Re: [dmarc-ietf] Last call for WG comments on "Interoperability Issues Between DMARC and Indirect Email Flows"
On Wed 30/Sep/2015 16:42:19 +0200 John Levine wrote: >> >> [R]equire conventional, full DKIM signatures. Why? It seems to me that any >> DMARC authentication method could suffice. That is, the author domain >> (!fs signer) could be SPF authenticated by the MLM; and the MLM could be >> SPF authenticated by list recipients. No? > > You're mixing levels here. dkim-conditional describes a new way to create a > valid DKIM signature. I wouldn't want to try to describe how a DKIM > validator is supposed to stop and take a detour through an SPF validator to > decide what to do next. At DKIM level, validators had better just describe their results. For example, a MLM may want to know if the !fs-signature of an incoming message is good, although its required DKIM signature is obviously still missing at that stage. At DMARC level, it is straightforward to describe how a verifier retrieves conditionals, and state that one or more of the Authenticated Identifiers must be aligned with at least one of the !fs= domains in that case. Please note that such statement would modify RFC 7489, as expected of a DMARC fix. Anyway, the advantage of operating at DMARC level is the ability to receive feedback on missing !fs conditionals, not just to enable SPF. Feedback would be based on fo= rather than on p=. Therefore, semantics and maintenance of the internal lists of domains which trigger weak signing would be improved, both at large and at small mail sites. Ale ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
Re: [dmarc-ietf] Last call for WG comments on "Interoperability Issues Between DMARC and Indirect Email Flows"
- Original Message - > From: "Rolf E. Sonneveld" > To: "Tim Draegen" > Cc: "dmarc" > Sent: Wednesday, September 30, 2015 7:48:03 AM > Subject: Re: [dmarc-ietf] Last call for WG comments on "Interoperability > Issues Between DMARC and Indirect Email > Flows" > > Hi, Tim, > > on Sep 7th, I sent a short review of -05, see > https://www.ietf.org/mail-archive/web/dmarc/current/msg02942.html. I didn't > see any response, the paragraph I suggested to remove (par. 3.2.5) is still > present in -07. Can anyone comment on the suggestion to move section 3.2.5 > to some (future) BCP document? > I don't like to remove stuff that is still useful, and as I did not see any support for the removal to an hypothetical future BCP... But I'm happy to do a revision. ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
Re: [dmarc-ietf] Last call for WG comments on "Interoperability Issues Between DMARC and Indirect Email Flows"
Hi, Tim, on Sep 7th, I sent a short review of -05, see https://www.ietf.org/mail-archive/web/dmarc/current/msg02942.html. I didn't see any response, the paragraph I suggested to remove (par. 3.2.5) is still present in -07. Can anyone comment on the suggestion to move section 3.2.5 to some (future) BCP document? /rolf - Original Message - > From: "Tim Draegen" > To: "dmarc" > Sent: Tuesday, September 29, 2015 4:34:44 PM > Subject: [dmarc-ietf] Last call for WG comments on "Interoperability Issues > Between DMARC and Indirect Email Flows" > > Hi All, > > The editing team deems this draft as ready for last call review. > Here are the links to the recently posted v07: > > > The IETF datatracker status page for this draft is: > > https://datatracker.ietf.org/doc/draft-ietf-dmarc-interoperability/ > > > > There's also a htmlized version available at: > > https://tools.ietf.org/html/draft-ietf-dmarc-interoperability-07 > > > > A diff from the previous version is available at: > > https://www.ietf.org/rfcdiff?url2=draft-ietf-dmarc-interoperability-07 > > > =- Tim > > > ___ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc > ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
Re: [dmarc-ietf] Last call for WG comments on "Interoperability Issues Between DMARC and Indirect Email Flows"
> A sender that expects a message to be forwarded might put both a > conventional DKIM signature and a signature with a !fs tag that > refers to the domain name of the expected forwarder. > > require conventional, full DKIM signatures. Why? It seems to me that any >DMARC authentication method could suffice. That is, the author domain (!fs >signer) could be SPF authenticated by the MLM; and the MLM could be SPF >authenticated by list recipients. No? You're mixing levels here. dkim-conditional describes a new way to create a valid DKIM signature. I wouldn't want to try to describe how a DKIM validator is supposed to stop and take a detour through an SPF validator to decide what to do next. R's, John PS: the draft looks fine to me ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
Re: [dmarc-ietf] Last call for WG comments on "Interoperability Issues Between DMARC and Indirect Email Flows"
On Tue 29/Sep/2015 16:34:44 +0200 Tim Draegen wrote: > > The editing team deems this draft as ready for last call review. Section 4.2 mentions dkim-conditional. (IMHO, the latter should be named draft-dmarc-dkim-conditional.) Both Section 4.2: This DKIM signature would come with the condition that a subsequent known domain fully DKIM sign the message. and Section 4 of dkim-conditional: A sender that expects a message to be forwarded might put both a conventional DKIM signature and a signature with a !fs tag that refers to the domain name of the expected forwarder. require conventional, full DKIM signatures. Why? It seems to me that any DMARC authentication method could suffice. That is, the author domain (!fs signer) could be SPF authenticated by the MLM; and the MLM could be SPF authenticated by list recipients. No? In case the !fs signature is missing, it may be handy to have the resender issue a forensic report. That way, a sender could automatically set up its signing daemon to add a tag "!fs=mlm.example" to mail destined to, say, "list@mlm.example", where the latter address is extracted from that report. jm2c Ale ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
[dmarc-ietf] Last call for WG comments on "Interoperability Issues Between DMARC and Indirect Email Flows"
Hi All, The editing team deems this draft as ready for last call review. Here are the links to the recently posted v07: > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-dmarc-interoperability/ > > There's also a htmlized version available at: > https://tools.ietf.org/html/draft-ietf-dmarc-interoperability-07 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-dmarc-interoperability-07 =- Tim ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc