsoZq6OgQZS3xr2B3K6hgLR9ZyI4Eu10VNxlV7VNCiBc+j5dbxlc6IV2cF uo4jg5sWKSVyT03BQzzs8JhOc+sCZVVCqisJ/xFCxla2f1K0xOo2o0S2J1Zqyym/ prfKjsxNxDY3aNnEs2sI=
Received: by beta.winserver.com (Wildcat! SMTP Router v7.0.454.4) for ietf@ietf.org; Sun, 20 Jul 2014 12:41:06 -0400
Received: from [192.168.1.2] ([99.121.4.27]) by beta.winserver.com (Wildcat! SMTP v7.0.454.4) with ESMTP id 1076146532.9.3580; Sun, 20 Jul 2014 12:41:06 -0400
Message-ID: <53CBF20C.9090708@isdg.net>
Date: Sun, 20 Jul 2014 12:45:00 -0400
From: Hector Santos <hsantos@isdg.net>
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: Brian E Carpenter <brian.e.carpenter@gmail.com>, Michael Richardson <mcr+ietf@sandelman.ca>
Subject: Re: DMARC and ietf.org
References: <CAL0qLwYZPO9L9e7MHA6zP5vcTbQEJmwCSonLdMeQiOw4CUoiFw@mail.gmail.com> <20140718174827.652621ADAF@ld9781.wdf.sap.corp> <6.2.5.6.2.20140719235353.0c50d260@resistor.net> <25621.1405862805@sandelman.ca> <53CBCC41.5000907@gmail.com>
In-Reply-To: <53CBCC41.5000907@gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/OG_7MaBm7_W31ZK5DNJS8PJNDcU
Cc: iaoc@ietf.org, ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Jul 2014 16:45:15 -0000

On 7/20/2014 10:03 AM, Brian E Carpenter wrote:
> On 21/07/2014 01:26, Michael Richardson wrote:
>> Regardless of how/if/why/when we process DMARC as a specification, we need to
>> decide how ietf.org MTA is going to deal with things.
>>
>> 1) someone has to fund changes to mailman, and perform testing, installation,
>>     and community education for the IETF mailing lists.  That implies that
>>     we have to decide *for ourselves* where and how we will "break" the
>>     DMARC/DKIM connection,  and if we will reject email from p=reject senders
>>     before we attempt to relay.
>
> I thought the preferred solution was to rewrite the From for those users only.

-1.

Its not the preferred solution. Not one iota. Please don't endorse 
this radical "email game changing" behavior.  Since you are among the 
"top IETF key cogs," if its preferred among the IETF key cogs, as you 
are making it sound, then this is not good at all. It would be a 
serious "game changer."  It goes to show how much the IETF really 
cares about the concerns for the wider and entire mail networking 
community which is obviously becoming less and less. It will set a 
terrible precedence and obvious security loophole if you crack open 
this door.  The "From" could never be trusted again and the new 
algorithms necessary to separate and categorized the good from the 
bad, will be overwhelming and complex at all levels.

Plus, if you ask and explore the risk and liability issues with your 
chief council, you could be playing with fire here. I wouldn't do it. 
  Bad idea.

I don't recommend any change to the ietf.org list mail process 
regarding DMARC until there is a 3rd party authorization framework in 
place.  The lack of one currently should not suggest breaking security 
as the "path of least resistance" should be endorsed by the IETF.

-- 
HLS