As discussion after I had filed this makes clear, my proposed solution isn't a great one. Since we're well on our way towards removing PSL use from the DMARC revision, I don't think it matters a lot whether we reject it or hold for document update and mark it resolved when the new revision is finalized.
Although it is certainly a corner case, I think it's illustrative of why getting away from the PSL for this use will be a good thing. Scott K On December 4, 2021 6:00:25 PM UTC, John Levine <[email protected]> wrote: >It appears that Murray S. Kucherawy <[email protected]> said: >>-=-=-=-=-=- >> >>This was reported but not sent to the WG. I believe the right disposition >>is "Hold for Document Update". Does anyone want to argue for "Rejected" or >>"Verified"? > >Reject it. Whether you choose to believe the non-ICANN part of the PSL is >local policy. > >I also think that Scott's example in the notes is wrong. It is perfectly >plasuble for an operator's customers to have their own DMARC policy, although >most >of the subdomains are less exotic than this one. Try Centralic's us.com >where I think you would not want foo.us.com and bar.us.com to share the >same default policy. > >R's, >John > >>---------- Forwarded message --------- >>From: RFC Errata System <[email protected]> >>Date: Mon, Nov 1, 2021 at 4:31 PM >>Subject: [Technical Errata Reported] RFC7489 (6729) >>To: <[email protected]>, <[email protected]>, <[email protected]> >>Cc: <[email protected]>, <[email protected]> >> >> >>The following errata report has been submitted for RFC7489, >>"Domain-based Message Authentication, Reporting, and Conformance (DMARC)". >> >>-------------------------------------- >>You may review the report below and at: >>https://www.rfc-editor.org/errata/eid6729 >> >>-------------------------------------- >>Type: Technical >>Reported by: Scott Kitterman <[email protected]> >> >>Section: 3.2 >> >>Original Text >>------------- >> 3. Search the public suffix list for the name that matches the >> largest number of labels found in the subject DNS domain. Let >> that number be "x". >> >>Corrected Text >>-------------- >> 3. Search the ICANN DOMAINS section of the public suffix list for >> the name that matches the largest number of labels found in the >> subject DNS domain. Let that number be "x". >> >>Notes >>----- >>The PSL includes both public and private domains. RFC 7489 should have >>limited name matching to the public, ICANN DOMAINS section of the PSL. As >>an example, using the current PSL, the organizational domain for >>example.s3.dualstack.ap-northeast-1.amazonaws.com is >>example.s3.dualstack.ap-northeast-1.amazonaws.com, not amazonaws.com since >>it is listed in the private section of the PSL. This is clearly the wrong >>result. >> >>Instructions: >>------------- >>This erratum is currently posted as "Reported". If necessary, please >>use "Reply All" to discuss whether it should be verified or >>rejected. When a decision is reached, the verifying party >>can log in to change the status and edit the report, if necessary. >> >>-------------------------------------- >>RFC7489 (draft-kucherawy-dmarc-base-12) >>-------------------------------------- >>Title : Domain-based Message Authentication, Reporting, and >>Conformance (DMARC) >>Publication Date : March 2015 >>Author(s) : M. Kucherawy, Ed., E. Zwicky, Ed. >>Category : INFORMATIONAL >>Source : INDEPENDENT >>Area : N/A >>Stream : INDEPENDENT >>Verifying Party : ISE & Editorial Board >> >>-=-=-=-=-=- >>[Alternative: text/html] >>-=-=-=-=-=- > > >_______________________________________________ >dmarc mailing list >[email protected] >https://www.ietf.org/mailman/listinfo/dmarc _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
