Re: [Bimi] Proposal to Clarify Role of MUA in BIMI Evaluation
Dave Crocker <dhc@dcrocker.net> Tue, 19 July 2022 13:20 UTC
Return-Path: <dhc@dcrocker.net>
X-Original-To: bimi@ietfa.amsl.com
Delivered-To: bimi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD9B2C18871A for <bimi@ietfa.amsl.com>; Tue, 19 Jul 2022 06:20:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.422
X-Spam-Level:
X-Spam-Status: No, score=-0.422 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, URI_DOTEDU=1.685] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dcrocker.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rGOJYEHzr_So for <bimi@ietfa.amsl.com>; Tue, 19 Jul 2022 06:20:45 -0700 (PDT)
Received: from butterfly.birch.relay.mailchannels.net (butterfly.birch.relay.mailchannels.net [23.83.209.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9FEA2C16ECA9 for <bimi@ietf.org>; Tue, 19 Jul 2022 06:20:35 -0700 (PDT)
X-Sender-Id: hostingeremail|x-authsender|dhc@dcrocker.net
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id DB2FF6A12D7 for <bimi@ietf.org>; Tue, 19 Jul 2022 13:20:33 +0000 (UTC)
Received: from gcp-us-central1-a-smtpout2.hostinger.io (unknown [127.0.0.6]) (Authenticated sender: hostingeremail) by relay.mailchannels.net (Postfix) with ESMTPA id 298FD6A2538 for <bimi@ietf.org>; Tue, 19 Jul 2022 13:20:33 +0000 (UTC)
ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1658236833; a=rsa-sha256; cv=none; b=o8abpPZyPhRNmor81eHScWMTcPI/8U3vZbHx1W+sW9nP99zTCr22J4RehLYKJsg+s89uuC 9KwHdrYlnI0zKZUFyrRP0XLS+ig0Gbwu1sUhN+1AtHegBYTXTRq1Xb8d3HcGmZODN9xYkA Kah5l9SZFHmPN9HwtK6hTVaursIuBsZq7dCOyiHh/mZ0ExQkPUAO/NliZWKGE9m6KCrfyw jWfg3FBZbgmj62qX6KjX7toJKEcghceUIjR6SfM/dxm+iF/jTicyZBSWMDA0Io9D6jAHDa ny4FHIiuViDjPZcHaNIxpeZfIH+GJTZaA6BGrNe5a2ApZXdysKg+o7BIYRc8BA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1658236833; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:dkim-signature; bh=37UuRi4uxNTO7g/HaslaZ97xZNStiXGhJyUGQRkRYCU=; b=lLP7V2CJ3MgRAQmR//Gu+sjmu+tADZaerlIBeUfhgha26ONaSA3nCfQM7gQT824PAdT3f5 +Q08P9XtOyi0NtP/E2dA1qDBPh9c7LG93RKTPgph1KtwcIneI43fK3oHx/KO5UAaNoI11I MO7blHVYoE4/M7x+u+tLV5fJsoqLb7oLrbvpbmh/63uxw4zAaqi5RQZ9gYLxSyfdtkMbN1 iJZ/Sd9tcRpjrhY+UfK31wzVNp3DxaUpnHwiGkn+fXGi9j1y6HUMhsQI8s3ITru0Wt22dQ ml1WOE+5ZNTDlTnUxjDagf12lCJFuv68nn9J8xT3N/BoAS3w7sgVNhcefqwaeQ==
ARC-Authentication-Results: i=1; rspamd-689699966c-fdjdf; auth=pass smtp.auth=hostingeremail smtp.mailfrom=dhc@dcrocker.net
X-Sender-Id: hostingeremail|x-authsender|dhc@dcrocker.net
X-MC-Relay: Neutral
X-MailChannels-SenderId: hostingeremail|x-authsender|dhc@dcrocker.net
X-MailChannels-Auth-Id: hostingeremail
X-Whistle-Cure: 39aa6d70027855df_1658236833585_4109116178
X-MC-Loop-Signature: 1658236833585:1289048490
X-MC-Ingress-Time: 1658236833584
Received: from gcp-us-central1-a-smtpout2.hostinger.io (gcp-us-central1-a-smtpout2.hostinger.io [35.192.45.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256) by 100.115.45.52 (trex/6.7.1); Tue, 19 Jul 2022 13:20:33 +0000
Received: from [192.168.0.104] (c-73-170-122-71.hsd1.ca.comcast.net [73.170.122.71]) (Authenticated sender: dhc@dcrocker.net) by smtp.hostinger.com (smtp.hostinger.com) with ESMTPSA id 4LnKFn587Bz7YpHg; Tue, 19 Jul 2022 13:20:29 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dcrocker.net; s=hostingermail-a; t=1658236832; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references; bh=37UuRi4uxNTO7g/HaslaZ97xZNStiXGhJyUGQRkRYCU=; b=PpBT96ILvYm+Gr3+XyHOkbybp4HpQlv47cBN6AeMvfysfALMcT54c5mtIduf1IZ5bbizp/ 0a8pyU9DD8QcKvzexJH+LZzlYWPaE1Aoh80JrOhnC1LB+9CCoPM6yoZItcy5Kp4wyNLBjM 6NDfJQFcfPEeI267kPc5qgczcfulOPlzz8xUORoCN++5fnGRJflc6WlNd/XIwBDNok2bL5 +640k7bei+si9d31TqjHnVUqIxHXmVRH6wgjF4HV03vrgwvpj+44NbgBh7tjyABKDMfC9b JXM0E7wVijzRxVkg9zO+zkBvKE2jzTzKS6pHjlYbCg6UFdkadywAKvk4C2YqTg==
Content-Type: multipart/alternative; boundary="------------AEfJQUIFssZnPRgoftb6y5jz"
Message-ID: <0b9c845f-c661-693f-bfff-04455825bf2e@dcrocker.net>
Date: Tue, 19 Jul 2022 06:20:29 -0700
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0
Reply-To: dcrocker@bbiw.net
Content-Language: en-US
To: Ken O'Driscoll <ken@wemonitoremail.com>, Todd Herr <todd.herr=40valimail.com@dmarc.ietf.org>
Cc: "bimi@ietf.org" <bimi@ietf.org>
References: <DE61AC51-4BC3-44FF-862D-7D8ADFB3BC29@proofpoint.com> <20CBD506-7E50-4161-ADE6-64614630B1B2@proofpoint.com> <CAHej_8kridbc322MDRpxfgd+8Y2yNacxTAtvr+HF=+wevdRQhw@mail.gmail.com> <VI1PR01MB70538965904FD08A49F75C37C78C9@VI1PR01MB7053.eurprd01.prod.exchangelabs.com>
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
In-Reply-To: <VI1PR01MB70538965904FD08A49F75C37C78C9@VI1PR01MB7053.eurprd01.prod.exchangelabs.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/bimi/835ZzwtlTs5hACWMexO-85rKauw>
Subject: Re: [Bimi] Proposal to Clarify Role of MUA in BIMI Evaluation
X-BeenThere: bimi@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Brand Indicators for Message Identification <bimi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bimi>, <mailto:bimi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bimi/>
List-Post: <mailto:bimi@ietf.org>
List-Help: <mailto:bimi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bimi>, <mailto:bimi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jul 2022 13:20:49 -0000
On 7/18/2022 9:23 AM, Ken O'Driscoll wrote: > Non-affiliated MUAs already trust the MTA to deliver messages. Many > also trust the MTA to filter spam, virus, phishing etc. The MTA > authenticates the MUA. Why does BIMI require an additional MUA-level > check at all? What specific risk is it supposed to mitigate? The concept of end-to-end distinguishes end points from transport infrastructure. There should always be careful consideration of where to provide functionality -- endpoint vs. infrastructure. (*) "Trust" of the infrastructure is not monolithic. The fact that an MTA is trusted to move a message correctly does not mean that it is trusted to evaluate and vet the contents of the message. The fact that it is assigned some trust for assessing spaminess does not mean it is assigned complete trust for all aspects of the content or even all aspects of spaminess. If a design essentially requires an MUA to impart complete trust for mail content validity to the platform provider, that's quite a substantial departure from historical distributed system design choices, even though it is a common implementation choice for some popular services. At the very least, a specification should explicate its trust choices carefully and thoroughly. d/ (*) The seminal paper on this architectural design issue is: End-to-end Arguments in System Design http://web.mit.edu/Saltzer/www/publications/endtoend/endtoend.pdf This topic is often referred to as the End-to-End Principle and taken as a mandate, but the wording of the title is more nuanced, choosing 'arguments' rather than 'principle'. What it really requires is considering tradeoffs in the choices for placement. -- Dave Crocker Brandenburg InternetWorking bbiw.net
- [Bimi] Proposal to Clarify Role of MUA in BIMI Ev… Trent Adams
- Re: [Bimi] Proposal to Clarify Role of MUA in BIM… Marc Bradshaw
- Re: [Bimi] Proposal to Clarify Role of MUA in BIM… Ken O'Driscoll
- Re: [Bimi] Proposal to Clarify Role of MUA in BIM… Trent Adams
- Re: [Bimi] Proposal to Clarify Role of MUA in BIM… Ken O'Driscoll
- Re: [Bimi] Proposal to Clarify Role of MUA in BIM… Brotman, Alex
- Re: [Bimi] Proposal to Clarify Role of MUA in BIM… John C Klensin
- Re: [Bimi] Proposal to Clarify Role of MUA in BIM… Trent Adams
- Re: [Bimi] Proposal to Clarify Role of MUA in BIM… Todd Herr
- Re: [Bimi] Proposal to Clarify Role of MUA in BIM… Ken O'Driscoll
- Re: [Bimi] Proposal to Clarify Role of MUA in BIM… Trent Adams
- Re: [Bimi] Proposal to Clarify Role of MUA in BIM… Ken O'Driscoll
- Re: [Bimi] Proposal to Clarify Role of MUA in BIM… Trent Adams
- Re: [Bimi] Proposal to Clarify Role of MUA in BIM… Todd Herr
- Re: [Bimi] Proposal to Clarify Role of MUA in BIM… Ken O'Driscoll
- Re: [Bimi] Proposal to Clarify Role of MUA in BIM… Brotman, Alex
- Re: [Bimi] Proposal to Clarify Role of MUA in BIM… Dave Crocker
- Re: [Bimi] Proposal to Clarify Role of MUA in BIM… Dave Crocker
- Re: [Bimi] Proposal to Clarify Role of MUA in BIM… Scott Kitterman
- Re: [Bimi] Proposal to Clarify Role of MUA in BIM… Dave Crocker
- Re: [Bimi] Proposal to Clarify Role of MUA in BIM… Scott Kitterman
- Re: [Bimi] Proposal to Clarify Role of MUA in BIM… Dave Crocker
- Re: [Bimi] Proposal to Clarify Role of MUA in BIM… Dave Crocker
- Re: [Bimi] Proposal to Clarify Role of MUA in BIM… John C Klensin
- Re: [Bimi] Proposal to Clarify Role of MUA in BIM… Dave Crocker
- Re: [Bimi] Proposal to Clarify Role of MUA in BIM… Scott Kitterman
- Re: [Bimi] Proposal to Clarify Role of MUA in BIM… Todd Herr
- Re: [Bimi] Proposal to Clarify Role of MUA in BIM… Dave Crocker
- Re: [Bimi] Proposal to Clarify Role of MUA in BIM… Todd Herr
- Re: [Bimi] Proposal to Clarify Role of MUA in BIM… Dave Crocker
- Re: [Bimi] Proposal to Clarify Role of MUA in BIM… Todd Herr
- Re: [Bimi] Proposal to Clarify Role of MUA in BIM… Tim Hollebeek
- Re: [Bimi] Proposal to Clarify Role of MUA in BIM… Richard Clayton
- Re: [Bimi] Proposal to Clarify Role of MUA in BIM… Todd Herr
- Re: [Bimi] Proposal to Clarify Role of MUA in BIM… Richard Clayton
- Re: [Bimi] Proposal to Clarify Role of MUA in BIM… Todd Herr
- Re: [Bimi] Proposal to Clarify Role of MUA in BIM… Dave Crocker