IETF Logo Mail Archive

Re: [Bimi] Proposal to Clarify Role of MUA in BIMI Evaluation

Dave Crocker <dhc@dcrocker.net> Tue, 19 July 2022 18:03 UTC

Return-Path: <dhc@dcrocker.net>
X-Original-To: bimi@ietfa.amsl.com
Delivered-To: bimi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B27AAC15A72C for <bimi@ietfa.amsl.com>; Tue, 19 Jul 2022 11:03:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dcrocker.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id maR4OkQEZejX for <bimi@ietfa.amsl.com>; Tue, 19 Jul 2022 11:03:16 -0700 (PDT)
Received: from dragonfly.birch.relay.mailchannels.net (dragonfly.birch.relay.mailchannels.net [23.83.209.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ECEC5C15A72B for <bimi@ietf.org>; Tue, 19 Jul 2022 11:03:15 -0700 (PDT)
X-Sender-Id: hostingeremail|x-authsender|dhc@dcrocker.net
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id EEAA86C219C for <bimi@ietf.org>; Tue, 19 Jul 2022 18:03:13 +0000 (UTC)
Received: from gcp-us-central1-a-smtpout1.hostinger.io (unknown [127.0.0.6]) (Authenticated sender: hostingeremail) by relay.mailchannels.net (Postfix) with ESMTPA id 4A1316C1371 for <bimi@ietf.org>; Tue, 19 Jul 2022 18:03:13 +0000 (UTC)
ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1658253793; a=rsa-sha256; cv=none; b=uo6AY4Co3DH3Eb+4/e4AukgYylf/RaFM8l89erSWS3Bqu5ycC4tbCqxphiCmhW38sCv7ev AWPoEu2G5d1tvhvBl+X1IAJ9XzF1KIP7yfSp7okSExtzXtLQGeLmEdcnv734jcxG4Wc6B3 VWsrlJEeC9twDrz7ngFqjaVGCoXEE/4gjwlS0dUwpUb0pDPMVUMSw2gQ6ce9sswxnC+RPq AQdTz1HVlq/5TS3k7SCwxtPHMmBX6qZvU5fMy2+CEz82rTQ5G8ufJ1muGtzHnXr5zK4vN5 5sHAkBrIxjXnpd6TjOBZHZQv03GH+Id5pNiZat5ix65oFFHCxsmojiORHxV1aw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1658253793; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=NOPNHv2FmDZbxbM5cejTkaq/N7wo3ZweueJ976sna4I=; b=FuKaHJHvHPfuZdcQu0Z3fOceNRnd4rBzRTXJHBnw2Ec7pRWuRahlHQM8MMKldvOma5K7dQ eJpSfRvzadEuTrxOYy2gQ8hY+AmFDswjFgR0k+enNgjwWaGqeG1AjNk14WJmFwpmDzYckT CfiiK/61ZEkJWXOuIQwq4FIExT1f5WnnvS/c7Ey2INQ+upbStaoASQUvFz+5facx2QKNiL XjpF9tQFWkmwwX4FZytO3tW53qMk60rH35spELQtus0q0lMMSqIoEJuIpWahkvk7jGhB1/ xUGAJ4zPpc2QiRhcvfFASDFCtPIhBb0fHjkjfWxS5iyBhi68QSDuu6be7L9SKg==
ARC-Authentication-Results: i=1; rspamd-674ffb986c-hjnl4; auth=pass smtp.auth=hostingeremail smtp.mailfrom=dhc@dcrocker.net
X-Sender-Id: hostingeremail|x-authsender|dhc@dcrocker.net
X-MC-Relay: Neutral
X-MailChannels-SenderId: hostingeremail|x-authsender|dhc@dcrocker.net
X-MailChannels-Auth-Id: hostingeremail
X-Tart-Illegal: 7d4c5a5f01a08bdf_1658253793642_2171224083
X-MC-Loop-Signature: 1658253793642:3416045160
X-MC-Ingress-Time: 1658253793642
Received: from gcp-us-central1-a-smtpout1.hostinger.io (gcp-us-central1-a-smtpout1.hostinger.io [35.184.15.197]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256) by 100.112.55.242 (trex/6.7.1); Tue, 19 Jul 2022 18:03:13 +0000
Received: from [192.168.0.104] (c-73-170-122-71.hsd1.ca.comcast.net [73.170.122.71]) (Authenticated sender: dhc@dcrocker.net) by smtp.hostinger.com (smtp.hostinger.com) with ESMTPSA id 4LnRWy6PtBz2d9Cj; Tue, 19 Jul 2022 18:03:10 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dcrocker.net; s=hostingermail-a; t=1658253792; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=NOPNHv2FmDZbxbM5cejTkaq/N7wo3ZweueJ976sna4I=; b=NCaDjojw97hTBt4+w/SUx+ENOsNAr1+yKqUvJsTObPJiecsAnkd76KNViTJZDYVZ3Mpw5N EQj2qGqzOQGczB4nshyJNO/w1XeKTl/hwUFbqtiO0F21nzRwjwRNhl1wW2gpFv0jLAiZr2 qgD6fgMAHsoMTwrIQVjMLXyh+kBPFAFCSNv8l+UlJbPJtOx6s+T02JtUGmAj9j89PvtTnw T6GOAhqtrCsp2YqGJmy38Ec+W2+Cf00NjRcGrHvXDp1icSMx/Ec/AIECAKCdmnWxT7VntT 82LN9Yjzwx6gQhqIo/2aV19VUDXEMQNB6nvtoMf9FzilO8NLKj3VyZtInNC2Ew==
Message-ID: <7f030278-3f9b-c8ea-f9eb-644f006cded9@dcrocker.net>
Date: Tue, 19 Jul 2022 11:03:10 -0700
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0
Reply-To: dcrocker@bbiw.net
Content-Language: en-US
To: Scott Kitterman <sklist@kitterman.com>
References: <DE61AC51-4BC3-44FF-862D-7D8ADFB3BC29@proofpoint.com> <20CBD506-7E50-4161-ADE6-64614630B1B2@proofpoint.com> <CAHej_8kridbc322MDRpxfgd+8Y2yNacxTAtvr+HF=+wevdRQhw@mail.gmail.com> <VI1PR01MB70538965904FD08A49F75C37C78C9@VI1PR01MB7053.eurprd01.prod.exchangelabs.com> <11A2B052-A26C-4A9C-9D88-72B594DA1C59@proofpoint.com> <VI1PR01MB70537BA29DA1F456B858C17FC78C9@VI1PR01MB7053.eurprd01.prod.exchangelabs.com> <6993E8B6-11A0-4AF3-A94E-044F880E56BC@proofpoint.com> <CAHej_8kjwtGE4rDrXfTpgThOD-jh7t0GK9EUnVjVZT_OJzzsvg@mail.gmail.com> <VI1PR01MB705353E36328899609DE2471C78C9@VI1PR01MB7053.eurprd01.prod.exchangelabs.com> <12a85dfe-664f-d757-0fa2-81f17c8088c2@dcrocker.net> <4e9ab94e-8675-df70-3e4b-00edcedb266e@dcrocker.net> <5DE65D46-853F-4F61-ADA7-20CB5E7E6840@kitterman.com>
From: Dave Crocker <dhc@dcrocker.net>
Cc: bimi@ietf.org
Organization: Brandenburg InternetWorking
In-Reply-To: <5DE65D46-853F-4F61-ADA7-20CB5E7E6840@kitterman.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/bimi/4ulo_0eFjj3T0FuHKBvcFeExL64>
Subject: Re: [Bimi] Proposal to Clarify Role of MUA in BIMI Evaluation
X-BeenThere: bimi@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Brand Indicators for Message Identification <bimi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bimi>, <mailto:bimi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bimi/>
List-Post: <mailto:bimi@ietf.org>
List-Help: <mailto:bimi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bimi>, <mailto:bimi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jul 2022 18:03:21 -0000

On 7/18/2022 2:13 PM, Scott Kitterman wrote:
> Typically MUAs (standalone ones anyway) don't store the results of operations like DKIM verification.  They reparse the header and revalidate as needed when a user selects the mail.  While key management actions such as key rotation are formally outside the scope of RFC 6376, such things do happen and so the accuracy of time late verification does decline over time.  It might even be hazardous to attempt if the key size is small or the private key has been made available [1].
On 7/18/2022 2:34 PM, Scott Kitterman wrote:
> In theory DKIM can be (and has been) implementated in an MUA and it generally works reasonably well when a message is received, but AIUI (and maybe I don't) to be useful for Bimi such a verification would need to be reliable over time and I have yet to see it work that way despite it being (as you suggested) theoretically fine.
>
> For something like Bimi to be a reliable indicator of anything, I think both theory and practice need to be considered (even though they're in theory the same).


Considering your comments a bit further, it appears you are suggesting 
that BIMI does not need to validate at the time of display.

d/

-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net

v2.23.0 | Report a Bug | By Email