Re: [dmarc-ietf] Doing a tree walk rather than PSL lookup

On Tue 24/Nov/2020 20:29:11 +0100 John R Levine wrote: "Holy Roman Empire" Organizations, typically universities, where the nominal organization tree and the actual control are different.  The PSL isn't useful because the party that controls their Org domain often doesn't control lower

Re: [dmarc-ietf] Doing a tree walk rather than PSL lookup

> In article you write: > >> One of the points of the tree walk is to get rid of the PSL processing. > > > > The PSL processing is a local lookup on an in-memory suffix tree. How is > > it a > > progress to replace it with a tree walk? A PSL search is lightning faster > > than > > even a

Re: [dmarc-ietf] Doing a tree walk rather than PSL lookup

In article you write: >-=-=-=-=-=- > >On Tue, Nov 24, 2020 at 10:47 AM Alessandro Vesely wrote: > >> The PSL is the result of a community-maintained effort. ... >I'm curious as to whether this is the consensus opinion of the PSL. It's >my impression that it is not, given the arguments that

Re: [dmarc-ietf] Doing a tree walk rather than PSL lookup

On Tue, Nov 24, 2020 at 10:47 AM Alessandro Vesely wrote: > The PSL is the result of a community-maintained effort. They do not > follow > intricate naming restrictions that ccTLDs might theorize, but actively > track > subdomains as they become visible/ noticed. It is remarkably good. > I'm

Re: [dmarc-ietf] Doing a tree walk rather than PSL lookup

Right. The optimal solution would be to load the list and the lookup algorithm as a shared object. Currently, my filter has its private copy of it. But then I don't reload the filter so often that parsing the file is noticeable. To wit, loading the virus database takes much much longer.

Re: [dmarc-ietf] Doing a tree walk rather than PSL lookup

On Tue 24/Nov/2020 18:03:51 +0100 John Levine wrote: In article you write: One of the points of the tree walk is to get rid of the PSL processing. The PSL processing is a local lookup on an in-memory suffix tree. How is it a progress to replace it with a tree walk? A PSL search is

Re: [dmarc-ietf] Doing a tree walk rather than PSL lookup

] On Behalf Of Dave Crocker Sent: Tuesday, November 24, 2020 1:19 PM To: dmarc@ietf.org Subject: Re: [dmarc-ietf] Doing a tree walk rather than PSL lookup On 11/24/2020 9:21 AM, John Levine wrote: With the tree walk, I was thinking that if the tree walk finds a _dmarc record, that acts

Re: [dmarc-ietf] Doing a tree walk rather than PSL lookup

On Tue 24/Nov/2020 17:50:20 +0100 Murray S. Kucherawy wrote: On Tue, Nov 24, 2020 at 4:20 AM Alessandro Vesely wrote: If I'm going to go to the effort to download and decode a PSL and find the OD, I'll just use the OD. >>> One of the points of the tree walk is to get rid of the PSL

Re: [dmarc-ietf] Doing a tree walk rather than PSL lookup

On 11/24/2020 9:21 AM, John Levine wrote: With the tree walk, I was thinking that if the tree walk finds a _dmarc record, that acts as the organizational domain, so finance.acme.example can only allow alignment with itself or its descendants. This is different from the way that OD works now,

Re: [dmarc-ietf] Doing a tree walk rather than PSL lookup

In article <9ab0d7b9-2e35-f64b-02ea-a111c10ac...@wisc.edu> you write: >So if acme.example publishes aspf=s adkim=s >It does not prevent finance.acme.example from publishing aspf=r adkim=r >Which would align widgets.acme.example with finance.acme.example even if the >intent was to only align

Re: [dmarc-ietf] Doing a tree walk rather than PSL lookup

In article you write: >> One of the points of the tree walk is to get rid of the PSL processing. > >The PSL processing is a local lookup on an in-memory suffix tree. How is it a >progress to replace it with a tree walk? A PSL search is lightning faster >than >even a single DNS lookup, isn't

Re: [dmarc-ietf] Doing a tree walk rather than PSL lookup

On 11/24/20 9:52 AM, todd.herr=40valimail@dmarc.ietf.org wrote: > On Tue, Nov 24, 2020 at 10:37 AM Dave Crocker > wrote: > > Just to be clear, I'm not challenging the need.  Rather I'm just looking > for text that explains the need.  And I'm not finding it...

Re: [dmarc-ietf] Doing a tree walk rather than PSL lookup

On Tue, Nov 24, 2020 at 4:20 AM Alessandro Vesely wrote: > > If I'm going to go to the effort to download and decode a PSL and find > the OD, I'll just use the OD. > > > > One of the points of the tree walk is to get rid of the PSL processing. > > The PSL processing is a local lookup on an

Re: [dmarc-ietf] Doing a tree walk rather than PSL lookup

On Tue, Nov 24, 2020 at 7:56 AM Dave Crocker wrote: > Perhaps I am misreading these, but I see them only as 'what' and 'how', > not 'why'. The 'why' is important. It is often noted in our > discussions, but seems to be missing from the spec. Seems like something the -bis document should

Re: [dmarc-ietf] Doing a tree walk rather than PSL lookup

On 11/24/2020 7:52 AM, Todd Herr wrote: For point 1, this is from Section 6.6.3, Policy Discovery: ... For point 2, this is from Section 3.1.1, DKIM-Authenticated Identifiers: Perhaps I am misreading these, but I see them only as 'what' and 'how', not 'why'.  The 'why' is important.  It is

Re: [dmarc-ietf] Doing a tree walk rather than PSL lookup

On Tue, Nov 24, 2020 at 10:37 AM Dave Crocker wrote: > Just to be clear, I'm not challenging the need. Rather I'm just looking > for text that explains the need. And I'm not finding it... > > On 11/24/2020 7:28 AM, Todd Herr wrote: > > There are two reasons (at least) for needing the

Re: [dmarc-ietf] Doing a tree walk rather than PSL lookup

Just to be clear, I'm not challenging the need.  Rather I'm just looking for text that explains the need.  And I'm not finding it... On 11/24/2020 7:28 AM, Todd Herr wrote: There are two reasons (at least) for needing the Organizational Domain, and they are discussed in RFC 7489: 1. DMARC

Re: [dmarc-ietf] Doing a tree walk rather than PSL lookup

On Tue, Nov 24, 2020 at 10:15 AM Dave Crocker wrote: > On 11/24/2020 7:00 AM, Joseph Brennan wrote: > > I will ask why the recipient system should look up anything but the > > dmarc record for the specific domain in the Header From. > > > Hmmm. Unless I've missed it, the DMARC spec does not

Re: [dmarc-ietf] Doing a tree walk rather than PSL lookup

On 11/24/2020 7:00 AM, Joseph Brennan wrote: I will ask why the recipient system should look up anything but the dmarc record for the specific domain in the Header From. Hmmm.  Unless I've missed it, the DMARC spec does not explain the reason for needing the Organizational Domain. d/ --

Re: [dmarc-ietf] Doing a tree walk rather than PSL lookup

I will ask why the recipient system should look up anything but the dmarc record for the specific domain in the Header From. In some cases looking up related domains is useful, and in some cases it can lead to disruption. We don't look up SPF records for related domains, because they are

Re: [dmarc-ietf] Doing a tree walk rather than PSL lookup

On Mon 23/Nov/2020 22:38:46 +0100 John Levine wrote: In article <9f388e33-c15d-9fcc-e9d3-d7719288f...@gmail.com> you write: On 11/23/2020 1:04 PM, Jesse Thompson wrote: I meant to suggest that the requirement for a tree walk would be that the Organizational Domain would need to have that in its

Re: [dmarc-ietf] Doing a tree walk rather than PSL lookup

In article <9f388e33-c15d-9fcc-e9d3-d7719288f...@gmail.com> you write: >On 11/23/2020 1:04 PM, Jesse Thompson wrote: >> I meant to suggest that the requirement for a tree walk would be that the >> Organizational Domain would need to have that in its policy. >It seems like a decent compromise for

Re: [dmarc-ietf] Doing a tree walk rather than PSL lookup

On 11/23/2020 1:04 PM, Jesse Thompson wrote: I meant to suggest that the requirement for a tree walk would be that the Organizational Domain would need to have that in its policy. It seems like a decent compromise for the people worried about unnecessary DNS lookup overhead. Except that it

Re: [dmarc-ietf] Doing a tree walk rather than PSL lookup

On 11/23/20 1:00 PM, Dave Crocker wrote: > On 11/23/2020 10:50 AM, Jesse Thompson wrote: >> Would it help if there was a new DMARC policy tag to trigger the tree walk? > > > policy tags are useful when one has a dmarc record that might contain it.  > the challenge here is to find that record.

Re: [dmarc-ietf] Doing a tree walk rather than PSL lookup

On 11/23/2020 10:50 AM, Jesse Thompson wrote: Would it help if there was a new DMARC policy tag to trigger the tree walk? policy tags are useful when one has a dmarc record that might contain it. the challenge here is to find that record. d/ -- Dave Crocker Brandenburg InternetWorking

Re: [dmarc-ietf] Doing a tree walk rather than PSL lookup

On 11/20/20 6:02 PM, John R Levine wrote: > Here's a draft about how DMARC might do a tree walk rather than look up an > organizational domain in the PSL. > > https://datatracker.ietf.org/doc/draft-levine-dmarcwalk/ Would it help if there was a new DMARC policy tag to trigger the tree walk?

[dmarc-ietf] Doing a tree walk rather than PSL lookup

Here's a draft about how DMARC might do a tree walk rather than look up an organizational domain in the PSL. https://datatracker.ietf.org/doc/draft-levine-dmarcwalk/ Regards, John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this