Re: [marf] Adrian Farrel's No Objection on draft-ietf-marf-as-15: (with COMMENT)

"Murray S. Kucherawy" <> Wed, 25 April 2012 20:17 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id EA45D21F88F5 for <>; Wed, 25 Apr 2012 13:17:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -102.555
X-Spam-Status: No, score=-102.555 tagged_above=-999 required=5 tests=[AWL=0.044, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id XmG6Ypm6bxeJ for <>; Wed, 25 Apr 2012 13:17:37 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 7ED7B21F88F7 for <>; Wed, 25 Apr 2012 13:17:36 -0700 (PDT)
Received: from ([]) by with bizsmtp id 2LHF1j0010as01C01LHF0e; Wed, 25 Apr 2012 13:17:24 -0700
X-CMAE-Match: 0
X-CMAE-Score: 0.00
X-CMAE-Analysis: v=2.0 cv=K4ag7lqI c=1 sm=1 a=QMZKka45TBd+hNGtXG2bIg==:17 a=LvckAehuu68A:10 a=Qrv36LpUKT8A:10 a=zutiEJmiVI4A:10 a=IkcTkHD0fZMA:10 a=xqWC_Br6kY4A:10 a=AEDFM0qtAAAA:8 a=48vgC7mUAAAA:8 a=BKtCKEuFW1E-ie4T75AA:9 a=DcKsNv578sS9B2pPO8oA:7 a=QEXdDO2ut3YA:10 a=jqlaW5bC1iAA:10 a=ObgSaLnxuQYGMWPp:21 a=g1xTM8VxK5Erw1K9:21 a=QMZKka45TBd+hNGtXG2bIg==:117
Received: from ([fe80::addf:849a:f71c:4a82]) by ([fe80::54de:dc60:5f3e:334%10]) with mapi id 14.01.0355.002; Wed, 25 Apr 2012 13:16:53 -0700
From: "Murray S. Kucherawy" <>
To: Adrian Farrel <>, The IESG <>
Thread-Topic: Adrian Farrel's No Objection on draft-ietf-marf-as-15: (with COMMENT)
Thread-Index: AQHNIwXRTxBGS3SrIUOXRS0NLNxzHpar+fwA
Date: Wed, 25 Apr 2012 20:16:52 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=default; t=1335385044; bh=gZmk7tJnOMM5goZUPsXL8ur7y9BktTEZtifhyfzNz9s=; h=From:To:CC:Subject:Date:Message-ID:References:In-Reply-To: Content-Type:Content-Transfer-Encoding:MIME-Version; b=hoTiyURvi46CzI9w0O9wmF1kdaFmG5DPunbAk/bOkUUzggKRXBeIgRNdQnsfdAOIt 9VwG2IOnVmpeAPEFSzG0BF2JPXwKAIh9fqJ/DktuNr1gHn66p427q9dweckPEq/uxZ TME9dseLX373xJNOxKAu07A4/0X6ZWIDtqfR4uTk=
Cc: "" <>, "" <>, "" <>
Subject: Re: [marf] Adrian Farrel's No Objection on draft-ietf-marf-as-15: (with COMMENT)
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Message Abuse Report Format working group discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 25 Apr 2012 20:17:38 -0000

Hi Adrian,

> -----Original Message-----
> From: Adrian Farrel []
> Sent: Wednesday, April 25, 2012 10:07 AM
> To: The IESG
> Cc:;
> Subject: Adrian Farrel's No Objection on draft-ietf-marf-as-15: (with
> Adrian Farrel has entered the following ballot position for
> draft-ietf-marf-as-15: No Objection
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
> Please refer to
> criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> Forgive me, but doesn't section 8.2 say that forged abuse reports
> constitue a real problem and the two mechanisms available to protect
> against them may result in genuine abuse reports being discarded?

Yes to the first point.  The second point is true of all email, not just abuse reports; if the signer's infrastructure is causing signatures to break, there's no reason to trust the reports even though they bear some kind of signature.  The same goes for, say, a message from your bank that's signed but the signature fails to validate.

> Is the message here "chosse which you think might be the least worse
> problem" or is it "you should use DKIM and SPF, but be aware that you
> may lose some genuine reports"?

It's "You should use DKIM and/or SPF, but make sure they're working properly if you want to reap the benefits."

> I would have liked some clarification as to which message is being
> sent.

That section is only talking about reports.  Which part is unclear?