IETF Logo Mail Archive

[Bimi] Affiliation Bias (was: Re: Thoughts about MUA/BIMI)

Dave Crocker <dhc@dcrocker.net> Fri, 12 August 2022 15:12 UTC

Return-Path: <dhc@dcrocker.net>
X-Original-To: bimi@ietfa.amsl.com
Delivered-To: bimi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 58284C15C516 for <bimi@ietfa.amsl.com>; Fri, 12 Aug 2022 08:12:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dcrocker.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kh4po0KF6Xdj for <bimi@ietfa.amsl.com>; Fri, 12 Aug 2022 08:12:38 -0700 (PDT)
Received: from frog.ash.relay.mailchannels.net (frog.ash.relay.mailchannels.net [23.83.222.63]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CBE00C15C520 for <bimi@ietf.org>; Fri, 12 Aug 2022 08:12:27 -0700 (PDT)
X-Sender-Id: hostingeremail|x-authsender|dhc@dcrocker.net
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 0C6A812204C for <bimi@ietf.org>; Fri, 12 Aug 2022 15:12:24 +0000 (UTC)
Received: from gcp-us-central1-a-smtpout3.hostinger.io (unknown [127.0.0.6]) (Authenticated sender: hostingeremail) by relay.mailchannels.net (Postfix) with ESMTPA id D8402120CFB for <bimi@ietf.org>; Fri, 12 Aug 2022 15:12:17 +0000 (UTC)
ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1660317138; a=rsa-sha256; cv=none; b=Zn1TzDpY1zZ153jL1+Ke0QAQdlxVquX512D1w1Ey24Jw+H6FuDyOfTkDofJWKUcZ+HxUP8 FxQxk71Zpy6nEkz2rMqj5MgElOWqmUwnffIpeoT5OVUHc59xQIjjOG7kEsVtba/LSE9Bou xekE4q2JRZwVZl+nn1MiqWAmMAmx7UjsqsXFDNUH4BreaG/wnvkWR+q/eap3G5EJ5B0cju B4TOVsutYczIRrSpXrm5/2RAJJ7of0fw3QP+965sD5+Z7DiuUYk5BCR9PFHdZ5CpHWZq9X sWdbVUMEFn9InxjLw1cDjEtgbx9/DURxrWCHKUxmVhc19dO8wyypcvj0kkbjQw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1660317138; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=6wHANbmiE16pfDcD9K+4ayqLaSB93Ad98T8Xt2Cd448=; b=l+Gu7mRBymA3IuSKVIbsCoirNkxU3qV3qcWKSA8ThdN4ej9N738ffwnc5nJQpoB8ukS1Xr EZUX+/CjVmQs3ohU1x+AlbhMxIUQD8zqZKy51paLWjKUvB4k807Q2vurl2faVxC9U7qbn2 +ITKv/M1Di8aN2ftj/dFC7e5RE+UObQJWxJqO67CYZsVcQ7XXCKNlePm0EAi2dKoy3ZXb+ IzMZxTy4TcEA4gnxdRN90t5r26G3DPJIzernTu76d0ziA4ZBqXY2E9OZO7Xi/+vzhi193R 8MOIRTt18g1BirPvfXc6QnvB7VGLvmCe9Qh+kJE+LghTVu43laDJMgPzawa2Tg==
ARC-Authentication-Results: i=1; rspamd-7c478d8c66-b5ntm; auth=pass smtp.auth=hostingeremail smtp.mailfrom=dhc@dcrocker.net
X-Sender-Id: hostingeremail|x-authsender|dhc@dcrocker.net
X-MC-Relay: Neutral
X-MailChannels-SenderId: hostingeremail|x-authsender|dhc@dcrocker.net
X-MailChannels-Auth-Id: hostingeremail
X-Bitter-Arch: 681de5530250a8d7_1660317138215_2920645353
X-MC-Loop-Signature: 1660317138215:2133100722
X-MC-Ingress-Time: 1660317138215
Received: from gcp-us-central1-a-smtpout3.hostinger.io (gcp-us-central1-a-smtpout3.hostinger.io [35.225.172.141]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.110.28.214 (trex/6.7.1); Fri, 12 Aug 2022 15:12:18 +0000
Received: from [192.168.0.105] (c-73-170-122-71.hsd1.ca.comcast.net [73.170.122.71]) (Authenticated sender: dhc@dcrocker.net) by smtp.hostinger.com (smtp.hostinger.com) with ESMTPSA id 4M46bg5N3Zz8J5V; Fri, 12 Aug 2022 15:12:15 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dcrocker.net; s=hostingermail-a; t=1660317137; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=6wHANbmiE16pfDcD9K+4ayqLaSB93Ad98T8Xt2Cd448=; b=NBPYAoHCLCBPe7dhEmMPAsktSrGWmPw4worCrBb9Fnp3wIH1GKVP6Vu7uCB6quiVRRzpJt zbXnUd/8OaNWtyI7og6IS6t/UZWZiifk2Q9X2TtbuKHQ6o9AG/UZ49ejquJR9MAf6dNEsW VIFuURtgY4Nn2PXcOK8lyT9GTENYQnomwXE736vYzqohgAg8The/uj4+ri+MBF7euMfjG0 jDA+PESZl63XYAxulREcGIMU0Yma60xRg/Any5Z7qvSs0FjNc0Azxy19lzNEnw9WaxLXQR 2p6mhNbhVuDumVmYF/cdgPJSYXcegTuH8iWD7V8YcY+z3ROmzbPKYJEnWy7ANw==
Message-ID: <ca56da5e-5685-8a04-70c5-0a1ee53a1e79@dcrocker.net>
Date: Fri, 12 Aug 2022 08:12:14 -0700
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.12.0
Reply-To: dcrocker@bbiw.net
Content-Language: en-US
To: Todd Herr <todd.herr=40valimail.com@dmarc.ietf.org>, "BIMI (IETF) (bimi@ietf.org)" <bimi@ietf.org>
References: <MN2PR11MB435138DB4A7161A506B8CD25F7649@MN2PR11MB4351.namprd11.prod.outlook.com> <CAHej_8=dJBgSqKaFuOoOs4mqwKUEHdwVthTn0CRx+=1O5gm2iQ@mail.gmail.com>
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
In-Reply-To: <CAHej_8=dJBgSqKaFuOoOs4mqwKUEHdwVthTn0CRx+=1O5gm2iQ@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-CM-Envelope: MS4xfAMo6KYFf272PuitsiSdoFA9E6k3WXmnLB5X+EVdKRkR4UUBxx5+htSrxkr66upZ8Uzxygdj0oMVDH2tx7f4Rab23hBFdvAbVA8DNPqxUS6BdmY5CCzn m1zMXUaIPRFxv+esnh6xqqVmEdcPVck3w2Fwa17P//4kp/+X4AvgF6I+RX3tOJ4RlUruHC9plwuN9PwNfAPYz1Qg+ZRmxqHF16r2z3r89H/8G0FFHmtvXlc/
X-CM-Analysis: v=2.4 cv=HP7Qq6hv c=1 sm=1 tr=0 ts=62f66dd1 a=RWeyNHkVnTTD7ejqcR0qZA==:117 a=RWeyNHkVnTTD7ejqcR0qZA==:17 a=IkcTkHD0fZMA:10 a=k7Ga1wGzAAAA:8 a=KTloxz31AmuPDDdhdLYA:9 a=QEXdDO2ut3YA:10 a=ijMaxGghyylP-n2pFjDB:22
Archived-At: <https://mailarchive.ietf.org/arch/msg/bimi/2Y9VpMbE5WlSg4D9_BDj_mrKN9o>
Subject: [Bimi] Affiliation Bias (was: Re: Thoughts about MUA/BIMI)
X-BeenThere: bimi@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Brand Indicators for Message Identification <bimi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bimi>, <mailto:bimi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bimi/>
List-Post: <mailto:bimi@ietf.org>
List-Help: <mailto:bimi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bimi>, <mailto:bimi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Aug 2022 15:12:43 -0000

On 8/11/2022 7:38 AM, Todd Herr wrote:
> I've got a long-standing bias toward the idea that the only 
> authentication/validation results that matter are the ones that were 
> arrived at when the message was written to the mailbox, because 
> results can be different upon subsequent checks,

Todd,

For authentication methods built primarily to be used to handle 
transit-time concerns, that bias makes sense.  When the authentication 
requirement includes functioning over extended periods of time, 
obviously it doesn't.  SPF, DKIM and DMARC encourage a bias towards 
shorter-term use because of the operational variability of DNS entries.  
It's not that a DNS entry cannot exist for a very long time; it's that 
it is so easy to change it or delete it, on a whim.

For something like Bimi, there is a danger of the tail wagging the dog.  
Rather than considering the nature of legitimate use and designing to 
accommodate it, pursue a Procrustean engineering design and operations 
model that cuts off otherwise-legitimate use cases that don't fit 
convenient technical choices. This is always a danger when starting with 
an existing technical foundation and layering on additional 
functionality, in the absence of a thorough exploration of the 
boundaries to legitimate use cases.

Relying on SPF, DKIM and DMARC for authentication certainly encourages 
an operational model that makes verification much after delivery risky. 
In a fully-integrated email platform provider model , which tightly 
couples the MUA, the delivery-time validation results can be stored with 
the message.  On the theory that the validity of displaying the logo 
long after validation is safe -- that is, assuming no problems, such as 
discovery of compromise, legal change of use authorization, or the like 
-- then storing the result for a long time is probably ok.

To that end, it's not clear why the platform provider cannot attach the 
result, etc. to the email object it hands to an unaffiliated MUA, as 
long as the details for doing this are standardized.  It's not as if the 
technical aspects of this are difficult, and it is not obvious how the 
semantics or risks are different.

To the extent that there is a concern that a result stored inside a 
tightly-integrated MUA environment is somehow trusted more that a result 
stored in an object passed to an unaffiliated MIA, my question is why?  
What makes the former more trusted than the latter?  It's possible that 
answering this question will disclose some useful aspects to the trust 
model being used here.


d/

-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net

v2.23.0 | Report a Bug | By Email