IETF Logo Mail Archive

Re: [marf] I-D Action: draft-ietf-marf-dkim-reporting-08, was -07

Alessandro Vesely <vesely@tana.it> Fri, 03 February 2012 09:43 UTC

Return-Path: <vesely@tana.it>
X-Original-To: marf@ietfa.amsl.com
Delivered-To: marf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0978F21F85EF for <marf@ietfa.amsl.com>; Fri, 3 Feb 2012 01:43:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.638
X-Spam-Level:
X-Spam-Status: No, score=-4.638 tagged_above=-999 required=5 tests=[AWL=0.081, BAYES_00=-2.599, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WIkZ5aDnmq+d for <marf@ietfa.amsl.com>; Fri, 3 Feb 2012 01:43:11 -0800 (PST)
Received: from wmail.tana.it (mail.tana.it [62.94.243.226]) by ietfa.amsl.com (Postfix) with ESMTP id 0BCF121F85F4 for <marf@ietf.org>; Fri, 3 Feb 2012 01:43:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=test; t=1328262189; bh=iuBnDUpEyGIXfiilyWCefO8kOWMJX4NArdqTSeaJrY0=; l=2422; h=Message-ID:Date:From:MIME-Version:To:References:In-Reply-To: Content-Transfer-Encoding; b=INAxTt0KZnpRAafpa84X6ERAvLhbzMttCbV4KhO0Qkevn/lqyzw+HQqSk5aHhviIV baf+OCZEadWVUjtuK77dB2eN9WE+/3wrbUvL4ESltGIhLzFQG8n060XmM7SQsm0aIT OTM/28uxJAOKQ3pAwbssPzIe0BcioZ3pR60hmL5M=
Received: from [172.25.197.158] (pcale.tana [172.25.197.158]) (AUTH: CRAM-MD5 515, TLS: TLS1.0,256bits,RSA_AES_256_CBC_SHA1) by wmail.tana.it with ESMTPSA; Fri, 03 Feb 2012 10:43:09 +0100 id 00000000005DC033.000000004F2BAC2D.00003628
Message-ID: <4F2BAC2C.7000808@tana.it>
Date: Fri, 03 Feb 2012 10:43:08 +0100
From: Alessandro Vesely <vesely@tana.it>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:9.0) Gecko/20111222 Thunderbird/9.0.1
MIME-Version: 1.0
To: marf@ietf.org
References: <20120130193649.24837.53481.idtracker@ietfa.amsl.com> <F5833273385BB34F99288B3648C4F06F19C9A7DA70@EXCH-C2.corp.cloudmark.com> <4F283C32.7070206@tana.it> <F5833273385BB34F99288B3648C4F06F19C9A7DAB9@EXCH-C2.corp.cloudmark.com> <4F291852.8020807@tana.it> <F5833273385BB34F99288B3648C4F06F19C9A7DAF4@EXCH-C2.corp.cloudmark.com> <4F2A7E8F.9010901@tana.it> <F5833273385BB34F99288B3648C4F06F19C9A7DB52@EXCH-C2.corp.cloudmark.com>
In-Reply-To: <F5833273385BB34F99288B3648C4F06F19C9A7DB52@EXCH-C2.corp.cloudmark.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Subject: Re: [marf] I-D Action: draft-ietf-marf-dkim-reporting-08, was -07
X-BeenThere: marf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Message Abuse Report Format working group discussion list <marf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/marf>, <mailto:marf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/marf>
List-Post: <mailto:marf@ietf.org>
List-Help: <mailto:marf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/marf>, <mailto:marf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Feb 2012 09:43:12 -0000

On 02/Feb/12 19:16, Murray S. Kucherawy wrote:
>> From: ietf.org On Behalf Of Alessandro Vesely
>> 
>>> The I-D is meant to present the mechanisms for requesting and
>>> providing these reports.  That is, "If you're going to do this,
>>> here's how we think you should go about it."  There are some 
>>> obvious concerns with doing so across-the-board without any
>>> checking or thought to it, though one certainly could do that.
>> 
>> What's that "could"?!  There's nothing I can conceivably do besides
>> setting the RR properly.  If that is not enough for getting reports
>> from whoever will happen to get a broken signature, then this I-D is
>> completely useless --I can well receive occasional failure notices from
>> friends based on authfailure-report only.
> 
> I think we're talking past each other here.  What this draft
> presents is a method that amounts to a two-way handshake between
> someone that wants reports about DKIM failures and someone willing
> to generate them.  You need to consider both sides of that
> equation.  For report generators in particular, simply turning this
> on without giving any thought to the potential for creating a mail
> storm is possibly a bad idea, which means we should provide
> appropriate cautions.  For senders/signers, you need to be aware
> that requesting reports might mean you get (legitimately)
> mailbombed.  That's what Sections 8.5 and 8.6 try to point out.

I don't think we are at cross purposes, as we have more matching than
contrasting points.  Yet, at times we are unable to understand each
other --possibly my English doesn't help much.

Define "giving any thought".  Auto or manual?

Section 8.5 is about out-of-band arrangements.  The only sense I'm
able to make of it is that the signer has already set up an FBL with
the report generating domain.  If that's correct, it has to be said
more clearly.  BTW, the last phrase:

   data found in the DKIM signatures, which could have been
   fraudulently inserted.

is obsolete now that the data is checked in the DNS.

Section 8.6 is about run-time control of traffic.  We may solve the
problem or just mention it.  Let's see if anyone else is interested.
In any case, the mailbombing is limited by a max in/out ratio of 3 (if
one fails SPF and DKIM and gets a spam report for each message) so it
should be fine for sites like mine where that ratio is usually around
10~20.

v2.23.0 | Report a Bug | By Email