dmarc - Wednesday, November 18, 2020

[04:50:03] Alessandro Amirante joins the room
[04:50:03] Dave Crocker joins the room
[04:50:03] Tim Wicinski joins the room
[04:50:03] Michael Hammer joins the room
[04:51:01] Tero Kivinen joins the room
[04:51:48] Henrik Levkowetz joins the room
[04:51:58] Henrik Levkowetz leaves the room
[04:52:01] Henrik Levkowetz joins the room
[04:52:52] Henrik Levkowetz leaves the room
[04:54:25] Kurt Andersen joins the room
[04:54:27] Jim Fenton joins the room
[04:54:28] Behcet Sarikaya joins the room
[04:54:33] Alexey Melnikov joins the room
[04:55:08] Behcet Sarikaya leaves the room
[04:55:45] Alwin de Bruin joins the room
[04:55:58] alex-meetecho joins the room
[04:56:26] Todd Herr joins the room
[04:56:56] <Kurt> yes, can hear Alexey
[04:56:57] Sergey Myasoedov joins the room
[04:57:32] Nicklas Pousette joins the room
[04:57:36] Jacob Rideout joins the room
[04:58:07] Pete Resnick joins the room
[04:58:11] Kenneth Murchison joins the room
[04:58:48] Ken Takayama joins the room
[04:59:15] Marco Davids joins the room
[04:59:26] Peter Koch joins the room
[04:59:38] <Pete Resnick> Someone in the jabber room is undefined. How sad for them.
[05:00:33] <Meetecho> Pete Resnick: that's a Matrix bridge, I think, apparently there's a bug that causes that nickname when they encounter a conflict
[05:00:34] Autumn Tyr-Salvia joins the room
[05:00:35] Tim Hollebeek joins the room
[05:01:05] Libor Peltan joins the room
[05:01:11] Kazunori Fujiwara joins the room
[05:01:14] Lars-Johan Liman joins the room
[05:01:18] <Pete Resnick> I thought the idea of an undefined human was much funnier. ;-)
[05:01:51] <Jim Fenton> Ironic to have an unauthenticated message source here!
[05:02:03] <Michael Hammer> Some of us don't have a sense of humor.
[05:02:12] <Jim Fenton> Bah, humbug.
[05:02:21] Trent Adams joins the room
[05:02:26] Murray Kucherawy joins the room
[05:02:30] <Pete Resnick> Well, certainly not the matrix bridge.
[05:02:35] Ned Freed joins the room
[05:02:44] John Levine joins the room
[05:03:03] navi joins the room
[05:03:13] Kazunori Fujiwara leaves the room
[05:03:24] Bron Gondwana joins the room
[05:03:37] Dave Crocker leaves the room
[05:03:40] Dave Crocker joins the room
[05:03:56] John L joins the room
[05:03:57] Naveen Kumar joins the room
[05:04:02] cm-msk@jabber.org joins the room
[05:04:08] Dave Crocker leaves the room
[05:04:11] Dave Crocker joins the room
[05:04:47] Wes Hardaker joins the room
[05:05:44] <Michael Hammer> Deprecate
[05:06:22] <Jim Fenton> Since this is writing the first standards-track version, there isn't anything to deprecate. Just leave it out.
[05:06:30] <cm-msk@jabber.org> Has anyone advocated for keeping it?
[05:06:38] <Autumn Tyr-Salvia> I advocate keeping it.
[05:06:51] <Jim Fenton> please speak up then
[05:06:53] <John Levine> Does anyone use it for its intended purpose of slow start enforcement?
[05:07:07] <Autumn Tyr-Salvia> I have joined the queue.
[05:07:42] <Michael Hammer> The question as stated is "Should we deprecate the pct tag". I responded to the question.
[05:07:54] <Kurt> The other use of the perverse incentive is for mailing lists that munge headers only if they find an enforcing policy in place
[05:08:23] <Kurt> Even with that going on, I think it should be removed
[05:09:52] <Bron Gondwana> pity there's no p=reportonly
[05:10:14] <Jim Fenton> isn't that p=none with a report specified?
[05:10:21] <Kurt> If we need a way to trick MLMs, then we should make that explicit; p=quarantine-but-not-really
[05:10:35] <Bron Gondwana> p=nobodydoesitright
[05:10:36] <Kurt> @jim & @bron - yes
[05:10:52] <cm-msk@jabber.org> Another option is to keep it, but tighten up the language so implementations are consistent.
[05:10:59] <Kurt> p=nobodydoesitbetter rua=bond@jamesbond
[05:11:52] <Kurt> I don't think that there's any use in fractional pcts so it is misleading in that regard; pct=do|do-not|there-is-no-try
[05:12:37] <Kurt> @jim is muted
[05:12:46] <Kurt> now you're on
[05:13:02] <John L> @jim you are right, you get reports
[05:13:02] <Autumn Tyr-Salvia> p=none with reports - you will get reports, but no header munging.
[05:13:33] <Kurt> We still have a large installed base with the existing spec
[05:13:46] <Pete Resnick> @jim: At least an appendix with differences from the informational is probably a good thing
[05:14:07] <Dave Crocker> It is NOT the first implementation.  There is a sizeable installed base with extensive experience.  This spec would be calling for change.
[05:14:20] <Jim Fenton> @Pete, I'd be fine with that.
[05:14:44] jtrentadams joins the room
[05:15:50] Libor Peltan leaves the room
[05:16:12] <Kurt> extensible is good; let's see the language in an I-D to review for detail
[05:16:19] <Alwin de Bruin> +1 on Autumns comment
[05:16:26] <Dave Crocker> @autum, why do you like having selectors included?
[05:17:22] <Todd Herr> https://trac.ietf.org/trac/dmarc/ticket/57
[05:17:30] <Dave Crocker> ok.  so it facilitates tracking things down.
[05:17:35] <Todd Herr> Make DKIM selectors required in DMARC reports
[05:18:42] <Dave Crocker> Since selectors are not supposed to be part of the domain name reputation analysis, I've always been leery of its getting included, but this is quite different.  Including for tracking makes sense.
[05:18:58] <Jim Fenton> And then no selector listed if it passes only because of SPF?
[05:19:05] <Autumn Tyr-Salvia> Yes, Jim.
[05:19:28] <Alwin de Bruin> Offers some way of origin indicator to be able to see direct send traffic vs forwarded. So would be useful to have the DKIM selectors be available.
[05:19:29] <Autumn Tyr-Salvia> Either no selector, or selector= blank or something.
[05:20:48] <Kurt> @jim - you also know if dkim is not listed as pass/fail
[05:21:53] <Autumn Tyr-Salvia> When DKIM fails outright (not due to misalignment), knowing the selector also helps people go figure out what needs to be fixed.
[05:22:44] <John L> seems fine, send XML grammar
[05:22:48] <Michael Hammer> It would be nice to know if ARC is actually being used.
[05:23:06] <Kurt> I thought that we were talking about all of the proposed extensions, not just the first slide; nothing further to say
[05:23:10] <Jim Fenton> I'm seeing it on gmail, IIRC.
[05:23:15] <Jim Fenton> ARC.
[05:23:45] <John L> also Yahoo I think
[05:23:45] <Kurt> Yes, we know that ARC is being used in at least 4 notable cases world-wide
[05:23:47] <Michael Hammer> But who is acting on it. besides gmail?
[05:24:00] <Alwin de Bruin> @Autumn We have to make sure that these practical use cases for DKIM selectors get attached to the ticket. Happy to help out with that
[05:24:01] <Kurt> MSFT; Fastmail; IIJ; IFI
[05:25:08] <Kurt> ARC has not yet been implemented at Yahoo
[05:28:48] Vlad-Marian Marian joins the room
[05:31:03] <Autumn Tyr-Salvia> @Alwin - Thank you, that's a good idea. How best should we do that? Start with an email to the mailing list, or..?
[05:31:52] <Kurt> Please start by just commenting on the ticket itself
[05:32:03] <Kurt> Link is above - provided by Todd
[05:32:12] <Alwin de Bruin> @Kurt beat me to it, let's start there
[05:32:33] <Autumn Tyr-Salvia> Ok, thanks, will do.
[05:33:24] <Kurt> @Alexey - your suggestion sounds like a usage doc, not a spec
[05:33:37] <Kurt> +1 to John's POV
[05:33:50] <Bron Gondwana> if we say "it's not OK to send X" people are less likely
[05:34:05] <Bron Gondwana> but not so much the other way - though even there, a "this is good to send" will be an input to lawyers
[05:34:19] <Dave Crocker> If there is a goal of getting at least a common core of reporting information, then there should be text specifying it.  A normative 'SHOULD' makes clear that that's desired but that it's understood some places might not follow it.
[05:34:20] <Michael Hammer> +1 to John's POV
[05:35:09] <Kurt> I think that if we address the policy discovery question first, then org domain might be moot
[05:37:00] Bron Gondwana leaves the room
[05:37:03] Bron Gondwana joins the room
[05:37:45] <Todd Herr> it was Murray - https://mailarchive.ietf.org/arch/msg/dmarc/Zw0KjyrNfHMQ5S8TpoBRNvnfVRc/
[05:38:28] <Tim Wicinski> Thanks Todd
[05:39:13] HAIGUANG Wang joins the room
[05:41:32] Neil Jenkins joins the room
[05:42:01] <Dave Crocker> We need to try to avoid being cavalier in assuming that a tree walk will be used.
[05:42:11] <Kurt> fair point
[05:42:53] <cm-msk@jabber.org> I see a separate document for PSL as being like a library that provides a function; if the interface is well defined (in DMARC itself), you just swap in a different library, and here you would just sswap in a different RFC.
[05:43:51] <Kurt> But if you are no longer looking for "The Org Domain", then much larger changes are needed
[05:44:33] <Dave Crocker> fwiw, I think a tree walk is just a way of finding an org domain.
[05:45:36] <Kurt> is it a way to find "The Org Domain" or is it just a way to find the relevant policy statement/record?
[05:45:38] <Todd Herr> @dave, in many cases that's true, but right now if b.a.foo.com doesn't publish a policy, but a.foo.com and foo.com both do, a.foo.com's policy will be missed
[05:46:41] <Dave Crocker> @kurt, the answer hinges on the definition of org domain.  I define it along the lines of "a domain name with authority over the current one and able to specify a default dmarc record."
[05:47:18] <Kurt> Hmmm, that's not quite what it is today
[05:47:24] <Dave Crocker> @todd, it's early enough that I should understand why what you wrote is true, but I don't.
[05:47:56] <John L> The DNS folks have changed a lot
[05:48:04] <Kurt> because if b.a.foo.com has no record, then the second policy search is done at foo.com
[05:48:18] Tim Hollebeek leaves the room
[05:48:19] <Kurt> (assuming that foo.com is not in the PSL)
[05:48:23] <Todd Herr> yes, that
[05:49:02] <Dave Crocker> @todd, /today/ a's record takes precedence.  I'm not understanding the basis for saying it will be missed.
[05:49:24] <Autumn Tyr-Salvia> Another use case I didn't mention when speaking is a large organization with a lot of production machines sending mail who use dynamic host names on an organizational domain that currently does a lot of different things. They would really love to have a 1-2 level subdomain to handle DMARC for these dynamic hosts without impacting everything else their domain does.
[05:50:03] <Michael Hammer> If a subdomain in a tree is being used then there is a relationship between the two entities. Is this an interoperability issue or is this an internal/contractual issue between those parties? Technical standrds cannot solve all problems.
[05:50:12] <Kurt> @dave - a's record will never be looked at for mail coming from b.a.foo.com
[05:50:44] <Jim Fenton> @Kurt Why? Wouldn't the tree walk look for a record at a.foo.com before foo.com?
[05:50:47] <Kurt> It would only be consulted for mail coming from a.foo.com
[05:50:48] <Todd Herr> @dave, i don't believe that to be true, based on 7489. "Thus, since "com" is an IANA-registered TLD, a subject domain of
   "a.b.c.d.example.com" would have an Organizational Domain of
   "example.com".
[05:51:02] <John L> @todd, yes you’re right
[05:51:03] <Peter Koch> cf RFC 5507
[05:51:04] <Dave Crocker> @kurt, forgive me, but, duh.  Why should a parallel location bet queried?
[05:51:06] <Kurt> @jim - I'm not talking about in a tree-walk scenario. I'm talking about now
[05:51:15] <Jim Fenton> ah
[05:51:41] <Kurt> @dave - not understanding your last question
[05:51:56] <Todd Herr> and then policy discovery is RFC5322.from domain and org domain, period
[05:52:14] <John Levine> are there other tickets open?
[05:52:22] <Tero Kivinen> You can detach chat to separate window, so you can see both the participants and chat at the same time...
[05:52:22] <Kurt> probably dozens
[05:52:41] Marco Davids leaves the room
[05:52:47] <Kurt> ttfn
[05:52:47] Dave Crocker leaves the room
[05:52:49] John Levine leaves the room
[05:52:50] Lars-Johan Liman leaves the room
[05:52:51] <Autumn Tyr-Salvia> Thank you for running this session!
[05:52:54] Nicklas Pousette leaves the room
[05:52:55] Neil Jenkins leaves the room
[05:52:55] Naveen Kumar leaves the room
[05:52:57] HAIGUANG Wang leaves the room
[05:52:58] <Alwin de Bruin> Thanks!
[05:53:00] Trent Adams leaves the room
[05:53:00] Kurt Andersen leaves the room
[05:53:02] Tero Kivinen leaves the room
[05:53:04] Sergey Myasoedov leaves the room
[05:53:05] <Alessandro Amirante> Alexey: the chat pane can be detached if that is helpful for future sessions
[05:53:05] <Todd Herr> thanks everyone
[05:53:06] Wes Hardaker leaves the room
[05:53:13] Alwin de Bruin leaves the room
[05:53:17] Ken Takayama leaves the room
[05:53:21] Ned Freed leaves the room
[05:53:29] <Michael Hammer> Thanks all.
[05:53:33] Murray Kucherawy leaves the room
[05:53:47] <Alexey Melnikov> Alessandro: I know, but it is still hard to watch both if I am also presenting
[05:53:51] John L leaves the room
[05:53:55] Bron Gondwana leaves the room
[05:54:05] Bron Gondwana joins the room
[05:54:08] Todd Herr leaves the room
[05:54:35] Kenneth Murchison leaves the room
[05:54:38] Tim Wicinski leaves the room
[05:54:52] Bron Gondwana leaves the room
[05:55:02] Vlad-Marian Marian leaves the room
[05:55:02] Autumn Tyr-Salvia leaves the room
[05:55:02] Michael Hammer leaves the room
[05:55:02] Jim Fenton leaves the room
[05:55:02] Alexey Melnikov leaves the room
[05:55:02] Pete Resnick leaves the room
[05:55:02] Alessandro Amirante leaves the room
[05:55:02] Peter Koch leaves the room
[05:55:02] Jacob Rideout leaves the room
[06:18:20] cm-msk@jabber.org leaves the room
[06:39:23] jtrentadams leaves the room
[07:03:13] Meetecho leaves the room
[07:25:57] alex-meetecho leaves the room
[16:51:26] Kurt leaves the room
[17:42:42] jtrentadams joins the room
[18:01:26] jtrentadams leaves the room
[18:15:02] jtrentadams joins the room