| draft-ietf-marf-dkim-reporting-15.txt | draft-ietf-marf-dkim-reporting.txt | |||
|---|---|---|---|---|
| MARF Working Group M. Kucherawy | MARF Working Group M. Kucherawy | |||
| Internet-Draft Cloudmark | Internet-Draft Cloudmark | |||
| Intended status: Standards Track March 14, 2012 | Intended status: Standards Track March 19, 2012 | |||
| Expires: September 15, 2012 | Expires: September 20, 2012 | |||
| Extensions to DKIM for Failure Reporting | Extensions to DKIM for Failure Reporting | |||
| draft-ietf-marf-dkim-reporting-15 | draft-ietf-marf-dkim-reporting-16 | |||
| Abstract | Abstract | |||
| This memo presents extensions to the DomainKeys Identified Mail | This document presents extensions to the DomainKeys Identified Mail | |||
| (DKIM) specification to allow for detailed reporting of message | (DKIM) specification to allow for detailed reporting of message | |||
| authentication failures in an on-demand fashion. | authentication failures in an on-demand fashion. | |||
| Status of this Memo | Status of this Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on September 15, 2012. | This Internet-Draft will expire on September 20, 2012. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2012 IETF Trust and the persons identified as the | Copyright (c) 2012 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 10 | skipping to change at page 2, line 10 | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 2. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 4 | 2. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 2.1. Keywords . . . . . . . . . . . . . . . . . . . . . . . . . 4 | 2.1. Keywords . . . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 2.2. Imported Definitions . . . . . . . . . . . . . . . . . . . 4 | 2.2. Notation . . . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 2.3. Notation . . . . . . . . . . . . . . . . . . . . . . . . . 4 | 2.3. Imported Definitions . . . . . . . . . . . . . . . . . . . 4 | |||
| 2.4. Other Definitions . . . . . . . . . . . . . . . . . . . . 4 | 2.4. Other Definitions . . . . . . . . . . . . . . . . . . . . 4 | |||
| 3. Optional Reporting for DKIM . . . . . . . . . . . . . . . . . 5 | 3. Optional Reporting for DKIM . . . . . . . . . . . . . . . . . 5 | |||
| 3.1. Extension DKIM Signature Tag . . . . . . . . . . . . . . . 5 | 3.1. Extension DKIM Signature Tag . . . . . . . . . . . . . . . 5 | |||
| 3.2. DKIM Reporting TXT Record . . . . . . . . . . . . . . . . 5 | 3.2. DKIM Reporting TXT Record . . . . . . . . . . . . . . . . 5 | |||
| 3.3. DKIM Reporting Algorithm . . . . . . . . . . . . . . . . . 7 | 3.3. DKIM Reporting Algorithm . . . . . . . . . . . . . . . . . 7 | |||
| 4. Optional Reporting Address for DKIM-ADSP . . . . . . . . . . . 10 | 4. Optional Reporting Address for DKIM-ADSP . . . . . . . . . . . 9 | |||
| 5. Requested Reports . . . . . . . . . . . . . . . . . . . . . . 12 | 5. Requested Reports . . . . . . . . . . . . . . . . . . . . . . 11 | |||
| 5.1. Requested Reports for DKIM Failures . . . . . . . . . . . 12 | 5.1. Requested Reports for DKIM Failures . . . . . . . . . . . 11 | |||
| 5.2. Requested Reports for DKIM ADSP Failures . . . . . . . . . 12 | 5.2. Requested Reports for DKIM ADSP Failures . . . . . . . . . 11 | |||
| 6. Report Generation . . . . . . . . . . . . . . . . . . . . . . 14 | 6. Report Generation . . . . . . . . . . . . . . . . . . . . . . 13 | |||
| 6.1. Report Format . . . . . . . . . . . . . . . . . . . . . . 14 | 6.1. Report Format . . . . . . . . . . . . . . . . . . . . . . 13 | |||
| 6.2. Other Guidance . . . . . . . . . . . . . . . . . . . . . . 14 | 6.2. Other Guidance . . . . . . . . . . . . . . . . . . . . . . 13 | |||
| 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15 | 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 | |||
| 7.1. DKIM Signature Tag Registration . . . . . . . . . . . . . 15 | 7.1. DKIM Signature Tag Registration . . . . . . . . . . . . . 14 | |||
| 7.2. DKIM ADSP Tag Registration . . . . . . . . . . . . . . . . 15 | 7.2. DKIM ADSP Tag Registration . . . . . . . . . . . . . . . . 14 | |||
| 7.3. DKIM Reporting Tag Registry . . . . . . . . . . . . . . . 15 | 7.3. DKIM Reporting Tag Registry . . . . . . . . . . . . . . . 14 | |||
| 8. Security Considerations . . . . . . . . . . . . . . . . . . . 17 | 8. Security Considerations . . . . . . . . . . . . . . . . . . . 16 | |||
| 8.1. Inherited Considerations . . . . . . . . . . . . . . . . . 17 | 8.1. Inherited Considerations . . . . . . . . . . . . . . . . . 16 | |||
| 8.2. Report Volume . . . . . . . . . . . . . . . . . . . . . . 17 | 8.2. Report Volume . . . . . . . . . . . . . . . . . . . . . . 16 | |||
| 8.3. Deliberate Misuse . . . . . . . . . . . . . . . . . . . . 17 | 8.3. Deliberate Misuse . . . . . . . . . . . . . . . . . . . . 16 | |||
| 8.4. Unreported Fraud . . . . . . . . . . . . . . . . . . . . . 18 | 8.4. Unreported Fraud . . . . . . . . . . . . . . . . . . . . . 17 | |||
| 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 19 | 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 18 | |||
| 9.1. Normative References . . . . . . . . . . . . . . . . . . . 19 | 9.1. Normative References . . . . . . . . . . . . . . . . . . . 18 | |||
| 9.2. Informative References . . . . . . . . . . . . . . . . . . 20 | 9.2. Informative References . . . . . . . . . . . . . . . . . . 19 | |||
| Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 21 | Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 20 | |||
| Appendix B. Examples . . . . . . . . . . . . . . . . . . . . . . 22 | Appendix B. Examples . . . . . . . . . . . . . . . . . . . . . . 21 | |||
| B.1. Example Use of DKIM Signature Extension Tag . . . . . . . 22 | B.1. Example Use of DKIM Signature Extension Tag . . . . . . . 21 | |||
| B.2. Example DKIM Reporting TXT Record . . . . . . . . . . . . 22 | B.2. Example DKIM Reporting TXT Record . . . . . . . . . . . . 21 | |||
| B.3. Example Use of DKIM ADSP Extension Tags . . . . . . . . . 23 | B.3. Example Use of DKIM ADSP Extension Tags . . . . . . . . . 22 | |||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 24 | Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 23 | |||
| 1. Introduction | 1. Introduction | |||
| DomainKeys Identified Mail [DKIM] introduced a mechanism for message | DomainKeys Identified Mail [DKIM] introduced a mechanism for message | |||
| signing and authentication. It uses digital signing to associate a | signing and authentication. It uses digital signing to associate a | |||
| domain name with a message in a reliable (i.e. not easily forged) | domain name with a message in a reliable manner. The verified domain | |||
| manner. The output is a verified domain name that can then be | name can then be evaluated (e.g., checking advertised sender policy, | |||
| subjected to some sort of evaluation process (e.g., advertised sender | comparison to a known-good list, submission to a reputation service, | |||
| policy, comparison to a known-good list, submission to a reputation | etc.). | |||
| service, etc.). | ||||
| Deployers of message authentication technologies are increasingly | Deployers of message authentication technologies are increasingly | |||
| seeking visibility into DKIM verification failures and conformance | seeking visibility into DKIM verification failures and conformance | |||
| failures involving the published signing practices (e.g., Author | failures involving the published signing practices (e.g., Author | |||
| Domain Signing Practices, [ADSP]) of an Administrative Management | Domain Signing Practices, [ADSP]) of an Administrative Management | |||
| Domain (ADMD; see [EMAIL-ARCH]). | Domain (ADMD; see [EMAIL-ARCH]). | |||
| This document extends [DKIM] and [ADSP] to add an optional reporting | This document extends [DKIM] and [ADSP] to add an optional reporting | |||
| address and some reporting parameters. Reports are generated using | address and some reporting parameters. Reports are generated using | |||
| the format defined in [I-D.IETF-MARF-AUTHFAILURE-REPORT]. | the format defined in [I-D.IETF-MARF-AUTHFAILURE-REPORT]. | |||
| 2. Definitions | 2. Definitions | |||
| 2.1. Keywords | 2.1. Keywords | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||
| document are to be interpreted as described in [KEYWORDS]. | document are to be interpreted as described in [KEYWORDS]. | |||
| 2.2. Imported Definitions | 2.2. Notation | |||
| The [ABNF] token "qp-section" is imported from [MIME]. | ||||
| Numerous DKIM-specific terms used here are defined in [DKIM]. The | ||||
| definition of the ABNF token "domain-name" can also be found there. | ||||
| 2.3. Notation | ||||
| Certain properties of email messages described in this document are | Certain properties of email messages described in this document are | |||
| referenced using notation found in [EMAIL-ARCH] (e.g., | referenced using notation found in [EMAIL-ARCH] (e.g., | |||
| "RFC5322.From"). | "RFC5322.From"). | |||
| 2.3. Imported Definitions | ||||
| Numerous DKIM-specific terms used here are defined in [DKIM]. The | ||||
| definitions of the [ABNF] tokens "domain-name" and "dkim-quoted- | ||||
| printable" can also be found there. | ||||
| 2.4. Other Definitions | 2.4. Other Definitions | |||
| report generator: A report generator is an entity that generates and | report generator: A report generator is an entity that generates and | |||
| sends reports. For the scope of this memo, the term refers to | sends reports. For the scope of this document, the term refers to | |||
| Verifiers, as defined in Section 2.2 of [DKIM], designed also to | Verifiers, as defined in Section 2.2 of [DKIM], with the added | |||
| generate authentication failure reports according to this | capability to generate authentication failure reports according to | |||
| specification. | this specification. | |||
| 3. Optional Reporting for DKIM | 3. Optional Reporting for DKIM | |||
| A domain name owner employing [DKIM] for email signing and | A domain name owner employing [DKIM] for email signing and | |||
| authentication might want to know when signatures that ought to be | authentication might want to know when signatures that ought to be | |||
| verifiable with specific public keys are not successfully verifying. | verifiable are not successfully verifying. Currently there is no | |||
| Currently there is no such mechanism defined. | such mechanism defined. | |||
| This document adds optional "tags" (as defined in [DKIM]) to the | This section adds optional "tags" (as defined in [DKIM]) to the DKIM- | |||
| DKIM-Signature header field and the DKIM key record in the DNS, using | Signature header field and the DKIM key record in the DNS, using the | |||
| the formats defined in that specification. | formats defined in that specification. | |||
| 3.1. Extension DKIM Signature Tag | 3.1. Extension DKIM Signature Tag | |||
| The following tag is added to DKIM-Signature header fields when a | The following tag is added to DKIM-Signature header fields when a | |||
| Signer wishes to request that reports of failed verifications be | Signer wishes to request that reports of failed verifications be | |||
| generated by a Verifier: | generated by a Verifier: | |||
| r= Reporting Requested (plain-text; OPTIONAL; no default). If | r= Reporting Requested (plain-text; OPTIONAL; no default). If | |||
| present, this tag indicates that the Signer requests that | present, this tag indicates that the Signer requests that | |||
| Verifiers generate a report when verification of the DKIM | Verifiers generate a report when verification of the DKIM | |||
| signature fails. At present, the only legal value is the single | signature fails. At present, the only legal value is the single | |||
| character "y" (in either upper or lower case). A complete | character "y". A complete description and illustration of how | |||
| description and illustration of how this is applied can be found | this is applied can be found in Section 3.3. | |||
| in Section 3.3. | ||||
| ABNF: | ABNF: | |||
| sig-r-tag = %x72 *WSP "=" *WSP %x79 | sig-r-tag = %x72 *WSP "=" *WSP %x79 | |||
| ; "r=y" (lower-case only) | ; "r=y" (lower-case only) | |||
| 3.2. DKIM Reporting TXT Record | 3.2. DKIM Reporting TXT Record | |||
| When a Signer wishes to advertise that it wants to receive failed | When a Signer wishes to advertise that it wants to receive failed | |||
| verification reports, it places in the DNS a TXT resource record | verification reports, it places in the DNS a TXT resource record | |||
| (RR). The RR is made up of a sequence of tag-value objects (much | (RR). The RR contains a sequence of tag-value objects in a format | |||
| like DKIM key records, as defined in Section 3.6.1 of [DKIM]), but it | similar to DKIM key records (see Section 3.6.1 of [DKIM]), but it is | |||
| is entirely independent of those key records and is found at a | entirely independent of those key records and is found at a different | |||
| different name. In the case of a record advertising the desire for | name. The tag-value objects in this case comprise the parameters to | |||
| authentication failure reports, the tags and values comprise the | be used when generating the reports. A report generator will request | |||
| parameters to be used when generating the reports. A report | the content of this record when it sees an "r=" tag in a DKIM- | |||
| generator will request the content of this record when it sees an | Signature header field. | |||
| "r=" tag in a DKIM-Signature header field. | ||||
| Section 3.6.2.2 of [DKIM] provides guidance with respect to handling | Section 3.6.2.2 of [DKIM] provides guidance with respect to handling | |||
| of a TXT RR that comprises multiple distinct strings ("character- | of a TXT RR that comprises multiple distinct strings ("character- | |||
| strings" in the parlance of [DNS]). The same process MUST be applied | strings" in the parlance of [DNS]). The same process MUST be applied | |||
| here. | here. | |||
| Implementations MUST support all tags defined in this document, and | Implementations MUST support all tags defined in this document, and | |||
| any other tag found in the content of the record that is not | any other tag found in the content of the record that is not | |||
| recognized by an implementation MUST be ignored. See Section 7.3 for | recognized by an implementation MUST be ignored. See Section 7.3 for | |||
| details about finding or registering extension tags. | details about finding or registering extension tags. | |||
| skipping to change at page 6, line 25 | skipping to change at page 6, line 22 | |||
| local-part of an email address to which a report SHOULD be sent | local-part of an email address to which a report SHOULD be sent | |||
| when mail fails DKIM verification for one of the reasons | when mail fails DKIM verification for one of the reasons | |||
| enumerated below. The value MUST be interpreted as a local-part | enumerated below. The value MUST be interpreted as a local-part | |||
| only. To construct the actual address to which the report is | only. To construct the actual address to which the report is | |||
| sent, the Verifier simply appends to this value an "@" followed by | sent, the Verifier simply appends to this value an "@" followed by | |||
| the domain name found in the "d=" tag of the DKIM-Signature header | the domain name found in the "d=" tag of the DKIM-Signature header | |||
| field. Therefore, an ADMD making use of this specification MUST | field. Therefore, an ADMD making use of this specification MUST | |||
| ensure that an email address thus constructed can receive reports | ensure that an email address thus constructed can receive reports | |||
| generated as described in Section 6. ABNF: | generated as described in Section 6. ABNF: | |||
| rep-ra-tag = %x72.61 *WSP "=" *WSP qp-section | rep-ra-tag = %x72.61 *WSP "=" *WSP dkim-quoted-printable | |||
| ; "ra=..." (lower-case only for the tag name) | ; "ra=..." (lower-case only for the tag name) | |||
| rp= Requested Report Percentage (plain-text; OPTIONAL; default is | rp= Requested Report Percentage (plain-text; OPTIONAL; default is | |||
| "100"). The value is an integer from 0 to 100 inclusive that | "100"). The value is an integer from 0 to 100 inclusive that | |||
| indicates what percentage of incidents of signature authentication | indicates what percentage of incidents of signature authentication | |||
| failures, selected at random, are to cause reports to be | failures, selected at random, are to cause reports to be | |||
| generated. The report generator SHOULD NOT issue reports for more | generated. The report generator SHOULD NOT issue reports for more | |||
| than the requested percentage of incidents. Report generators MAY | than the requested percentage of incidents. Report generators MAY | |||
| make use of the "Incidents:" field in [ARF] to indicate that there | make use of the "Incidents:" field in [ARF] to indicate that there | |||
| are more reportable incidents than there are reports. ABNF: | are more reportable incidents than there are reports. ABNF: | |||
| rep-rp-tag = %x72.70 *WSP "=" *WSP 1*3DIGIT | rep-rp-tag = %x72.70 *WSP "=" *WSP 1*3DIGIT | |||
| ; "rp=..." (lower-case only) | ; "rp=..." (lower-case only) | |||
| rr= Requested Reports (plain-text; OPTIONAL; default is "all"). The | rr= Requested Reports (plain-text; OPTIONAL; default is "all"). The | |||
| value MUST be a colon-separated list of tokens representing those | value MUST be a colon-separated list of tokens representing those | |||
| conditions under which a report is desired. See Section 5.1 for a | conditions under which a report is desired. See Section 5.1 for a | |||
| list of valid tags. ABNF: | list of valid tokens. ABNF: | |||
| rep-rr-type = ( "all" / "d" / "o" / "p"/ "s" / "u" / "v" / "x" ) | rep-rr-type = ( "all" / "d" / "o" / "p"/ "s" / "u" / "v" / "x" ) | |||
| rep-rr-tag = %x72.72 *WSP "=" *WSP rep-rr-type | rep-rr-tag = %x72.72 *WSP "=" *WSP rep-rr-type | |||
| *WSP 0* ( ":" *WSP rep-rr-type ) | *WSP *( ":" *WSP rep-rr-type ) | |||
| ; "rr=..." (lower-case only for the tag name) | ; "rr=..." (lower-case only for the tag name) | |||
| rs= Requested SMTP Error String (text; OPTIONAL; no default). The | rs= Requested SMTP Error String (text; OPTIONAL; no default). The | |||
| value is a dkim-quoted-printable string that the publishing ADMD | value is a dkim-quoted-printable string that the publishing ADMD | |||
| requests be included in [SMTP] error strings if messages are | requests be included in [SMTP] error strings if messages are | |||
| rejected during the delivery SMTP session. ABNF: | rejected during the delivery SMTP session. ABNF: | |||
| rep-rs-tag = %x72.73 *WSP "=" qp-section | rep-rs-tag = %x72.73 *WSP "=" dkim-quoted-printable | |||
| ; "rs=..." (lower-case only for the tag name) | ; "rs=..." (lower-case only for the tag name) | |||
| In the absence of an "ra=" tag, the "rp=" and "rr=" tags MUST be | In the absence of an "ra=" tag, the "rp=" and "rr=" tags MUST be | |||
| ignored, and the report generator MUST NOT issue a report. | ignored, and the report generator MUST NOT issue a report. | |||
| 3.3. DKIM Reporting Algorithm | 3.3. DKIM Reporting Algorithm | |||
| Report generators MUST apply the following algorithm, or one | Report generators MUST apply the following algorithm, or one | |||
| semantically equivalent to it, for each DKIM-Signature header field | semantically equivalent to it, for each DKIM-Signature header field | |||
| whose verification fails for some reason. Note that this processing | whose verification fails for some reason. Note that this processing | |||
| skipping to change at page 8, line 8 | skipping to change at page 7, line 52 | |||
| number between 0 and 99, inclusive; if the selected number is | number between 0 and 99, inclusive; if the selected number is | |||
| not lower than the tag's value, terminate. | not lower than the tag's value, terminate. | |||
| 8. If no "ra=" tag was present, skip this step and the next one. | 8. If no "ra=" tag was present, skip this step and the next one. | |||
| Otherwise, determine the reporting address by extracting the | Otherwise, determine the reporting address by extracting the | |||
| value of the "ra=" tag and appending to it "@" followed by the | value of the "ra=" tag and appending to it "@" followed by the | |||
| domain name found in the "d=" tag of the DKIM-Signature header | domain name found in the "d=" tag of the DKIM-Signature header | |||
| field. | field. | |||
| 9. Construct and send a report in compliance with Section 6 of this | 9. Construct and send a report in compliance with Section 6 of this | |||
| memo that includes as its intended recipient the address | document that includes as its intended recipient the address | |||
| constructed in the previous step. | constructed in the previous step. | |||
| 10. If the [SMTP] session during which the DKIM signautre was | 10. If the [SMTP] session during which the DKIM signautre was | |||
| evaluated is still active and the SMTP server has not already | evaluated is still active and the SMTP server has not already | |||
| given its response to the DATA command that relayed the message, | given its response to the DATA command that relayed the message, | |||
| and an "rs=" tag was present in the TXT record, the SMTP server | and an "rs=" tag was present in the TXT record, the SMTP server | |||
| SHOULD include the decoded string found in the "rs=" tag in its | SHOULD include the decoded string found in the "rs=" tag in its | |||
| SMTP reply to the DATA command. | SMTP reply to the DATA command. | |||
| In order to thwart attacks that seek to convert report generators | In order to thwart attacks that seek to convert report generators | |||
| skipping to change at page 9, line 5 | skipping to change at page 8, line 47 | |||
| malicious Signer cannot falsely assert that someone else wants | malicious Signer cannot falsely assert that someone else wants | |||
| failure reports and cause unwanted mail to be generated. It can | failure reports and cause unwanted mail to be generated. It can | |||
| cause additional DNS traffic against the domain listed in the | cause additional DNS traffic against the domain listed in the | |||
| "d=" signature tag, but negative caching of the requested DNS | "d=" signature tag, but negative caching of the requested DNS | |||
| record will help to mitigate this issue. | record will help to mitigate this issue. | |||
| c. It is not possible for a Signer to direct reports to an email | c. It is not possible for a Signer to direct reports to an email | |||
| address outside of its own domain, preventing distributed email- | address outside of its own domain, preventing distributed email- | |||
| based denial-of-service attacks. | based denial-of-service attacks. | |||
| See Section 8.4 for some considerations regardin limitations of this | See Section 8.4 for some considerations regarding limitations of this | |||
| mechanism. | mechanism. | |||
| 4. Optional Reporting Address for DKIM-ADSP | 4. Optional Reporting Address for DKIM-ADSP | |||
| There also exist cases in which a domain name owner employing [ADSP] | A domain name owner employing Author Domain Signing Practices [ADSP] | |||
| for announcing signing practises with DKIM may want to know when | may also want to know when messages are received without valid author | |||
| messages are received without valid author domain signatures. | domain signatures. Currently there is no such mechanism defined. | |||
| Currently there is no such mechanism defined. | ||||
| This document adds the following optional "tags" (as defined in | This section adds the following optional "tags" (as defined in | |||
| [ADSP]) to the DKIM ADSP records, using the form defined in that | [ADSP]) to the DKIM ADSP records, using the form defined in that | |||
| specification: | specification: | |||
| ra= Reporting Address (plain-text; OPTIONAL; no default). The value | ra= Reporting Address (plain-text; OPTIONAL; no default). The value | |||
| MUST be a dkim-quoted-printable string containing the local-part | MUST be a dkim-quoted-printable string containing the local-part | |||
| of an email address to which a report SHOULD be sent when mail | of an email address to which a report SHOULD be sent when mail | |||
| claiming to be from this domain failed the verification algorithm | claiming to be from this domain failed the verification algorithm | |||
| described in [ADSP], in particular because a message arrived | described in [ADSP], in particular because a message arrived | |||
| without a signature that validates, which contradicts what the | without a signature that validates, which contradicts what the | |||
| ADSP record claims. The value MUST be interpreted as a local-part | ADSP record claims. The value MUST be interpreted as a local-part | |||
| only. To construct the actual address to which the report is | only. To construct the actual address to which the report is | |||
| sent, the Verifier simply appends to this value an "@" followed by | sent, the Verifier simply appends to this value an "@" followed by | |||
| the domain whose policy was queried in order to evaluate the | the domain whose policy was queried in order to evaluate the | |||
| sender's ADSP, i.e., the RFC5322.From domain of the message under | sender's ADSP, i.e., the RFC5322.From domain of the message under | |||
| evaluation. Therefore, a signer making use of this extension tag | evaluation. Therefore, a signer making use of this extension tag | |||
| MUST ensure that an email address thus constructed can receive | MUST ensure that an email address thus constructed can receive | |||
| reports generated as described in Section 6. ABNF: | reports generated as described in Section 6. ABNF: | |||
| adsp-ra-tag = %x72.61 *WSP "=" qp-section | adsp-ra-tag = %x72.61 *WSP "=" dkim-quoted-printable | |||
| ; "ra=..." (lower-case only for the tag name) | ; "ra=..." (lower-case only for the tag name) | |||
| rp= Requested Report Percentage (plain-text; OPTIONAL; default is | rp= Requested Report Percentage (plain-text; OPTIONAL; default is | |||
| "100"). The value is a single integer from 0 to 100 inclusive | "100"). The value is a single integer from 0 to 100 inclusive | |||
| that indicates what percentage of incidents of ADSP evaluation | that indicates what percentage of incidents of ADSP evaluation | |||
| failures, selected at random, should cause reports to be | failures, selected at random, should cause reports to be | |||
| generated. The report generator SHOULD NOT issue reports for more | generated. The report generator SHOULD NOT issue reports for more | |||
| than the requested percentage of incidents. An exception to this | than the requested percentage of incidents. An exception to this | |||
| might be some out-of-band arrangement between two parties to | might be some out-of-band arrangement between two parties to | |||
| override it with some mutually agreed value. Report generators | override it with some mutually agreed value. Report generators | |||
| MAY make use of the "Incidents:" field in [ARF] to indicate that | MAY make use of the "Incidents:" field in [ARF] to indicate that | |||
| there are more reportable incidents than there are reports. ABNF: | there are more reportable incidents than there are reports. ABNF: | |||
| adsp-rp-tag = %x72.70 *WSP "=" *WSP 1*3DIGIT | adsp-rp-tag = %x72.70 *WSP "=" *WSP 1*3DIGIT | |||
| ; "rp=..." (lower-case only) | ; "rp=..." (lower-case only) | |||
| rr= Requested Reports (plain-text; OPTIONAL; default is "all"). The | rr= Requested Reports (plain-text; OPTIONAL; default is "all"). The | |||
| value MUST be a colon-separated list of tokens representing those | value MUST be a colon-separated list of tokens representing those | |||
| conditions under which a report is desired. See Section 5.2 for a | conditions under which a report is desired. See Section 5.2 for a | |||
| list of valid tags. ABNF: | list of valid tokens. ABNF: | |||
| adsp-rr-type = ( "all" / "o" / "p" / "s" / "u" ) | adsp-rr-type = ( "all" / "o" / "p" / "s" / "u" ) | |||
| adsp-rr-tag = %x72.72 *WSP "=" *WSP adsp-rr-type | adsp-rr-tag = %x72.72 *WSP "=" *WSP adsp-rr-type | |||
| *WSP 0* ( ":" *WSP adsp-rr-type ) | *WSP *( ":" *WSP adsp-rr-type ) | |||
| ; "rr=..." (lower-case only for the tag name) | ; "rr=..." (lower-case only for the tag name) | |||
| rs= Requested SMTP Error String (plain-text; OPTIONAL; no default). | rs= Requested SMTP Error String (plain-text; OPTIONAL; no default). | |||
| The value is a string the signing domain requests be included in | The value is a string the signing domain requests be included in | |||
| [SMTP] error strings when messages are rejected during a single | [SMTP] error strings when messages are rejected during a single | |||
| SMTP session. ABNF: | SMTP session. ABNF: | |||
| adsp-rs-tag = %x72.73 *WSP "=" qp-section | adsp-rs-tag = %x72.73 *WSP "=" dkim-quoted-printable | |||
| ; "rs=..." (lower-case only for the tag name) | ; "rs=..." (lower-case only for the tag name) | |||
| In the absence of an "ra=" tag, the "rp=" and "rr=" tags MUST be | In the absence of an "ra=" tag, the "rp=" and "rr=" tags MUST be | |||
| ignored, and the report generator MUST NOT issue a report. | ignored, and the report generator MUST NOT issue a report. | |||
| 5. Requested Reports | 5. Requested Reports | |||
| This memo also includes, as the "rr" tags defined above, the means by | This "rr" tags defined above allow a Signer to specify the types of | |||
| which the signer can request reports for specific circumstances of | errors about which it is interested in receiving reports. This | |||
| interest. Verifiers MUST NOT generate reports for incidents that do | section defines the error types and corresponding token values. | |||
| not match a requested report, and MUST ignore requests for reports | ||||
| not included in this list. | Verifiers MUST NOT generate reports for incidents that do not match a | |||
| requested report, and MUST ignore requests for reports not included | ||||
| in this list. | ||||
| 5.1. Requested Reports for DKIM Failures | 5.1. Requested Reports for DKIM Failures | |||
| The following report requests are defined for DKIM keys: | The following report requests are defined for DKIM keys: | |||
| all All reports are requested. | all All reports are requested. | |||
| d Reports are requested for signature evaluation errors that | d Reports are requested for signature evaluation errors that | |||
| resulted from DNS issues (e.g., key retrieval problems). | resulted from DNS issues (e.g., key retrieval problems). | |||
| skipping to change at page 17, line 27 | skipping to change at page 16, line 27 | |||
| 8.2. Report Volume | 8.2. Report Volume | |||
| It is impossible to predict the volume of reports this facility will | It is impossible to predict the volume of reports this facility will | |||
| generate when enabled by a report receiver. An implementer ought to | generate when enabled by a report receiver. An implementer ought to | |||
| anticipate substantial volume, since the amount of abuse occurring at | anticipate substantial volume, since the amount of abuse occurring at | |||
| receivers cannot be known ahead of time, and may vary rapidly and | receivers cannot be known ahead of time, and may vary rapidly and | |||
| unpredictably. | unpredictably. | |||
| 8.3. Deliberate Misuse | 8.3. Deliberate Misuse | |||
| Some threats caused by deliberate misuse of this mechanism are | Some threats caused by deliberate misuse of this error reporting | |||
| discussed in Section 3.3, but they warrant further discussion here. | mechanism are discussed in Section 3.3, but they warrant further | |||
| discussion here. | ||||
| Negative caching offers some protection against this pattern of | ||||
| abuse, although it will work only as long as the negative time-to- | ||||
| live on the relevant SOA record in the DNS. | ||||
| The presence of the DNS record that indicates willingness to accept | The presence of the DNS record that indicates willingness to accept | |||
| reports opens the recipient to abuse. In particular, it is possible | reports opens the recipient to abuse. In particular, it is possible | |||
| for an attacker to attempt to cause a flood of reports toward the | for an attacker to attempt to cause a flood of reports toward the | |||
| domain identified in a signature's "d=" tag in one of these ways: | domain identified in a signature's "d=" tag in one of these ways: | |||
| 1. Alter existing DKIM-Signature header fields by adding an "r=y" | 1. Alter existing DKIM-Signature header fields by adding an "r=y" | |||
| tag (and possibly altering the "d=" tag to point at the target | tag (and possibly altering the "d=" tag to point at the target | |||
| domain); | domain); | |||
| skipping to change at page 18, line 8 | skipping to change at page 17, line 5 | |||
| tag pointing at the target domain. | tag pointing at the target domain. | |||
| Consider, for example, the situation where an an attacker sends out a | Consider, for example, the situation where an an attacker sends out a | |||
| multi-million-message spam run, and includes in the messages a fake | multi-million-message spam run, and includes in the messages a fake | |||
| DKIM signature containing "d=example.com; r=y". It won't matter that | DKIM signature containing "d=example.com; r=y". It won't matter that | |||
| those signatures couldn't possibly be real: each will fail | those signatures couldn't possibly be real: each will fail | |||
| verification, and any implementations that support this specification | verification, and any implementations that support this specification | |||
| will report those failures, in the millions and in short order, to | will report those failures, in the millions and in short order, to | |||
| example.com. | example.com. | |||
| Implementers are therefore strongly advised not to advertise that DNS | Implementers are therefore strongly advised not to advertise the DNS | |||
| record except when reports desired, including the risk of receiving | record specified in this document except when failure reports are | |||
| this kind of attack. | desired. Upon doing so, unexpected traffic volumes and attacks | |||
| should be anticipated. | ||||
| Negative caching offers some protection against this pattern of | ||||
| abuse, although it will work only as long as the negative time-to- | ||||
| live on the relevant SOA record in the DNS. | ||||
| Positive caching of this DNS reply also means turning off the flow of | Positive caching of this DNS reply also means turning off the flow of | |||
| reports by removing the record is not likely to have immediate | reports by removing the record is not likely to have immediate | |||
| effect. A low time-to-live on the record needs to be considered. | effect. A low time-to-live on the record needs to be considered. | |||
| 8.4. Unreported Fraud | 8.4. Unreported Fraud | |||
| An attacker can craft fraudulent DKIM-Signature fields on messages, | An attacker can craft fraudulent DKIM-Signature fields on messages, | |||
| without using "r=" tags, and avoid having these reported. The | without using "r=" tags, and avoid having these reported. The | |||
| procedure described in Section 3.3 does not permit the detection and | procedure described in Section 3.3 does not permit the detection and | |||
| skipping to change at page 19, line 50 | skipping to change at page 18, line 50 | |||
| (work in progress), January 2012. | (work in progress), January 2012. | |||
| [IANA-CONSIDERATIONS] | [IANA-CONSIDERATIONS] | |||
| Alvestrand, H. and T. Narten, "Guidelines for Writing an | Alvestrand, H. and T. Narten, "Guidelines for Writing an | |||
| IANA Considerations Section in RFCs", RFC 5226, May 2008. | IANA Considerations Section in RFCs", RFC 5226, May 2008. | |||
| [KEYWORDS] | [KEYWORDS] | |||
| Bradner, S., "Key words for use in RFCs to Indicate | Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", RFC 2119, March 1997. | Requirement Levels", RFC 2119, March 1997. | |||
| [MIME] Freed, N. and N. Borenstein, "Multipurpose Internet Mail | ||||
| Extensions (MIME) Part One: Format of Internet Message | ||||
| Bodies", RFC 2045, November 1996. | ||||
| [SMTP] Klensin, J., "Simple Mail Transfer Protocol", RFC 5321, | [SMTP] Klensin, J., "Simple Mail Transfer Protocol", RFC 5321, | |||
| October 2008. | October 2008. | |||
| 9.2. Informative References | 9.2. Informative References | |||
| [DSN] Moore, K. and G. Vaudreuil, "An Extensible Message Format | [DSN] Moore, K. and G. Vaudreuil, "An Extensible Message Format | |||
| for Delivery Status Notifications", RFC 3464, | for Delivery Status Notifications", RFC 3464, | |||
| January 2003. | January 2003. | |||
| [OPENDKIM] | [OPENDKIM] | |||
| skipping to change at page 22, line 8 | skipping to change at page 21, line 8 | |||
| Appendix A. Acknowledgements | Appendix A. Acknowledgements | |||
| The authors wish to acknowledge the following for their review and | The authors wish to acknowledge the following for their review and | |||
| constructive criticism of this proposal: Steve Atkins, Monica Chew, | constructive criticism of this proposal: Steve Atkins, Monica Chew, | |||
| Dave Crocker, Tim Draegen, Frank Ellermann, JD Falk, John Levine, | Dave Crocker, Tim Draegen, Frank Ellermann, JD Falk, John Levine, | |||
| Scott Kitterman, and Andrew Sullivan. | Scott Kitterman, and Andrew Sullivan. | |||
| Appendix B. Examples | Appendix B. Examples | |||
| This section contains examples of the use of each of the extensions | This section contains examples of the use of each of the extensions | |||
| defined by this memo. | defined by this document. | |||
| B.1. Example Use of DKIM Signature Extension Tag | B.1. Example Use of DKIM Signature Extension Tag | |||
| A DKIM-Signature field including use of the extension tag defined by | A DKIM-Signature field including use of the extension tag defined by | |||
| this memo: | this document: | |||
| DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; | DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; | |||
| d=example.com; s=jan2012; r=y; | d=example.com; s=jan2012; r=y; | |||
| h=from:to:subject:date:message-id; | h=from:to:subject:date:message-id; | |||
| bh=YJAYwiNdc3wMh6TD8FjVhtmxaHYHo7Z/06kHQYvQ4tQ=; | bh=YJAYwiNdc3wMh6TD8FjVhtmxaHYHo7Z/06kHQYvQ4tQ=; | |||
| b=jHF3tpgqr6nH/icHKIqFK2IJPtCLF0CRJaz2Hj1Y8yNwTJ | b=jHF3tpgqr6nH/icHKIqFK2IJPtCLF0CRJaz2Hj1Y8yNwTJ | |||
| IMYIZtLccho3ymGF2GYqvTl2nP/cn4dH+55rH5pqkWNnuJ | IMYIZtLccho3ymGF2GYqvTl2nP/cn4dH+55rH5pqkWNnuJ | |||
| R9z54CFcanoKKcl9wOZzK9i5KxM0DTzfs0r8 | R9z54CFcanoKKcl9wOZzK9i5KxM0DTzfs0r8 | |||
| Example 1: DKIM-Signature field using this extension | Example 1: DKIM-Signature field using this extension | |||
| skipping to change at page 22, line 36 | skipping to change at page 21, line 36 | |||
| indicates reports are requested on verification failure. | indicates reports are requested on verification failure. | |||
| Assuming the public key retrieved from the DNS and processed | Assuming the public key retrieved from the DNS and processed | |||
| according to [DKIM] would determine that the signature is invalid, a | according to [DKIM] would determine that the signature is invalid, a | |||
| TXT query will be sent to "_report._domainkey.example.com" to | TXT query will be sent to "_report._domainkey.example.com" to | |||
| retrieve a reporting address and other report parameters as described | retrieve a reporting address and other report parameters as described | |||
| in Section 3.3. | in Section 3.3. | |||
| B.2. Example DKIM Reporting TXT Record | B.2. Example DKIM Reporting TXT Record | |||
| An example DKIM Reporting TXT Record as defined by this memo: | An example DKIM Reporting TXT Record as defined by this document: | |||
| ra=dkim-errors; rp=100; rr=v:x | ra=dkim-errors; rp=100; rr=v:x | |||
| Example 2: Example DKIM Reporting TXT Record | Example 2: Example DKIM Reporting TXT Record | |||
| This example, continuing from the previous one, shows a message that | This example, continuing from the previous one, shows a message that | |||
| might be found at "_report._domainkey.example.com" in a TXT record. | might be found at "_report._domainkey.example.com" in a TXT record. | |||
| It makes the following requests: | It makes the following requests: | |||
| o Reports about signature evaluation failures should be send to the | o Reports about signature evaluation failures should be send to the | |||
| address "dkim-errors" at the signer's domain; | address "dkim-errors" at the signer's domain; | |||
| o All (100%) incidents should be reported; | o All (100%) incidents should be reported; | |||
| o Only reports about signature verification failures and expired | o Only reports about signature verification failures and expired | |||
| signatures should be generated. | signatures should be generated. | |||
| B.3. Example Use of DKIM ADSP Extension Tags | B.3. Example Use of DKIM ADSP Extension Tags | |||
| A DKIM ADSP record including use of the extensions defined by this | A DKIM ADSP record including use of the extensions defined by this | |||
| memo: | document: | |||
| dkim=all; ra=dkim-adsp-errors; rr=u | dkim=all; ra=dkim-adsp-errors; rr=u | |||
| Example 3: DKIM ADSP record using these extensions | Example 3: DKIM ADSP record using these extensions | |||
| This example ADSP record makes the following assertions: | This example ADSP record makes the following assertions: | |||
| o The sending domain (i.e. the one that is advertising this policy) | o The sending domain (i.e. the one that is advertising this policy) | |||
| signs all mail it sends; | signs all mail it sends; | |||
| End of changes. 35 change blocks. | ||||
| 102 lines changed or deleted | 98 lines changed or added | |||
This html diff was produced by rfcdiff 1.33. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||