IETF Logo Mail Archive

Re: [Bimi] Proposal to Clarify Role of MUA in BIMI Evaluation

Dave Crocker <dhc@dcrocker.net> Tue, 19 July 2022 13:20 UTC

Return-Path: <dhc@dcrocker.net>
X-Original-To: bimi@ietfa.amsl.com
Delivered-To: bimi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD9B2C18871A for <bimi@ietfa.amsl.com>; Tue, 19 Jul 2022 06:20:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.422
X-Spam-Level:
X-Spam-Status: No, score=-0.422 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, URI_DOTEDU=1.685] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dcrocker.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rGOJYEHzr_So for <bimi@ietfa.amsl.com>; Tue, 19 Jul 2022 06:20:45 -0700 (PDT)
Received: from butterfly.birch.relay.mailchannels.net (butterfly.birch.relay.mailchannels.net [23.83.209.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9FEA2C16ECA9 for <bimi@ietf.org>; Tue, 19 Jul 2022 06:20:35 -0700 (PDT)
X-Sender-Id: hostingeremail|x-authsender|dhc@dcrocker.net
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id DB2FF6A12D7 for <bimi@ietf.org>; Tue, 19 Jul 2022 13:20:33 +0000 (UTC)
Received: from gcp-us-central1-a-smtpout2.hostinger.io (unknown [127.0.0.6]) (Authenticated sender: hostingeremail) by relay.mailchannels.net (Postfix) with ESMTPA id 298FD6A2538 for <bimi@ietf.org>; Tue, 19 Jul 2022 13:20:33 +0000 (UTC)
ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1658236833; a=rsa-sha256; cv=none; b=o8abpPZyPhRNmor81eHScWMTcPI/8U3vZbHx1W+sW9nP99zTCr22J4RehLYKJsg+s89uuC 9KwHdrYlnI0zKZUFyrRP0XLS+ig0Gbwu1sUhN+1AtHegBYTXTRq1Xb8d3HcGmZODN9xYkA Kah5l9SZFHmPN9HwtK6hTVaursIuBsZq7dCOyiHh/mZ0ExQkPUAO/NliZWKGE9m6KCrfyw jWfg3FBZbgmj62qX6KjX7toJKEcghceUIjR6SfM/dxm+iF/jTicyZBSWMDA0Io9D6jAHDa ny4FHIiuViDjPZcHaNIxpeZfIH+GJTZaA6BGrNe5a2ApZXdysKg+o7BIYRc8BA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1658236833; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:dkim-signature; bh=37UuRi4uxNTO7g/HaslaZ97xZNStiXGhJyUGQRkRYCU=; b=lLP7V2CJ3MgRAQmR//Gu+sjmu+tADZaerlIBeUfhgha26ONaSA3nCfQM7gQT824PAdT3f5 +Q08P9XtOyi0NtP/E2dA1qDBPh9c7LG93RKTPgph1KtwcIneI43fK3oHx/KO5UAaNoI11I MO7blHVYoE4/M7x+u+tLV5fJsoqLb7oLrbvpbmh/63uxw4zAaqi5RQZ9gYLxSyfdtkMbN1 iJZ/Sd9tcRpjrhY+UfK31wzVNp3DxaUpnHwiGkn+fXGi9j1y6HUMhsQI8s3ITru0Wt22dQ ml1WOE+5ZNTDlTnUxjDagf12lCJFuv68nn9J8xT3N/BoAS3w7sgVNhcefqwaeQ==
ARC-Authentication-Results: i=1; rspamd-689699966c-fdjdf; auth=pass smtp.auth=hostingeremail smtp.mailfrom=dhc@dcrocker.net
X-Sender-Id: hostingeremail|x-authsender|dhc@dcrocker.net
X-MC-Relay: Neutral
X-MailChannels-SenderId: hostingeremail|x-authsender|dhc@dcrocker.net
X-MailChannels-Auth-Id: hostingeremail
X-Whistle-Cure: 39aa6d70027855df_1658236833585_4109116178
X-MC-Loop-Signature: 1658236833585:1289048490
X-MC-Ingress-Time: 1658236833584
Received: from gcp-us-central1-a-smtpout2.hostinger.io (gcp-us-central1-a-smtpout2.hostinger.io [35.192.45.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256) by 100.115.45.52 (trex/6.7.1); Tue, 19 Jul 2022 13:20:33 +0000
Received: from [192.168.0.104] (c-73-170-122-71.hsd1.ca.comcast.net [73.170.122.71]) (Authenticated sender: dhc@dcrocker.net) by smtp.hostinger.com (smtp.hostinger.com) with ESMTPSA id 4LnKFn587Bz7YpHg; Tue, 19 Jul 2022 13:20:29 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dcrocker.net; s=hostingermail-a; t=1658236832; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references; bh=37UuRi4uxNTO7g/HaslaZ97xZNStiXGhJyUGQRkRYCU=; b=PpBT96ILvYm+Gr3+XyHOkbybp4HpQlv47cBN6AeMvfysfALMcT54c5mtIduf1IZ5bbizp/ 0a8pyU9DD8QcKvzexJH+LZzlYWPaE1Aoh80JrOhnC1LB+9CCoPM6yoZItcy5Kp4wyNLBjM 6NDfJQFcfPEeI267kPc5qgczcfulOPlzz8xUORoCN++5fnGRJflc6WlNd/XIwBDNok2bL5 +640k7bei+si9d31TqjHnVUqIxHXmVRH6wgjF4HV03vrgwvpj+44NbgBh7tjyABKDMfC9b JXM0E7wVijzRxVkg9zO+zkBvKE2jzTzKS6pHjlYbCg6UFdkadywAKvk4C2YqTg==
Content-Type: multipart/alternative; boundary="------------AEfJQUIFssZnPRgoftb6y5jz"
Message-ID: <0b9c845f-c661-693f-bfff-04455825bf2e@dcrocker.net>
Date: Tue, 19 Jul 2022 06:20:29 -0700
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0
Reply-To: dcrocker@bbiw.net
Content-Language: en-US
To: Ken O'Driscoll <ken@wemonitoremail.com>, Todd Herr <todd.herr=40valimail.com@dmarc.ietf.org>
Cc: "bimi@ietf.org" <bimi@ietf.org>
References: <DE61AC51-4BC3-44FF-862D-7D8ADFB3BC29@proofpoint.com> <20CBD506-7E50-4161-ADE6-64614630B1B2@proofpoint.com> <CAHej_8kridbc322MDRpxfgd+8Y2yNacxTAtvr+HF=+wevdRQhw@mail.gmail.com> <VI1PR01MB70538965904FD08A49F75C37C78C9@VI1PR01MB7053.eurprd01.prod.exchangelabs.com>
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
In-Reply-To: <VI1PR01MB70538965904FD08A49F75C37C78C9@VI1PR01MB7053.eurprd01.prod.exchangelabs.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/bimi/835ZzwtlTs5hACWMexO-85rKauw>
Subject: Re: [Bimi] Proposal to Clarify Role of MUA in BIMI Evaluation
X-BeenThere: bimi@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Brand Indicators for Message Identification <bimi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bimi>, <mailto:bimi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bimi/>
List-Post: <mailto:bimi@ietf.org>
List-Help: <mailto:bimi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bimi>, <mailto:bimi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jul 2022 13:20:49 -0000

On 7/18/2022 9:23 AM, Ken O'Driscoll wrote:
> Non-affiliated MUAs already trust the MTA to deliver messages. Many 
> also trust the MTA to filter spam, virus, phishing etc. The MTA 
> authenticates the MUA. Why does BIMI require an additional MUA-level 
> check at all? What specific risk is it supposed to mitigate?


The concept of end-to-end distinguishes end points from transport 
infrastructure.  There should always be careful consideration of where 
to provide functionality -- endpoint vs. infrastructure. (*)

"Trust" of the infrastructure is not monolithic.  The fact that an MTA 
is trusted to move a message correctly does not mean that it is trusted 
to evaluate and vet the contents of the message. The fact that it is 
assigned some trust for assessing spaminess does not mean it is assigned 
complete trust for all aspects of the content or even all aspects of 
spaminess.

If a design essentially requires an MUA to impart complete trust for 
mail content validity to the platform provider, that's quite a 
substantial departure from historical distributed system design choices, 
even though it is a common implementation choice for some popular services.

At the very least, a specification should explicate its trust choices 
carefully and thoroughly.

d/



(*) The seminal paper on this architectural design issue is:

End-to-end Arguments in System Design
http://web.mit.edu/Saltzer/www/publications/endtoend/endtoend.pdf

This topic is often referred to as the End-to-End Principle and taken as 
a mandate, but the wording of the title is more nuanced, choosing 
'arguments' rather than 'principle'. What it really requires is 
considering tradeoffs in the choices for placement.

-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net

v2.23.0 | Report a Bug | By Email