IETF Logo Mail Archive

Re: [Bimi] Thoughts about MUA/BIMI

John C Klensin <john-ietf@jck.com> Thu, 11 August 2022 17:03 UTC

Return-Path: <john-ietf@jck.com>
X-Original-To: bimi@ietfa.amsl.com
Delivered-To: bimi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B5A9C16ED13; Thu, 11 Aug 2022 10:03:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KN6yz7rKMxpi; Thu, 11 Aug 2022 10:03:21 -0700 (PDT)
Received: from bsa2.jck.com (bsa2.jck.com [70.88.254.51]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C427BC15C53F; Thu, 11 Aug 2022 10:03:20 -0700 (PDT)
Received: from [198.252.137.10] (helo=PSB) by bsa2.jck.com with esmtp (Exim 4.82 (FreeBSD)) (envelope-from <john-ietf@jck.com>) id 1oMBaS-000Jzq-AQ; Thu, 11 Aug 2022 13:03:12 -0400
Date: Thu, 11 Aug 2022 13:03:06 -0400
From: John C Klensin <john-ietf@jck.com>
To: Todd Herr <todd.herr=40valimail.com@dmarc.ietf.org>, "BIMI (IETF) (bimi@ietf.org)" <bimi@ietf.org>
Message-ID: <47678B48180D55E47891403F@PSB>
In-Reply-To: <CAHej_8=dJBgSqKaFuOoOs4mqwKUEHdwVthTn0CRx+=1O5gm2iQ@mail.gmail.com>
References: <MN2PR11MB435138DB4A7161A506B8CD25F7649@MN2PR11MB4351.namprd11.prod.outlook.com> <CAHej_8=dJBgSqKaFuOoOs4mqwKUEHdwVthTn0CRx+=1O5gm2iQ@mail.gmail.c om>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-SA-Exim-Connect-IP: 198.252.137.10
X-SA-Exim-Mail-From: john-ietf@jck.com
X-SA-Exim-Scanned: No (on bsa2.jck.com); SAEximRunCond expanded to false
Archived-At: <https://mailarchive.ietf.org/arch/msg/bimi/CdWJFwFk5WXY03ap1HrldLpRmUY>
Subject: Re: [Bimi] Thoughts about MUA/BIMI
X-BeenThere: bimi@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Brand Indicators for Message Identification <bimi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bimi>, <mailto:bimi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bimi/>
List-Post: <mailto:bimi@ietf.org>
List-Help: <mailto:bimi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bimi>, <mailto:bimi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Aug 2022 17:03:22 -0000


--On Thursday, August 11, 2022 10:38 -0400 Todd Herr
<todd.herr=40valimail.com@dmarc.ietf.org> wrote:

> On Thu, Aug 11, 2022 at 10:21 AM Brotman, Alex <Alex_Brotman=
> 40comcast.com@dmarc.ietf.org> wrote:
> 
>> In thinking more about the MUA proposal, we are trying to
>> find a solution for the case where an unaffiliated[1] MUA
>> would like to be able to either independently validate
>> message authentication details (to support DMARC), or rely
>> upon the validation process from the MBP.
>> 
>> [snip]
>> 
> 
> I've got a long-standing bias toward the idea that the only
> authentication/validation results that matter are the ones
> that were arrived at when the message was written to the
> mailbox, because results can be different upon subsequent
> checks, mainly due to potential differences in the
> resolvability and content of the various DNS records retrieved
> during the validation processes.

I have the same bias, but it leads me to a different place.
That, again, is to conclude that the BIMI data is content
information, best expressed as a body part.  Body parts,
signatures over them, and other validation are far more stable
than header fields and combinations of them.  And, of course,
they do not require interactions with DMARC at all.  In
addition, body parts generally survive message forwarding, which
ought to be an advantage in this case.

> In this case, my bias would argue for the unaffiliated MUA to
> do no validation, and instead rely on signals inserted in the
> message by the MBP at the time of delivery.

Which turns things into a very complex "who do you trust"
problem in which transmitting a BIMI not only requires an
affiliated MUA but an affiliated MBP that can prove its
trustworthiness to both the receiving user/MUA (which we usually
assume, but it is not hard to imagine attacks) and to the
originating or brand-attaching system(s).

> I recognize, however, that this method is fraught with peril,
> specifically due to the possibility of forged headers inserted
> by abusers and ignored by MBPs that are not BIMI-aware. I also
> recognize that the idea of results changing due to new
> information being available is not always a bad thing, as I
> recall some MBPs in the past talking about automatically moving
> messages from the Inbox to the Spam folder based on new
> information learned after the message was written to the
> mailbox (assuming, of course, that the message had not yet
> been seen by the recipient).

Yes, all of the above.

> On the other hand, I also recognize that attempts by an MUA to
> perform authentication/validation checks on messages are
> perhaps not as thorough (Alex's message recommends against
> doing any SPF check) and that the DKIM result might
> erroneously be "fail" due to changes made by the MBP during
> writing of the message to the mailbox, even if it passed DKIM
> checks performed by the MBP.
> 
> I'm trying to talk myself out of my bias, but I can't get
> there yet, because I can't yet see a way for the unaffiliated
> MUA to get the same results as the MBP got at the time of
> delivery.

And, again, that leads me in the direction of a body part and
special content type and not having to mess with or rely on
message header information at all.

 best,
   john

v2.23.0 | Report a Bug | By Email