#2: Flow of operations text in dmarc-base To: dmarc@ietf.org From: Anne Bennett <a...@encs.concordia.ca> Date: Fri, 16 Jan 2015 19:26:41 -0500 Subject: [dmarc-ietf] Flow of operations text in -12
In draft 12, Section "4.3 Flow Diagram", we have text which I think is somewhat contradicted by text in the later and more detailed "6.6. Mail Receiver Actions", in particular with respect to parallelizing some of the checks, and there's another small problem with the text as well. Quoting 4.3: 6. Recipient delivery service conducts SPF and DKIM authentication checks by passing the necessary data to their respective modules, each of which require queries to the Author Domain's DNS data (when identifiers are aligned; see below). ... but the "Author Domain" (based on RFC5322.From) is not necessarily the domain that will be queried by SPF and DKIM checks, and we won't know if identifiers are aligned until we look at the results of: 7. The results of these are passed to the DMARC module along with the Author's domain. The DMARC module attempts to retrieve a policy from the DNS for that domain. If none is found, the DMARC module determines the Organizational Domain and repeats the attempt to retrieve a policy from the DNS. (This is described in further detail in Section 6.6.3.) "6.6.2" shows clearly that the SPF check (with its DNS queries), the DKIM checks (with its DNS queries), and the DMARC policy determination (with its DNS queries) can be done in parallel, and their results combined when all have arrived, and I imagine that will turn out to be the best way to do it. So 4.2 could perhaps be modified: 6. Recipient delivery service conducts SPF and DKIM authentication checks by passing the necessary data to their respective modules, each of which require queries to DNS data. The results of these checks are passed back to the DMARC module. 7. Meanwhile, the DMARC module attempts to retrieve a policy from the DNS for that domain. If none is found, the DMARC module determines the Organizational Domain and repeats the attempt to retrieve a policy from the DNS. (This is described in further detail in Section 6.6.3.) -- -------------------------+------------------------------------------------- Reporter: | Owner: superu...@gmail.com | Status: new Type: defect | Milestone: Deliverable #3 (changes to DMARC Priority: major | base spec + DMARC Usage Guide Version: | Severity: - Keywords: | -------------------------+------------------------------------------------- Ticket URL: <http://trac.tools.ietf.org/wg/dmarc/trac/ticket/2> dmarc <http://tools.ietf.org/dmarc/> _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc