IETF Logo Mail Archive

Re: [Bimi] Proposal to Clarify Role of MUA in BIMI Evaluation

Dave Crocker <dhc@dcrocker.net> Mon, 18 July 2022 21:43 UTC

Return-Path: <dhc@dcrocker.net>
X-Original-To: bimi@ietfa.amsl.com
Delivered-To: bimi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DEC3AC157B3A for <bimi@ietfa.amsl.com>; Mon, 18 Jul 2022 14:43:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dcrocker.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QgNqkyxfccHF for <bimi@ietfa.amsl.com>; Mon, 18 Jul 2022 14:43:23 -0700 (PDT)
Received: from butterfly.birch.relay.mailchannels.net (butterfly.birch.relay.mailchannels.net [23.83.209.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 01874C14CF15 for <bimi@ietf.org>; Mon, 18 Jul 2022 14:43:22 -0700 (PDT)
X-Sender-Id: hostingeremail|x-authsender|dhc@dcrocker.net
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id D73578E1897 for <bimi@ietf.org>; Mon, 18 Jul 2022 21:43:21 +0000 (UTC)
Received: from gcp-us-central1-a-smtpout2.hostinger.io (unknown [127.0.0.6]) (Authenticated sender: hostingeremail) by relay.mailchannels.net (Postfix) with ESMTPA id 147DB8E17E4 for <bimi@ietf.org>; Mon, 18 Jul 2022 21:43:21 +0000 (UTC)
ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1658180601; a=rsa-sha256; cv=none; b=NRiwyhHWh3RiXB7/y/wzNwGMFOcE9o+y4NqfBG/s9XOjRcfS+Mf+rDwCi9gZ0b4n0qArb4 HMIfHewfV6HCiXhZJAY4xBYkkA0kOi9svyhD/mbMN3tclJHc/4N+9m9G6Rb6SMgKd9gGSp LKsJmKHMU7+v4GIDyO85BAdVsHXIjYyrvQtz1x1Kh0c2KMFq96h8QQo4tqMDoFQpTyvq3z Dqy5fL52GjTvgREMp+drBb+UIpse4dnpgIJNfXyNjlLVXvqTBhhxmJ4gbcxP+XdC9wEp7Y 4wqrSIHm6Ca/2YE8TMqgO4VI08ddRZUl/O1NoAl+9UxkynAHg2HhH5e1AvA2Aw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1658180601; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:dkim-signature; bh=qSTsGwcC2ezhPokqsGujlUYuOf/9D/jNzoq63CcArAM=; b=2yJKKvmVv64oLvDVqQ0K5HWcdA60hC5RO6EHMGT64Ptqq2N8KH5+wKGICSxO9WwjCCkIWx yBUb63Nyn8MQRsrRqWNbsEO5oOE+POF3JYcHfHcGaQo6jNG7nq+YMDG6+MC8KAXheGJdOw hd5GemvG6NgNNL0LNNZ4vh5AKmHoXPj+xoHcTY9xSeRE78CO3mHsMzBLr31uMZn0BDituz 9xC487A/IBmSwMgj9FplO/CJJNmfQVLuxg/de1BDNW9Qei1vhdGx/LGuk9mNj/z2ansgOK d2Xnw8+5MrGT0leek/jSQrwC1cR3ftMAWqDpzo2n+NlpbSwCTY1yn9vm5qz8bw==
ARC-Authentication-Results: i=1; rspamd-689699966c-f6s97; auth=pass smtp.auth=hostingeremail smtp.mailfrom=dhc@dcrocker.net
X-Sender-Id: hostingeremail|x-authsender|dhc@dcrocker.net
X-MC-Relay: Neutral
X-MailChannels-SenderId: hostingeremail|x-authsender|dhc@dcrocker.net
X-MailChannels-Auth-Id: hostingeremail
X-Society-White: 07952ca939aa5e27_1658180601511_2020714724
X-MC-Loop-Signature: 1658180601511:2546012687
X-MC-Ingress-Time: 1658180601511
Received: from gcp-us-central1-a-smtpout2.hostinger.io (gcp-us-central1-a-smtpout2.hostinger.io [35.192.45.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256) by 100.115.45.52 (trex/6.7.1); Mon, 18 Jul 2022 21:43:21 +0000
Received: from [192.168.0.104] (c-73-170-122-71.hsd1.ca.comcast.net [73.170.122.71]) (Authenticated sender: dhc@dcrocker.net) by smtp.hostinger.com (smtp.hostinger.com) with ESMTPSA id 4LmwSR089jz7YpHR; Mon, 18 Jul 2022 21:43:18 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dcrocker.net; s=hostingermail-a; t=1658180600; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references; bh=qSTsGwcC2ezhPokqsGujlUYuOf/9D/jNzoq63CcArAM=; b=iRe7L2Arez9pmy0rp753/1FRYIQ1RX/MOfRvxwCkLWdIeptNdP5H5dAIcwyvzBeOSIa/+/ V0SbIvw1Qwx+ldw3M+WmUwokS7tyx7gNBBpdcP52/XIWCCZBWLcMWAVlu/wcByAX9mywwm vokzsV/mgcoFyXjEoKeQrmIuu9PaZBZ0uv87QlHkqE8kdxoxRBmBuLXRH4QkDDS5eeY1jh JD/UqJAkGQjDr1mCpEpDHJ7sQa7RAIQ7qQV7aJOU/auRweUeorTDelQxub03zf0YrE8h1f VbczGCk35BMiWZmwNuVV0wKhvWO9pmzbzrxj00e+HtcjLSLAxj9iRDCVMUKwoQ==
Content-Type: multipart/alternative; boundary="------------SBqOpzf6HwcopD3jW6KACWUW"
Message-ID: <3b7be8ae-7cef-8131-27b8-10aff13c66a7@dcrocker.net>
Date: Mon, 18 Jul 2022 14:43:18 -0700
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0
Reply-To: dcrocker@bbiw.net
Content-Language: en-US
To: Scott Kitterman <sklist@kitterman.com>
References: <DE61AC51-4BC3-44FF-862D-7D8ADFB3BC29@proofpoint.com> <20CBD506-7E50-4161-ADE6-64614630B1B2@proofpoint.com> <CAHej_8kridbc322MDRpxfgd+8Y2yNacxTAtvr+HF=+wevdRQhw@mail.gmail.com> <VI1PR01MB70538965904FD08A49F75C37C78C9@VI1PR01MB7053.eurprd01.prod.exchangelabs.com> <11A2B052-A26C-4A9C-9D88-72B594DA1C59@proofpoint.com> <VI1PR01MB70537BA29DA1F456B858C17FC78C9@VI1PR01MB7053.eurprd01.prod.exchangelabs.com> <6993E8B6-11A0-4AF3-A94E-044F880E56BC@proofpoint.com> <CAHej_8kjwtGE4rDrXfTpgThOD-jh7t0GK9EUnVjVZT_OJzzsvg@mail.gmail.com> <VI1PR01MB705353E36328899609DE2471C78C9@VI1PR01MB7053.eurprd01.prod.exchangelabs.com> <12a85dfe-664f-d757-0fa2-81f17c8088c2@dcrocker.net> <4e9ab94e-8675-df70-3e4b-00edcedb266e@dcrocker.net> <5DE65D46-853F-4F61-ADA7-20CB5E7E6840@kitterman.com> <7e0642ce-17ed-f87a-d15f-74acb690b93e@dcrocker.net> <BF763EBC-6435-4DCB-BC59-A061D8973694@kitterman.com>
From: Dave Crocker <dhc@dcrocker.net>
Cc: bimi@ietf.org
Organization: Brandenburg InternetWorking
In-Reply-To: <BF763EBC-6435-4DCB-BC59-A061D8973694@kitterman.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/bimi/5gH6KyiDtD4L3ZQeZs3rWvVS1TA>
Subject: Re: [Bimi] Proposal to Clarify Role of MUA in BIMI Evaluation
X-BeenThere: bimi@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Brand Indicators for Message Identification <bimi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bimi>, <mailto:bimi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bimi/>
List-Post: <mailto:bimi@ietf.org>
List-Help: <mailto:bimi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bimi>, <mailto:bimi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Jul 2022 21:43:28 -0000

On 7/18/2022 2:34 PM, Scott Kitterman wrote:
>> That's nice.  How is it relevant to what I posted?
>>> They reparse the header and revalidate as needed when a user selects the mail.  While key management actions such as key rotation are formally outside the scope of RFC 6376, such things do happen and so the accuracy of time late verification does decline over time.  It might even be hazardous to attempt if the key size is small or the private key has been made available [1].
>> Same question.
> In theory DKIM can be (and has been) implementated in an MUA and it generally works reasonably well when a message is received, but AIUI (and maybe I don't) to be useful for Bimi such a verification would need to be reliable over time and I have yet to see it work that way despite it being (as you suggested) theoretically fine.
>
> For something like Bimi to be a reliable indicator of anything, I think both theory and practice need to be considered (even though they're in theory the same).


OK.  So I made some basic architectural points, noting a distinction 
from implementation choices and you commented on possible implementation 
issues.

d/

-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net

v2.23.0 | Report a Bug | By Email