Re: WG Review: Domain-based Message Authentication, Reporting & Conformance (dmarc)
Dave Crocker <dhc@dcrocker.net> Wed, 16 July 2014 23:03 UTC
Return-Path: <dhc@dcrocker.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E8A331A0393 for <ietf@ietfa.amsl.com>; Wed, 16 Jul 2014 16:03:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lHvbd-fsPQNc for <ietf@ietfa.amsl.com>; Wed, 16 Jul 2014 16:03:24 -0700 (PDT)
Received: from sbh17.songbird.com (sbh17.songbird.com [72.52.113.17]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8564C1A038E for <ietf@ietf.org>; Wed, 16 Jul 2014 16:03:24 -0700 (PDT)
Received: from [192.168.2.111] (adsl-108-93-153-186.dsl.pltn13.sbcglobal.net [108.93.153.186]) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id s6GN36tj029101 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Wed, 16 Jul 2014 16:03:10 -0700
Message-ID: <53C70443.8020709@dcrocker.net>
Date: Wed, 16 Jul 2014 16:01:23 -0700
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: S Moonesamy <sm+ietf@elandsys.com>, ietf@ietf.org
Subject: Re: WG Review: Domain-based Message Authentication, Reporting & Conformance (dmarc)
References: <20140714164212.22974.20340.idtracker@ietfa.amsl.com> <6.2.5.6.2.20140716100922.0ceba268@resistor.net>
In-Reply-To: <6.2.5.6.2.20140716100922.0ceba268@resistor.net>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.66]); Wed, 16 Jul 2014 16:03:10 -0700 (PDT)
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/rvHWR9a1WVWsYtFB66PtSstXHho
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: dcrocker@bbiw.net
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Jul 2014 23:03:28 -0000
On 7/16/2014 11:30 AM, S Moonesamy wrote: >> Domain-based Message Authentication, Reporting & Conformance (DMARC) >> uses existing mail authentication technologies (SPF and DKIM) to >> extend validation to the RFC5322.From field. DMARC uses DNS records >> to add policy-related requests for receivers and defines a feedback >> mechanism from receivers back to domain owners. This allows a domain >> owner to advertise that mail can safely receive differential >> handling, such as rejection, when the use of the domain name in the >> From field is not authenticated. Existing deployment of DMARC has >> demonstrated utility at internet scale, in dealing with significant >> email abuse, and has permitted simplifying some mail handling >> processes. > > There are some mail services who provide mailboxes with mailing lists > impediments. Yes, but how does (or should) your comment affect the draft charter text? >> The existing base specification is being submitted as an Independent >> Submission to become an Informational RFC. > > In a message dated April 22, I commented as follows: > > Section 16 describes IANA registry updates. I suggest contacting the > IETF Application Directors for information about the procedure to be > followed for the registry updates. > > My reading of the sentence about "Informational RFC" (quoted above) is > that the IESG concluded that the base specification can be published > without any changes (see Point 4 or 5 in BCP 92). The draft charter text only notes the fact of submission and says nothing about the further processing that has, might or will take place. The IESG assessment is part of the 'will'. >> The working group will seek to preserve interoperability with the >> installed base of DMARC systems, and provide detailed justification >> for any non-interoperability. As the working group develops solutions >> to deal with indirect mail flows, it will seek to maintain the >> end-to-end nature of existing identifier fields in mail, in >> particular avoiding solutions that require rewriting of originator >> fields. > > The last paragraph above sets a high bar for changes. As a note, some > mailing lists have already implemented a "via" rewrite. Yes, it does set a high bar. As for actions already taken by some operators, those certainly should provide interesting input for consideration. However the mere fact of those choices having been made does not mean that they are preferred or even useful. That's what the working group will (I hope) consider. >> Working group activities will pursue three tracks: >> >> 1. Addressing the issues with indirect mail flows >> >> The working group will specify mechanisms for reducing or eliminating >> the DMARC's effects on indirect mail flows, including deployed >> behaviors of many different intermediaries, such as mailing list >> managers, automated mailbox forwarding services, and MTAs that >> perform enhanced message handling that results in message >> modification. Among the choices for addressing these issues are: >> >> - A form of DKIM signature that is better able to survive transit >> through intermediaries. >> >> - Collaborative or passive transitive mechanisms that enable an >> intermediary to participate in the trust sequence, propagating >> authentication directly or reporting its results. > > What is the meaning of "collaborative or passive transitive mechanisms"? Yes, it's a challenge to figure out how to word that concisely and helpfully, given that the charter has already been criticized for being too long. So, the intent of the phrase is to distinguish between mechanisms that might provide author-to-recipient utility, either due to a 'collaborative' effort by both the author's operator and the intermediary, or solely by the author's operator, with the intermediary instead being 'passive'. An example would be a mechanism that requires the intermediary to add its own signature, versus one that might survive the intermediary, even without the intermediary taking special action. > I'll defer to the DNS experts on the matter of the "public suffix". That's the intent of the charter, except to the extent that the dmarc wg might develop some useful input to a separate public suffix effort. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net
- Re: WG Review: Domain-based Message Authenticatio… Dave Crocker
- Re: WG Review: Domain-based Message Authenticatio… Scott Kitterman
- Re: WG Review: Domain-based Message Authenticatio… Viktor Dukhovni
- Re: WG Review: Domain-based Message Authenticatio… Douglas Otis
- Re: WG Review: Domain-based Message Authenticatio… Viktor Dukhovni
- Re: WG Review: Domain-based Message Authenticatio… Scott Kitterman
- Re: WG Review: Domain-based Message Authenticatio… Viktor Dukhovni
- not really to do with Re: WG Review: Domain-based… t.p.
- Re: not really to do with Re: WG Review: Domain-b… Viktor Dukhovni
- Re: WG Review: Domain-based Message Authenticatio… John Levine
- Re: not really to do with Re: WG Review: Domain-b… ned+ietf
- Re: not really to do with Re: WG Review: Domain-b… Dave Crocker
- Re: WG Review: Domain-based Message Authenticatio… Scott Kitterman
- RE: not really to do with Re: WG Review: Domain-b… Christian Huitema
- Re: not really to do with Re: WG Review: Domain-b… ned+ietf
- Re: WG Review: Domain-based Message Authenticatio… Murray S. Kucherawy
- Re: WG Review: Domain-based Message Authenticatio… Murray S. Kucherawy
- Re: not really to do with Re: WG Review: Domain-b… John Levine
- Re: WG Review: Domain-based Message Authenticatio… Scott Kitterman
- Re: not really to do with Re: WG Review: Domain-b… Dave Crocker
- Re: not really to do with Re: WG Review: Domain-b… Viktor Dukhovni
- Re: not really to do with Re: WG Review: Domain-b… Douglas Otis
- Re: not really to do with Re: WG Review: Domain-b… John Levine
- Re: not really to do with Re: WG Review: Domain-b… Scott Kitterman
- Re: not really to do with Re: WG Review: Domain-b… Dave Crocker
- Re: not really to do with Re: WG Review: Domain-b… Viktor Dukhovni
- Re: not really to do with Re: WG Review: Domain-b… Niels Dettenbach (Syndicat IT&Internet)
- Re: really to do with Re: WG Review: Domain-based… Alessandro Vesely
- Re: not really to do with Re: WG Review: Domain-b… Scott Kitterman
- Re: not really to do with Re: WG Review: Domain-b… t.p.
- Re: WG Review: Domain-based Message Authenticatio… Dave Crocker
- Re: not really to do with Re: WG Review: Domain-b… Hector Santos
- Re: WG Review: Domain-based Message Authenticatio… Hector Santos
- Re: WG Review: Domain-based Message Authenticatio… Pete Resnick
- Re: WG Review: Domain-based Message Authenticatio… S Moonesamy
- Re: WG Review: Domain-based Message Authenticatio… Dave Crocker
- Re: WG Review: Domain-based Message Authenticatio… S Moonesamy
- Re: WG Review: Domain-based Message Authenticatio… Dave Crocker
- Re: WG Review: Domain-based Message Authenticatio… Martin Rex
- Re: WG Review: Domain-based Message Authenticatio… Dave Crocker
- Re: WG Review: Domain-based Message Authenticatio… Martin Rex
- Re: WG Review: Domain-based Message Authenticatio… Randy Bush
- Re: WG Review: Domain-based Message Authenticatio… John Levine
- Re: WG Review: Domain-based Message Authenticatio… S Moonesamy
- Re: WG Review: Domain-based Message Authenticatio… Barry Leiba
- Re: WG Review: Domain-based Message Authenticatio… John C Klensin
- Re: WG Review: Domain-based Message Authenticatio… Dave Crocker
- Re: WG Review: Domain-based Message Authenticatio… S Moonesamy
- Re: WG Review: Domain-based Message Authenticatio… John C Klensin
- Re: WG Review: Domain-based Message Authenticatio… John C Klensin
- Re: WG Review: Domain-based Message Authenticatio… Barry Leiba
- Re: WG Review: Domain-based Message Authenticatio… John R Levine
- Re: WG Review: Domain-based Message Authenticatio… Martin Rex
- Registration policies (was: WG Review: Domain-bas… S Moonesamy
- Re: Registration policies (was: WG Review: Domain… Barry Leiba
- Re: WG Review: Domain-based Message Authenticatio… Dave Crocker
- Re: WG Review: Domain-based Message Authenticatio… Pete Resnick
- Re: WG Review: Domain-based Message Authenticatio… Murray S. Kucherawy
- Re: WG Review: Domain-based Message Authenticatio… Pete Resnick
- Re: Registration policies (was: WG Review: Domain… S Moonesamy
- Re: Registration policies (was: WG Review: Domain… Barry Leiba
- Re: Registration policies (was: WG Review: Domain… Murray S. Kucherawy
- Re: Registration policies (was: WG Review: Domain… Barry Leiba
- Re: Registration policies (was: WG Review: Domain… Murray S. Kucherawy
- [***SPAM***] Re: Registration policies (was: WG R… S Moonesamy
- Re: WG Review: Domain-based Message Authenticatio… ned+ietf
- Re: WG Review: Domain-based Message Authenticatio… Hector Santos
- Re: WG Review: Domain-based Message Authenticatio… Martin Rex
- Re: WG Review: Domain-based Message Authenticatio… Murray S. Kucherawy
- Re: WG Review: Domain-based Message Authenticatio… Stuart Barkley
- Re: WG Review: Domain-based Message Authenticatio… Randy Bush
- Re: WG Review: Domain-based Message Authenticatio… John Levine
- DMARC and ietf.org Michael Richardson
- Re: WG Review: Domain-based Message Authenticatio… Douglas Otis
- Re: WG Review: Domain-based Message Authenticatio… S Moonesamy
- Re: DMARC and ietf.org Brian E Carpenter
- Re: [***SPAM***] Re: Registration policies (was: … Barry Leiba
- Re: DMARC and ietf.org John C Klensin
- Re: DMARC and ietf.org Brian E Carpenter
- Re: DMARC and ietf.org Hector Santos
- Re: DMARC and ietf.org Miles Fidelman
- Re: WG Review: Domain-based Message Authenticatio… Eric Burger
- Re: DMARC and ietf.org Brian E Carpenter
- Re: DMARC and ietf.org Miles Fidelman
- Re: DMARC and ietf.org Pete Resnick
- Re: DMARC and ietf.org Dave Crocker
- Re: [dmarc-ietf] WG Review: Domain-based Message … Hector Santos
- Re: WG Review: Domain-based Message Authenticatio… Martin Rex
- Re: DMARC and ietf.org Martin Rex
- Re: DMARC and ietf.org John Levine
- Re: DMARC and ietf.org Hector Santos
- RE: DMARC and ietf.org MH Michael Hammer (5304)
- Re: DMARC and ietf.org Hector Santos
- RE: DMARC and ietf.org MH Michael Hammer (5304)
- Re: DMARC and ietf.org Hector Santos
- Re: DMARC and ietf.org Viktor Dukhovni
- Re: DMARC and ietf.org Hector Santos
- Re: DMARC and ietf.org John Levine
- Re: DMARC and ietf.org John Levine
- Re: DMARC and ietf.org Rich Kulawiec
- Re: DMARC and ietf.org John Levine
- Re: DMARC and ietf.org Alessandro Vesely
- Re: DMARC and ietf.org Dave Crocker
- Re: DMARC and ietf.org Brian E Carpenter
- Re: DMARC and ietf.org ned+ietf
- Re: DMARC and ietf.org Russ Housley
- Re: DMARC and ietf.org ned+ietf
- Re: DMARC and ietf.org Dave Crocker
- Re: DMARC and ietf.org Brian E Carpenter
- Re: DMARC and ietf.org Dave Crocker
- Re: DMARC and ietf.org Michael Richardson
- Re: DMARC and ietf.org Michael Richardson
- Re: DMARC and ietf.org Michael Richardson
- Re: DMARC and ietf.org Andrew G. Malis
- Re: DMARC and ietf.org Russ Housley
- Re: DMARC and ietf.org Michael Richardson
- Re: DMARC and ietf.org Brian E Carpenter
- Re: DMARC and ietf.org Brian E Carpenter
- Re: DMARC and ietf.org Dave Crocker
- Re: DMARC and ietf.org Russ Housley
- Re: DMARC and ietf.org Michael Richardson
- Re: DMARC and ietf.org John Payne
- Re: DMARC and ietf.org John Levine