Re: [secdir] [spfbis] SECDIR Review of draft-ietf-spfbis-4408bis-19
Dotzero <dotzero@gmail.com> Wed, 11 September 2013 14:43 UTC
Return-Path: <dotzero@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E60121E811B; Wed, 11 Sep 2013 07:43:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d4tMI+FgMre6; Wed, 11 Sep 2013 07:43:33 -0700 (PDT)
Received: from mail-la0-x231.google.com (mail-la0-x231.google.com [IPv6:2a00:1450:4010:c03::231]) by ietfa.amsl.com (Postfix) with ESMTP id E008421E80B1; Wed, 11 Sep 2013 07:43:32 -0700 (PDT)
Received: by mail-la0-f49.google.com with SMTP id ev20so7299535lab.8 for <multiple recipients>; Wed, 11 Sep 2013 07:43:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=oQa+aiAN9WOxBEq8tB45uXMraS7w9sEwPffFK0PAPtU=; b=gzZFxCfxw50aD0c+fRKoPmePUJMKo0OAq1pmPKahIzV6WpzlnXPWYEo1lr3JzYites 2HylnTIbwrnnbkwLLQOhyIZIJfd3FAVci2Otybg37tAIb9eLDT6VgFZ2BwRoNze8T/TR MGh3tuZlOvNVjDSOEV5MUhPrUsSZ8Aj75ACv6MEUFZwhin38v7dQiOw78VEYkXzTUU0b AH/VnH4XR4VyRGpPQXHGwqPQog5IN3Ejcy9yyoaD21f5xEJ87/66V2NWQ3NzJIGLNznO TUv7aiG2iZSg+SsjKt07lA9hbP7lRJ15rtOc3tooaPkBLl9Hfl7f+ME53RgSeDbwqRnY B8oA==
MIME-Version: 1.0
X-Received: by 10.112.11.20 with SMTP id m20mr17320lbb.56.1378910611771; Wed, 11 Sep 2013 07:43:31 -0700 (PDT)
Received: by 10.112.137.163 with HTTP; Wed, 11 Sep 2013 07:43:31 -0700 (PDT)
In-Reply-To: <CAL0qLwZ1HXEfTzvL9KtRmLRvfsgEB4Fy5x7EMV7qjekG7oTwLA@mail.gmail.com>
References: <CAMm+Lwg4hcnk+uPQZizeRM++tic4utQ4P4mFFeKoq=Dx=0nvJw@mail.gmail.com> <6.2.5.6.2.20130911060419.0ddb37c8@elandnews.com> <CAL0qLwZ1HXEfTzvL9KtRmLRvfsgEB4Fy5x7EMV7qjekG7oTwLA@mail.gmail.com>
Date: Wed, 11 Sep 2013 10:43:31 -0400
Message-ID: <CAJ4XoYdK6PEGN6D7zG0qwS+5ydfgeGm=tTG-6BfR5v6_QwxdVg@mail.gmail.com>
From: Dotzero <dotzero@gmail.com>
To: "Murray S. Kucherawy" <superuser@gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"
X-Mailman-Approved-At: Wed, 11 Sep 2013 11:19:22 -0700
Cc: "secdir@ietf.org" <secdir@ietf.org>, S Moonesamy <sm+ietf@elandsys.com>, "spfbis@ietf.org" <spfbis@ietf.org>, The IESG <iesg@ietf.org>, draft-ietf-spfbis-4408bis.all@tools.ietf.org
Subject: Re: [secdir] [spfbis] SECDIR Review of draft-ietf-spfbis-4408bis-19
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Sep 2013 14:43:34 -0000
On Wed, Sep 11, 2013 at 9:43 AM, Murray S. Kucherawy <superuser@gmail.com> wrote: > On Wed, Sep 11, 2013 at 6:22 AM, S Moonesamy <sm+ietf@elandsys.com> wrote: >> >> I am responding to the comment about DKIM only and wait for the SPFBIS WG >> to address the other issues. > > > Was the SecDir review for this draft posted to the spfbis list? I haven't > seen it. > >> >> >>> The Security Considerations section is adequate for the purpose except >>> that no mention is made anywhere in the specification about DKIM and how a >>> mail receiver should interpret presence of DKIM and SPF policy at the same >>> time. This is a legitimate concern since DKIM is already a standards track >>> proposal and SPF is only now being promoted to Standards Track. Thus the SPF >>> document should address the question of dual use. >> >> >> There was a BoF at the last IETF meeting to discuss proposals about how to >> interpret the presence of DKIM and/or SPF policy at the same time ( >> http://www.ietf.org/proceedings/87/minutes/minutes-87-dmarc ). The dual use >> can be addressed as part of the DMARC effort. > > > DKIM has no intrinsic policy component. Are we actually talking about ADSP > here? > > Assuming we are, I think the best we could do is to note that it's possible > for ADSP and SPF to yield conflicting policy results; one could be a "pass" > while the other could be a "fail", meaning the receiving MTA now has one > "reject" instruction and one "accept" instruction. The receiving ADMD will > have to make a decision about which one ought to get precedence. > > ADSP should be relegated to historical. Very little implementation on the publishing side and even less validation on the receiving side. We (all of the usual suspects in this space) made compromises to get it out the door and we collectively got it wrong. Having said that, I could live with some kind of note in the SPFbis doc along the lines of what Murray suggests. Mike
- [secdir] SECDIR Review of draft-ietf-spfbis-4408b… Phillip Hallam-Baker
- Re: [secdir] SECDIR Review of draft-ietf-spfbis-4… S Moonesamy
- Re: [secdir] [spfbis] SECDIR Review of draft-ietf… Murray S. Kucherawy
- Re: [secdir] [spfbis] SECDIR Review of draft-ietf… Phillip Hallam-Baker
- Re: [secdir] [spfbis] SECDIR Review of draft-ietf… Murray S. Kucherawy
- Re: [secdir] [spfbis] SECDIR Review of draft-ietf… Dotzero
- Re: [secdir] [spfbis] SECDIR Review of draft-ietf… Dave Crocker
- Re: [secdir] [spfbis] SECDIR Review of draft-ietf… Donald Eastlake
- Re: [secdir] SECDIR Review of draft-ietf-spfbis-4… S Moonesamy