The original question in this thread had two parts: "Is it desirable to clarify this language, [1] such that it is clear which DKIM keys are required to include in a report, and [2] if so, how should the appropriate keys be determined?"
I hear consensus on [1], that the domain and selector of the key used to evaluate the DMARC status MUST be included, but on [2] there is not yet clear consensus. Does anyone have thoughts on [2] beyond Ale's comments? Otherwise, we can separate the conversation on [2] and return to it later. Seth, as Chair On Mon, Jun 8, 2020 at 2:47 AM Alessandro Vesely <[email protected]> wrote: > On Sun 07/Jun/2020 23:23:12 +0200 Seth Blank wrote: > > https://trac.ietf.org/trac/dmarc/ticket/38 > > > > The spec is ambiguous about which DKIM key needs to be reported. > > > > The real world problem here is that sometimes the DKIM key(s) which are > > reported in a row of an aggregate report have nothing to do with the > DKIM key > > used to evaluate the DMARC status within the same row. > > > > In https://tools.ietf.org/html/rfc7489#section-7.2, it says: > > > > The report SHOULD include the following data: > > > > o The identifier evaluated by DKIM and the DKIM result, > > > > Elizabeth Zwicky previously wrote: > > > > https://mailarchive.ietf.org/arch/msg/dmarc/0HnvtYeeseqopq1tLELctYte34M/ > > "is genuinely unclear. Often there are multiple identifiers. Does this > mean I > > can pick any one of them? (That does not actually provide sufficient > > interoperability.) If there’s a specific one I should pick, which is it?" > > > > https://mailarchive.ietf.org/arch/msg/dmarc/zDALDe2zbXhqfQ-_RVeUO1BT084/ > > "I believe they MUST contain any aligned DKIM signature regardless of > validity > > and SHOULD contain an entry for each domain, selector, result triple." > > > I think every MTA can have its own criteria about how to order DKIM > signatures > in each message. For DMARC validation, aligned signatures are important. > Valid signatures are more important than invalid or non-verifiable ones, > although reporting unverifiability is important. Signature by trusted > domains > are more important than those by unknown ones. Key size also matters. > These > are all subjective criteria. > > > > Is it desirable to clarify this language, such that it is clear which > DKIM keys > > are required to include in a report, and if so, how should the > appropriate > > keys be determined? > > > Signatures should be reported in order of decreasing importance. The more > signatures are reported, the better. The subjective order in which they > appear > is part of the informative content of the report. Software should allow to > configure ordering criteria when possible. > > > Best > Ale > -- > > > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > dmarc mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dmarc > -- *Seth Blank* | VP, Standards and New Technologies *e:* [email protected] *p:* 415.273.8818 This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system.
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
