IETF Logo Mail Archive

Re: [lamps] [EXTERNAL] Re: CAA processing for email addresses

Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 01 December 2022 00:51 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25AA1C157B39 for <spasm@ietfa.amsl.com>; Wed, 30 Nov 2022 16:51:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F58qhgjyWI-7 for <spasm@ietfa.amsl.com>; Wed, 30 Nov 2022 16:51:47 -0800 (PST)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-db3eur04on0725.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0c::725]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 92A26C15258D for <spasm@ietf.org>; Wed, 30 Nov 2022 16:51:47 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IorCN4hWvU0IGZaU6GdFElKWDom7vEmFP8eVjf2Zn5YyhdgmCpJglMiCd+RR+bxpli9z5kVlBsJBHIYCzn9z2NJPD5ftKN/50Ak3AUjQEvwEQTzT05avH8EHooL9RfV888o9TG3YmlTyeJHTkWoB+FsMeNP/JYAzFe/GZwuMwwb3ZC5dhRB3xZqEqqwoP4inR4MV+ZBRG3kKaHF0Eiczfg1cx/BhUFyN5pULNVhoMcWUvImuEjB/yAiAFTEKtGyICi08k5/5xCGaPHEHRf0/Qy8fctBG2wp9oOCDdGeMNwCfYxZx/oHb3iGXuOX4WtByeJzr3QVwT6wdN0hC4I1noQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=e0Lhdd/LlzViicKBoBO/SssZ7UEsl5XcOcSGmgkk3rQ=; b=Mc39TX89msRjwmuoPCn+qNVAh+wv2btf3JkfSWFD2fWDUh78BQ2UZ9cpTlGxn7T5di+w+24XlGVO3g0eP/4WclYLPTzuaAPlCIMiafteh0aS3jsTXSHpzLhMOkJyIQhEic1KMeAW42vNna5qE1e33r2wpCtQom34MCLVOvlr+m5e+RFVGYoduxCXsdthPgbdjzZ4ew1AyPGNM4ZxeHuPOC76OcSVYugR8+G9rzajAvzeyvEy6OtRxUxLtoiNYDpxWrxXpo3lCM3VlU0POV72UXqINWWaBxq6i7kMcJsa7ju6GkjWNXBFiquSfnhjLVR3+V7PuVETSWZz+5+KHCabzg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=e0Lhdd/LlzViicKBoBO/SssZ7UEsl5XcOcSGmgkk3rQ=; b=I+N/yLRnS3PND6EuKl89pgesgdEEH5A65X86IkTgEASyPKOG55Han5vLHMaNz7u1PGvTyLBC3eEFgYv6BmGMM5G5OmVrvkNP8EMqKyp8vzULOinISMQWpOIamOc3L/XcxZmHcGir/vJX0WhnD6eF73lri8LB5fDT3bAq9S8w3+TFJ5aRkpk3nh+QZEOqAdtCeolUF5HaiwMFppE3DVKowRHtcUlHX7a4t5Rq62a6VOENoma+OCfQIFARdQ+rjWCnIcAS3IvfUunGRrewblrE0zzq+2W1sVxhiGUC3V2ynAG80hwW8AvXFLJP4SP8U8JM8pTd++6BlzZ4nEgVawLqkg==
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) by AS8PR02MB8615.eurprd02.prod.outlook.com (2603:10a6:20b:54d::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5857.23; Thu, 1 Dec 2022 00:51:43 +0000
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::ec35:f546:d772:4fc6]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::ec35:f546:d772:4fc6%4]) with mapi id 15.20.5857.023; Thu, 1 Dec 2022 00:51:43 +0000
Message-ID: <87bfb6bc-24d0-fafc-d0b9-546640bda7c3@cs.tcd.ie>
Date: Thu, 01 Dec 2022 00:51:40 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.4.2
Content-Language: en-US
To: Mike Ounsworth <Mike.Ounsworth@entrust.com>, Corey Bonnell <Corey.Bonnell=40digicert.com@dmarc.ietf.org>, Seo Suchan <tjtncks@gmail.com>, "spasm@ietf.org" <spasm@ietf.org>
References: <DM6PR14MB2186A5E0A82D87085564B90D92159@DM6PR14MB2186.namprd14.prod.outlook.com> <5d2804c9-cd04-14e8-9fad-91254212e04d@gmail.com> <DM6PR14MB2186880BB993689D6CE890F292159@DM6PR14MB2186.namprd14.prod.outlook.com> <3c5ce299-8647-c481-57d8-ca604a655e0c@cs.tcd.ie> <daba6e40-227e-6229-173d-c9085902af91@cs.tcd.ie> <CH0PR11MB5739CDF4AC9F496DA341DA249F159@CH0PR11MB5739.namprd11.prod.outlook.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
In-Reply-To: <CH0PR11MB5739CDF4AC9F496DA341DA249F159@CH0PR11MB5739.namprd11.prod.outlook.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------fEoCeuWCdPOQldx0gEnjMODz"
X-ClientProxiedBy: DB7PR05CA0070.eurprd05.prod.outlook.com (2603:10a6:10:2e::47) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DB7PR02MB5113:EE_|AS8PR02MB8615:EE_
X-MS-Office365-Filtering-Correlation-Id: bff0cd37-3bdc-4ef8-0354-08dad33636a7
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: NkmpjF4K8JiYrEXq+tfkS61zPH32thgru4g6tW2XjVIFN/dgtimDYsYqHmtgNG4wh5ki5xU9kMC2p3UvzRwr1Xay7YYlXOAxJ9AtOuAwGctjPHkAEZitoLzF1sslj8/uTAQNRwzQU1qQZfGPNf9xnmnutXsS4hxFHh8k8wMADg6awc74+KwBYJ6SWojw76HfaXN0CrfXJ1Jux8OKap1DK7c8ujz5b2BOsLKfaznLj2RsJfLHIEnuitzr34QEpJElJRUhX0JovIqbgf35ipIKfJ9wsew1p83nWOOK7bExFf7rCSM1Q36rrA87VoRUciEv1W+RBaQRvnbc66h0Z7TTG4Np4XYLWtfrWhfC/CZRvVFqn5hdSuzAQxKELfIIORVx8ZxZ9kXdV7iywa/xxFh+Pk2T8lXkCMBVr1/LV/ChnpW/mls8pehpHNn0tbCumrNrs8XbUaQOa6gIdzCmwMA+UlBgXGZSpbh2bfnecNAa2PBMseTNneXBO/D2ZMNmcr1Mw4g3iNPWJF7ITZKLAi++EmzRhMDMYqbHRNHK9kibK3eawxOTf8IutURY0R7UWsS/3r0kekz8fh7IZU86B+cytpP7BEkeoP8iI0ix70PFuYQovOGYcVUPLQg5mYf3mg4LhoPza0nZ/qKOLuQAqOFpP0ycAiBGvR9EUKjIF5AUVcJRvihusnU7t2/sw+nghq4AT6vDvOVymFMUBWEGjiwM90qWfFeno+FtgjwN5tka+87A28OgzUJp870WayzR+D0F
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(39860400002)(136003)(366004)(376002)(396003)(346002)(451199015)(31686004)(6506007)(31696002)(186003)(45080400002)(66476007)(8936002)(6512007)(66556008)(478600001)(8676002)(53546011)(6486002)(2616005)(33964004)(66946007)(316002)(21480400003)(44832011)(786003)(110136005)(38100700002)(5660300002)(83380400001)(86362001)(2906002)(41300700001)(235185007)(41320700001)(36756003)(199583001)(45980500001)(43740500002); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: jSdEfhywi6QkjeATOb0PC7jds3oPZdBOT/tSQ58uTu+eigO4lhLbrqhIua7Wq8w/IV51XPokga3Fp8Wl7LvVtdPJ4a/REZ71NqfU/+tKNLhURJHEDN4Wy6Mhfchr9aTwh1nbo5Pru3Bj0zUfU9mL9pF/FUgQmau/bdhOnG6QROQb+CPtIUN86ouuZkY0582MtKEUrhsezl3hOlRjnu30HwHcgHRnnEnw2PaYbj6hkFzLmazhYQuEHHXfdpfaXyu9r4Hyz0/OMqgM/fmNp6Z5A2A6+RySgDbEESgUwfwgquV0+0UklX15FE6RBPXIH2/1utWj8u3JPvqy6t5ID1/ESovcA4OZ6TVwn7GhNXiDTYSWgraQ2CdMy7iB+1m6tm2sWHh23xGQDDSK31wszflsq517bB5HK8N8NrlUD/mF1VNTvFzCV3i/TtZgbPidNaXs/lEpGgZdTZpS6C1SJkjH/krs4G2f0oQsWj/0Dtb3O4C4o5RdEMrxgzCuVLeSfQTs3UWjioWhj7v3MdEDku9re5L4Yb3GWJegsQ8c+kBu1LjMOKxJVSUTkRb+4O22dR5pJrNcGIF1VxctVfx7rqIwxEDYmwpzQa9BEiisAlYN7n0FdUYFPdF/Kitr4ohcIixWENmwKgWz3qut3C/FLCIqQhz3yS9XJwnMvrUyk4GgwKIB84jMSd3pm5O4qS+L23kJ1O9ojNOebNBozIJHEWub4X+kLPRC1AuHtja1NZU/9g2fa9rbDcZu7krot/32upf0HTY10xENEQUoy0bXEVQDGJfsjxpw92pRRcYi0NqyUnsruKQxIetnfTD0s/cK/rPu+ZseYxOaNxOmB8HOxd3WSpv92tRAPIyNKvykBznsok01S2hJlb+XqlG3M+WMyMhKHBEA/3DQLXOh61QHtjUKtgxF+8gBFH3dvqgBNKXLS/VycM2irtFXxt7iqSTVC2iqITBPaBsBnSNPItnCd1E/F5AdgiAoNQHeXsRekAxXss3KD8f+BpLbq8tDK/qiOCLwibw5nLzi/7TPn90Ba58nVfAXvoVC3QEWApLE3d9EOLZgaLxn8R3GMGEhG2ma0TOdqsK8DuZRY/YSAu8XfAxWb8miCyOihUSqxVIbvZGGOlQvBMrjqkNJGENlIfiKudAUYkK3K22YVShosi7cJTgjj69Ysd0n/R2ue38TWsAJrDx2jWaGxA/RayJS92MQxQ+9ye5Y77gpCd0ZPmOf9KRE8KYRLGF2fMlh5CB3/sWBHhP/+qoGW2PE5ZbYhPf6onqsJVfvZEsevGmS9fFdy5XS15cFD+PS/BL7dS/UoI9MI4ogcim8zfLPWyfU4rmu5XHyBvpPcpkUmIMJY6gnzJnsN1nQeyUne0slZTvtRaFW7VAmPdFca0ZzofDZq4pWLwubLqgU+diEL5nzkeRQZDeKK7fWktB62OcrA84fHJwmusQf6XhNL2TZb+xkGYdKea6Bt2QmDyMkd4eAInsGQuSLM+3AYu6hTJX31AnVpGOOJv4RMk65ipA9SyZb9HXoCZ2DoJXgfxEOjVUMdQIv2k9/iSIAAoZYdmWj3rCdt32RNzZ33xAquebXZgTLHqWJ881QtG9Biq++9x7az68s5nUYvIQ5Nbv3RO0qnRLYfLG6cy6lGxRlnAegO6BoUBnPBfIS
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: bff0cd37-3bdc-4ef8-0354-08dad33636a7
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Dec 2022 00:51:42.9643 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: b+oEarqiPDPIQZ3Z9397g5aTFa5JZSvVJ1Mgr0oIo/RazYoPRwVZ4HppG32ZZyO5
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR02MB8615
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/gVSTWgELZBce1avn3q_omWd_rv0>
Subject: Re: [lamps] [EXTERNAL] Re: CAA processing for email addresses
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Dec 2022 00:51:52 -0000

Hiya,

On 30/11/2022 23:43, Mike Ounsworth wrote:
> The gmails and yahoos don't do S/MIME right?, so are probably out of
> scope here.

Well, no. Not if this proposes restricting what they can
subsequently do I'd say. Same for alumni and vanity mail
providers too and probably others of the many and varied
email corner cases perhaps.

Let's not forget the bad side effects of dmarc "p=reject"
which is also a well-intentioned and partly effective thing
aimed at only a subset of email deployments, but that has
affected many others.

> It's probably the @<gov-dept>.gov's or
> @<massivecorp>.com's who have robust enough S/MIME deployments to
> care about restricting which PKI can issue for them.
Even if so, (and it seems a reasonable guess), I don't
know to what extent such email deployments have seen
issues with certificate mis-issuance, which IIUC is the
main reason for any CAA RR.

Cheers,
S.

v2.23.0 | Report a Bug | By Email