| draft-ietf-dmarc-arc-protocol-21.txt | draft-ietf-dmarc-arc-protocol-22.txt | |||
|---|---|---|---|---|
| DMARC Working Group K. Andersen | DMARC Working Group K. Andersen | |||
| Internet-Draft LinkedIn | Internet-Draft LinkedIn | |||
| Intended status: Experimental B. Long, Ed. | Intended status: Experimental B. Long, Ed. | |||
| Expires: May 11, 2019 Google | Expires: June 15, 2019 Google | |||
| S. Blank, Ed. | S. Blank, Ed. | |||
| Valimail | Valimail | |||
| M. Kucherawy, Ed. | M. Kucherawy, Ed. | |||
| TDP | TDP | |||
| November 7, 2018 | December 12, 2018 | |||
| Authenticated Received Chain (ARC) Protocol | Authenticated Received Chain (ARC) Protocol | |||
| draft-ietf-dmarc-arc-protocol-21 | draft-ietf-dmarc-arc-protocol-22 | |||
| Abstract | Abstract | |||
| The Authenticated Received Chain (ARC) protocol provides an | The Authenticated Received Chain (ARC) protocol provides an | |||
| authenticated "chain of custody" for a message, allowing each entity | authenticated "chain of custody" for a message, allowing each entity | |||
| that handles the message to see what entities handled it before, and | that handles the message to see what entities handled it before, and | |||
| to see what the message's authentication assessment was at each step | to see what the message's authentication assessment was at each step | |||
| in the handling. | in the handling. | |||
| ARC allows Internet Mail Handlers to attach assertions of message | ARC allows Internet Mail Handlers to attach assertions of message | |||
| skipping to change at page 2, line 4 ¶ | skipping to change at page 2, line 4 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on May 11, 2019. | This Internet-Draft will expire on June 15, 2019. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2018 IETF Trust and the persons identified as the | Copyright (c) 2018 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 21, line 36 ¶ | skipping to change at page 21, line 36 ¶ | |||
| EXAMPLE: | EXAMPLE: | |||
| <policy_evaluated> | <policy_evaluated> | |||
| <disposition>none</disposition> | <disposition>none</disposition> | |||
| <dkim>fail</dkim> | <dkim>fail</dkim> | |||
| <spf>fail</spf> | <spf>fail</spf> | |||
| <reason> | <reason> | |||
| <type>local_policy</type> | <type>local_policy</type> | |||
| <comment>arc=pass as[2].d=d2.example as[2].s=s2 | <comment>arc=pass as[2].d=d2.example as[2].s=s2 | |||
| as[1].d=d1.example as[1].s=s3 | as[1].d=d1.example as[1].s=s3 | |||
| remote-ip[1]=10.10.10.13</comment> | remote-ip[1]=2001:DB8::1A</comment> | |||
| </reason> | </reason> | |||
| </policy_evaluated> | </policy_evaluated> | |||
| In the above example DMARC XML reporting fragment, data relating to | In the above example DMARC XML reporting fragment, data relating to | |||
| specific validated ARC Sets are enumerated using array syntax (eg, | specific validated ARC Sets are enumerated using array syntax (eg, | |||
| "as[2]" means AS header field with instance value of 2). d2.example | "as[2]" means AS header field with instance value of 2). d2.example | |||
| is the Sealing domain for ARC Set #2 (i=2) and d1.example is the | is the Sealing domain for ARC Set #2 (i=2) and d1.example is the | |||
| Sealing domain for ARC Set #1 (i=1). | Sealing domain for ARC Set #1 (i=1). | |||
| Depending on the reporting practices of intermediate message | Depending on the reporting practices of intermediate message | |||
| skipping to change at page 22, line 20 ¶ | skipping to change at page 22, line 20 ¶ | |||
| Such information is also included in existing non-ARC related header | Such information is also included in existing non-ARC related header | |||
| fields such as the "Received" header fields. | fields such as the "Received" header fields. | |||
| 9. Security Considerations | 9. Security Considerations | |||
| The Security Considerations of [RFC6376] and [I-D-7601bis] apply | The Security Considerations of [RFC6376] and [I-D-7601bis] apply | |||
| directly to this specification. | directly to this specification. | |||
| As with other domain authentication technologies (such as SPF, DKIM, | As with other domain authentication technologies (such as SPF, DKIM, | |||
| and DMARC), ARC makes no claims about the semantic content of | and DMARC), ARC makes no claims about the semantic content of | |||
| messages. | messages. A received message with an ARC chain provides evidence (at | |||
| instance N) that: The sealing domain (ARC-Seal d=) processed a | ||||
| message with this body, determined the reported ARC-Authentication- | ||||
| Results, and the ARC chain 1..N-1. | ||||
| 9.1. Increased Header Field Size | 9.1. Increased Header Field Size | |||
| Inclusion of Authenticated Received Chains into messages may cause | Inclusion of Authenticated Received Chains into messages may cause | |||
| issues for older or constrained MTAs due to increased total header | issues for older or constrained MTAs due to increased total header | |||
| field size. Large header field blocks, in general, may cause | field size. Large header field blocks, in general, may cause | |||
| failures to deliver or other outage scenarios for such MTAs. ARC | failures to deliver or other outage scenarios for such MTAs. ARC | |||
| itself would not cause problems. | itself would not cause problems. | |||
| 9.2. DNS Operations | 9.2. DNS Operations | |||
| skipping to change at page 24, line 21 ¶ | skipping to change at page 24, line 21 ¶ | |||
| Code: "none", "pass", "fail" | Code: "none", "pass", "fail" | |||
| Specification: this document 2.2 | Specification: this document 2.2 | |||
| Status: active | Status: active | |||
| 10.2. Email Authentication Methods Registry Update | 10.2. Email Authentication Methods Registry Update | |||
| This draft adds several new items to the Email Authentication Methods | This draft adds several new items to the Email Authentication Methods | |||
| registry, most recently defined in [I-D-7601bis]: | registry, most recently defined in [I-D-7601bis]: | |||
| o Method: arc | o Method: arc | |||
| Definition: this document | Definition: this document section 6 | |||
| ptype: smtp | ptype: smtp | |||
| Property: remote-ip | Property: remote-ip | |||
| Value: IP address of originating SMTP connection | Value: IP address (v4 or v6) of originating SMTP connection | |||
| Status: active | Status: active | |||
| Version: 1 | Version: 1 | |||
| o Method: arc | o Method: arc | |||
| Definition: this document | Definition: this document section 6 | |||
| ptype: header | ptype: header | |||
| Property: oldest-pass | Property: oldest-pass | |||
| Value: The instance id of the oldest validating AMS, or 0 if they | Value: The instance id of the oldest validating AMS, or 0 if they | |||
| all pass (see Section 5.2) | all pass (see Section 5.2) | |||
| Status: active | Status: active | |||
| Version: 1 | Version: 1 | |||
| o Method: dkim | ||||
| Definition: [I-D-7601bis] | ||||
| ptype: header | ||||
| Property: s | ||||
| Value: value of signature "s" tag | ||||
| Status: active | ||||
| Version: 1 | ||||
| 10.3. Definitions of the ARC header fields | 10.3. Definitions of the ARC header fields | |||
| This specification adds three new header fields to the "Permanent | This specification adds three new header fields to the "Permanent | |||
| Message Header Field Registry", as follows: | Message Header Field Registry", as follows: | |||
| o Header field name: ARC-Seal | o Header field name: ARC-Seal | |||
| Applicable protocol: mail | Applicable protocol: mail | |||
| Status: Experimental | Status: Experimental | |||
| Author/Change controller: IETF | Author/Change controller: IETF | |||
| Specification document(s): this document | Specification document(s): this document | |||
| skipping to change at page 37, line 10 ¶ | skipping to change at page 37, line 10 ¶ | |||
| message and others which have not: | message and others which have not: | |||
| Return-Path: <jqd@d1.example> | Return-Path: <jqd@d1.example> | |||
| Received: from example.org (example.org [208.69.40.157]) | Received: from example.org (example.org [208.69.40.157]) | |||
| by gmail.example with ESMTP id d200mr22663000ykb.93.1421363207 | by gmail.example with ESMTP id d200mr22663000ykb.93.1421363207 | |||
| for <fmartin@example.com>; Thu, 14 Jan 2015 15:02:40 -0800 (PST) | for <fmartin@example.com>; Thu, 14 Jan 2015 15:02:40 -0800 (PST) | |||
| Received: from segv.d1.example (segv.d1.example [72.52.75.15]) | Received: from segv.d1.example (segv.d1.example [72.52.75.15]) | |||
| by lists.example.org (8.14.5/8.14.5) with ESMTP id t0EKaNU9010123 | by lists.example.org (8.14.5/8.14.5) with ESMTP id t0EKaNU9010123 | |||
| for <arc@example.org>; Thu, 14 Jan 2015 15:01:30 -0800 (PST) | for <arc@example.org>; Thu, 14 Jan 2015 15:01:30 -0800 (PST) | |||
| (envelope-from jqd@d1.example) | (envelope-from jqd@d1.example) | |||
| Received: from [10.10.10.131] (w-x-y-z.dsl.static.isp.com [w.x.y.z]) | Received: from [2001:DB8::1A] (w-x-y-z.dsl.static.isp.example [w.x.y.z]) | |||
| (authenticated bits=0) | (authenticated bits=0) | |||
| by segv.d1.example with ESMTP id t0FN4a8O084569; | by segv.d1.example with ESMTP id t0FN4a8O084569; | |||
| Thu, 14 Jan 2015 15:00:01 -0800 (PST) | Thu, 14 Jan 2015 15:00:01 -0800 (PST) | |||
| (envelope-from jqd@d1.example) | (envelope-from jqd@d1.example) | |||
| Received: from mail-ob0-f188.google.example (mail-ob0-f188.google.example | Received: from mail-ob0-f188.google.example | |||
| [208.69.40.157]) by clochette.example.org with ESMTP id | (mail-ob0-f188.google.example [208.69.40.157]) by | |||
| d200mr22663000ykb.93.1421363268 | clochette.example.org with ESMTP id d200mr22663000ykb.93.1421363268 | |||
| for <fmartin@example.org>; Thu, 14 Jan 2015 15:03:15 -0800 (PST) | for <fmartin@example.org>; Thu, 14 Jan 2015 15:03:15 -0800 (PST) | |||
| ARC-Seal: i=3; a=rsa-sha256; cv=pass; d=clochette.example.org; s= | ARC-Seal: i=3; a=rsa-sha256; cv=pass; d=clochette.example.org; s= | |||
| clochette; t=12345; b=CU87XzXlNlk5X/yW4l73UvPUcP9ivwYWxyBWcVrRs7 | clochette; t=12345; b=CU87XzXlNlk5X/yW4l73UvPUcP9ivwYWxyBWcVrRs7 | |||
| +HPx3K05nJhny2fvymbReAmOA9GTH/y+k9kEc59hAKVg== | +HPx3K05nJhny2fvymbReAmOA9GTH/y+k9kEc59hAKVg== | |||
| ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d= | ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d= | |||
| clochette.example.org; h=message-id:date:from:to:subject; s= | clochette.example.org; h=message-id:date:from:to:subject; s= | |||
| clochette; t=12345; bh=KWSe46TZKCcDbH4klJPo+tjk5LWJnVRlP5pvjXFZY | clochette; t=12345; bh=KWSe46TZKCcDbH4klJPo+tjk5LWJnVRlP5pvjXFZY | |||
| LQ=; b=o71vwyLsK+Wm4cOSlirXoRwzEvi0vqIjd/2/GkYFYlSd/GGfKzkAgPqxf | LQ=; b=o71vwyLsK+Wm4cOSlirXoRwzEvi0vqIjd/2/GkYFYlSd/GGfKzkAgPqxf | |||
| K7ccBMP7Zjb/mpeggswHjEMS8x5NQ== | K7ccBMP7Zjb/mpeggswHjEMS8x5NQ== | |||
| ARC-Authentication-Results: i=3; clochette.example.org; spf=fail | ARC-Authentication-Results: i=3; clochette.example.org; spf=fail | |||
| skipping to change at page 37, line 47 ¶ | skipping to change at page 37, line 47 ¶ | |||
| ARC-Seal: i=2; a=rsa-sha256; cv=pass; d=gmail.example; s=20120806; t= | ARC-Seal: i=2; a=rsa-sha256; cv=pass; d=gmail.example; s=20120806; t= | |||
| 12345; b=Zpukh/kJL4Q7Kv391FKwTepgS56dgHIcdhhJZjsalhqkFIQQAJ4T9BE | 12345; b=Zpukh/kJL4Q7Kv391FKwTepgS56dgHIcdhhJZjsalhqkFIQQAJ4T9BE | |||
| 8jjLXWpRNuh81yqnT1/jHn086RwezGw== | 8jjLXWpRNuh81yqnT1/jHn086RwezGw== | |||
| ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d= | ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d= | |||
| gmail.example; h=message-id:date:from:to:subject; s=20120806; t= | gmail.example; h=message-id:date:from:to:subject; s=20120806; t= | |||
| 12345; bh=KWSe46TZKCcDbH4klJPo+tjk5LWJnVRlP5pvjXFZYLQ=; b=CVoG44 | 12345; bh=KWSe46TZKCcDbH4klJPo+tjk5LWJnVRlP5pvjXFZYLQ=; b=CVoG44 | |||
| cVZvoSs2mMig2wwqPaJ4OZS5XGMCegWqQs1wvRZJS894tJM0xO1RJLgCPsBOxdA5 | cVZvoSs2mMig2wwqPaJ4OZS5XGMCegWqQs1wvRZJS894tJM0xO1RJLgCPsBOxdA5 | |||
| 9WSqI9s9DfyKDfWg== | 9WSqI9s9DfyKDfWg== | |||
| ARC-Authentication-Results: i=2; gmail.example; spf=fail | ARC-Authentication-Results: i=2; gmail.example; spf=fail | |||
| smtp.from=jqd@d1.example; dkim=fail (512-bit key) | smtp.from=jqd@d1.example; dkim=fail (512-bit key) | |||
| header.i=@example.org; dmarc=fail; arc=pass (as.1.lists.example.org=pass, | header.i=@example.org; dmarc=fail; arc=pass | |||
| ams.1.lists.example.org=pass) | (as.1.lists.example.org=pass, ams.1.lists.example.org=pass) | |||
| ARC-Seal: i=1; a=rsa-sha256; cv=none; d=lists.example.org; s=dk-lists; | ARC-Seal: i=1; a=rsa-sha256; cv=none; d=lists.example.org; s=dk-lists; | |||
| t=12345; b=TlCCKzgk3TrAa+G77gYYO8Fxk4q/Ml0biqduZJeOYh6+0zhwQ8u/ | t=12345; b=TlCCKzgk3TrAa+G77gYYO8Fxk4q/Ml0biqduZJeOYh6+0zhwQ8u/ | |||
| lHxLi21pxu347isLSuNtvIagIvAQna9a5A== | lHxLi21pxu347isLSuNtvIagIvAQna9a5A== | |||
| ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d= | ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d= | |||
| lists.example.org; h=message-id:date:from:to:subject; s= | lists.example.org; h=message-id:date:from:to:subject; s= | |||
| dk-lists; t=12345; bh=KWSe46TZKCcDbH4klJPo+tjk5LWJnVRlP5pvjXFZYL | dk-lists; t=12345; bh=KWSe46TZKCcDbH4klJPo+tjk5LWJnVRlP5pvjXFZYL | |||
| Q=; b=DsoD3n3hiwlrN1ma8IZQFgZx8EDO7Wah3hUjIEsYKuShRKYB4LwGUiKD5Y | Q=; b=DsoD3n3hiwlrN1ma8IZQFgZx8EDO7Wah3hUjIEsYKuShRKYB4LwGUiKD5Y | |||
| yHgcIwGHhSc/4+ewYqHMWDnuFxiQ== | yHgcIwGHhSc/4+ewYqHMWDnuFxiQ== | |||
| ARC-Authentication-Results: i=1; lists.example.org; spf=pass smtp.mfrom=jqd@d1.example; | ARC-Authentication-Results: i=1; lists.example.org; spf=pass | |||
| dkim=pass (512-bit key) header.i=@d1.example; | smtp.mfrom=jqd@d1.example; dkim=pass (512-bit key) | |||
| dmarc=pass | header.i=@d1.example; dmarc=pass | |||
| DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=d1.example; h= | DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=d1.example; h= | |||
| message-id:date:from:to:subject; s=origin2015; bh=bIxxaeIQvmOBdT | message-id:date:from:to:subject; s=origin2015; bh=bIxxaeIQvmOBdT | |||
| AitYfSNFgzPP4=; b=qKjd5fYibKXWWIcMKCgRYuo1vJ2fD+IAQPjX+uamXIGY2Q | AitYfSNFgzPP4=; b=qKjd5fYibKXWWIcMKCgRYuo1vJ2fD+IAQPjX+uamXIGY2Q | |||
| 0HjQ+Lq3/yHzG3JHJp6780/nKQPOWt2UDJQrJkEA== | 0HjQ+Lq3/yHzG3JHJp6780/nKQPOWt2UDJQrJkEA== | |||
| Message-ID: <54B84785.1060301@d1.example> | Message-ID: <54B84785.1060301@d1.example> | |||
| Date: Thu, 14 Jan 2015 15:00:01 -0800 | Date: Thu, 14 Jan 2015 15:00:01 -0800 | |||
| From: John Q Doe <jqd@d1.example> | From: John Q Doe <jqd@d1.example> | |||
| To: arc@dmarc.example | To: arc@dmarc.example | |||
| Subject: [List 2] Example 1 | Subject: [List 2] Example 1 | |||
| End of changes. 14 change blocks. | ||||
| 26 lines changed or deleted | 21 lines changed or added | |||
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||