Re: [Bimi] Fwd: bimi Digest, Vol 10, Issue 2
Jakub Olexa <jakub@mailkit.com> Fri, 30 July 2021 16:25 UTC
Return-Path: <jakub@mailkit.com>
X-Original-To: bimi@ietfa.amsl.com
Delivered-To: bimi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C9D43A3073 for <bimi@ietfa.amsl.com>; Fri, 30 Jul 2021 09:25:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.588
X-Spam-Level:
X-Spam-Status: No, score=-1.588 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001, URI_NOVOWEL=0.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mailkit.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BPeQ3T0kF_BD for <bimi@ietfa.amsl.com>; Fri, 30 Jul 2021 09:24:55 -0700 (PDT)
Received: from mail.mailkit.eu (mail.mailkit.eu [185.136.200.19]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4719B3A3072 for <bimi@ietf.org>; Fri, 30 Jul 2021 09:24:54 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.mailkit.eu (Postfix) with ESMTP id CBCE820447 for <bimi@ietf.org>; Fri, 30 Jul 2021 18:24:50 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at mailkit.eu
Received: from mail.mailkit.eu ([127.0.0.1]) by localhost (mail.mailkit.eu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jZwPnVkSIliX for <bimi@ietf.org>; Fri, 30 Jul 2021 18:24:46 +0200 (CEST)
To: bimi@ietf.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mailkit.com; s=mk-2; t=1627662286; bh=+2pB8f4frIhEUFNt0HfswdkxN6iucpCO174ZbrnqNmY=; h=To:References:From:Subject:Date:In-Reply-To; b=lyMp4YfmHXIwZYOAc6E9BJLZVKcBRIXdDMQyoiQX64BRKMThqe7aQy8f17H/KZRPm 5dEm0c9HyZP/uAZ8SL9lzTI+zJqR0xc+wOpQcsjgwpeJ2kv5C/cdhq3fM47Nlpt6+2 BSMhOZF+llbIO5mbtsltn21IeD/xNRFo+i5eF9Pil3Une2CsB+aWS554S0zQb2G5YH Hlvn9wuq+T3nydh4+warQISepFsl8qTdO0qTb3LDMkLyBNZcq85vVlUnbXwkWM3TyA LeJBhdjwPmR3Wg6ANuiGfc5lU9cL009XOsvLbYJZX81jlyxgjl6h9Bg27Oa8Z3phIM Nd/Zxbr+4Alqg==
References: <mailman.3635.1627587941.6855.bimi@ietf.org> <CAFLkOerrax+qYyaR_u1SJH6xQH_asxqbzd=rb4AWKwYudZodCw@mail.gmail.com> <MN2PR11MB435147F86056FB81D919657EF7EC9@MN2PR11MB4351.namprd11.prod.outlook.com> <CAFLkOerqLfm8rqcCDOkrS=9S3XV41exDSOMB_zndYaC6NKuGSw@mail.gmail.com>
From: Jakub Olexa <jakub@mailkit.com>
Organization: Mailkit
Message-ID: <e735630f-c539-cc33-8ff4-4dfaf932917e@mailkit.com>
Date: Fri, 30 Jul 2021 18:24:46 +0200
MIME-Version: 1.0
In-Reply-To: <CAFLkOerqLfm8rqcCDOkrS=9S3XV41exDSOMB_zndYaC6NKuGSw@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------AB4AD04E6D6D3A9386CF1402"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/bimi/GAvf33acPlplD3-hagcKvgFo0Wk>
Subject: Re: [Bimi] Fwd: bimi Digest, Vol 10, Issue 2
X-BeenThere: bimi@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Brand Indicators for Message Identification <bimi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bimi>, <mailto:bimi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bimi/>
List-Post: <mailto:bimi@ietf.org>
List-Help: <mailto:bimi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bimi>, <mailto:bimi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Jul 2021 16:25:01 -0000
Hi Marcel,
i'm missing the check for the SVG logo. Do you intend to fully rely on
VMC itself? I believe I have raised this topic before but if not - not
checking that the SVG stored in VMC matches the logo in l= brings
potential risks and most imporantly allows for misaligned logos across
services. Allowing brands to create BIMI records that would return
different logos in l= and a= could result in bad user experience and
even VMC abuse. fetching the l= logo should not be an option but
mandatory and the draft is clear on the fact that it's required. At
least that's how I read the assertion discovery part and I believe that
it makes no sense to permit different logo in l= and a= and not checking
for the alignment of the 2 logos could lead to abuse.
If the retrieved Assertion Record does not include a valid bimi-
location in the l= tag, then Indicator Discovery has failed, and
the Indicator MUST NOT be displayed. The bimi-location entry
MUST be a URI with a HTTPS transport.
Jakub Olexa
Founder & CEO
E-mail: jakub@mailkit.com <mailto:jakub@mailkit.com>
Tel: +420 777 744 440 <tel:+420777744440>
Mailkit - Closing the circle between Deliverability and Engagement
<https://www.mailkit.com>
On 30.07.2021 16:45, Marcel Bokhorst wrote:
>
> I understood that always "xfinity.com <http://xfinity.com>" should be
> checked and never subdomains like "emails.xfinity.com
> <http://emails.xfinity.com>". Am I wrong?
>
> "/Everything checks out/" means:
>
> * The VMC could be downloaded from location referenced in the BIMI
> TXT record
> * The certificate chain up to a known CA certificate is valid
> * The certificate is of the right type (BIMI)
> * The DNS name of the certificate matches the domain name of the
> sender and of the BIMI DNS record
> * A logo is present and could be extracted from the certificate
> * The /Authentication-Results/ header says "pass" for DKIM, SPF and
> DMARC
> * The DMARC DNS record policy is "reject" or "quarantine"
>
>
>
>
>
> Op vr 30 jul. 2021 om 15:19 schreef Brotman, Alex
> <Alex_Brotman@comcast.com <mailto:Alex_Brotman@comcast.com>>:
>
> Consider “emails.xfinity.com <http://emails.xfinity.com>”. We
> didn’t want BIMI on “xfinity.com <http://xfinity.com>”, but just
> that sub-domain (for now). There is no BIMI record at
> “xfinity.com <http://xfinity.com>”, though it does exist at
> “emails.xfinity.com <http://emails.xfinity.com>”. I believe this
> is covered in the drafts.
>
> The flag could be nice, but again, that only covers IMAP. What
> about POP (or MAPI) users? The cryptographic solution may be more
> intensive, but seems like it may make BIMI more available (but
> yes, at the expense of mobile CPU).
>
> Could you elaborate on the “everything checks out” from your
> section about evaluation?
>
> --
>
> Alex Brotman
>
> Sr. Engineer, Anti-Abuse & Messaging Policy
>
> Comcast
>
> *From:* bimi <bimi-bounces@ietf.org
> <mailto:bimi-bounces@ietf.org>> *On Behalf Of * Marcel Bokhorst
> *Sent:* Friday, July 30, 2021 3:57 AM
> *To:* bimi@ietf.org <mailto:bimi@ietf.org>
> *Subject:* [Bimi] Fwd: bimi Digest, Vol 10, Issue 2
>
> FairEmail will not rely on the BIMI-Location header because this
> requires support from the email server. Instead, FairEmail will
> use the logo in the VMC and fallback to the DNS record logo
> location if needed (logo missing in the VMC, etc). The logo will
> always be shown, but the verified sender icon (a double check mark
> before the sender's name) will be shown only when everything
> checks out.
>
>
> I think it would be a good idea to summarize the steps to follow
> to fetch/decode/check BIMI because I think it will make it easier
> for developers to implement BIMI and to do this in the right way.
>
> The BIMI TXT record is always being fetched from the top level
> domain (example.org
> <https://urldefense.com/v3/__http:/example.org__;!!CQl3mcHX2A!QOleDIsQOkjN3HXlKrItrq62gf5-G3hak8l7aDR3RAX6gQqWqTVXcLfIwcPA3DMVHSX2WGk$>).
> I hope this is correct.
>
> An IMAP flag would be nice, but I guess it will take quite some
> time until all email servers are supporting this. Something like a
> signed authentication results header would be nice, as long as it
> can be checked in a simple and efficient way. For example heavy
> cryptographic operations and looking up DNS records (for
> certificates, etc) would result in slow downs and increased
> battery usage when downloading many messages.
>
> Currently, the authentication header inserted by the email server
> is just being trusted, but this relies on either inserting the
> header by the receiving email server or removing previous headers
> of intermediate email servers.
>
> FairEmail will cache the logo for two weeks, which is the same as
> for favicons. IMHO this is a reasonable default, preventing logos
> from being fetched too often and still allowing to change the logo
> by the sender (which I guess won't happen too often).
>
> I hope this clarifies things, else feel free to reply.
>
> Marcel Bokhorst (author of FairEmail)
>
>
> ---------- Forwarded message ----------
> From: "Brotman, Alex" <Alex_Brotman@comcast.com
> <mailto:Alex_Brotman@comcast.com>>
> To: Trent Adams <tadams=40proofpoint.com@dmarc.ietf.org
> <mailto:40proofpoint.com@dmarc.ietf.org>>, "bimi@ietf.org
> <mailto:bimi@ietf.org>" <bimi@ietf.org <mailto:bimi@ietf.org>>
> Cc:
> Bcc:
> Date: Thu, 29 Jul 2021 19:45:04 +0000
> Subject: Re: [Bimi] Independent BIMI-capable Email Client
>
> I do have that app, but I haven’t yet pointed it at a platform
> utilizing BIMI. I’ll make a note to give it a try.
>
> From below:
>
> * They aren't entirely clear on how (or why) to evaluate a logo
> referenced by the BIMI record and the one retrieved from a VMC.
>
> What about the BIMI-Location header instance, if present?
> (assuming you want to trust that header, etc). After that, I’d
> probably use the VMC if present. Should we add an evaluation path
> to the core document?
>
> * It's also not all that clear where to retrieve the BIMI logo
> when the email is sent from a subdomain, and match that up
> with the DMARC results.
>
> I’m not sure I follow the issue here. Is there some example that
> shows the questionable path?
>
> * There's also the question about whether or not an independent
> client can/should trust the authentication results performed
> by the mailbox provider when deciding to display the BIMI logo.
>
> If you go back to -00 of the core spec, there was an IMAP flag
> that was meant to be set (Section 8.6). That was removed in -01.
> I don’t recall the justification, but may have had to do with MUA
> workload. Seems like the IMAP flag could be reintroduced (POP3
> would be an issue though). Or perhaps something akin to a DKIM
> signature signed by the inbound MTA that could be verified by the
> MUA. The latter could potentially be reused though?
>
> * There is a non-zero addition of processing required by the
> client to handle BIMI, leading to the question about what
> impact this may have on a client... and what efficiencies can
> be introduced with local caching (if any).
>
> I’d think at least equivalent to the TTL of the BIMI DNS record,
> perhaps even up to the expiration of the VMC (though I could
> understand where a domain holder could refresh their VMC and
> change logos, etc). I’m sure there’s a better answer somewhere in
> between.
>
> --
>
> Alex Brotman
>
> Sr. Engineer, Anti-Abuse & Messaging Policy
>
> Comcast
>
> *From:* bimi <bimi-bounces@ietf.org
> <mailto:bimi-bounces@ietf.org>> *On Behalf Of *Trent Adams
> *Sent:* Friday, July 23, 2021 5:36 PM
> *To:* bimi@ietf.org <mailto:bimi@ietf.org>
> *Subject:* [Bimi] Independent BIMI-capable Email Client
>
> Since Gmail's announcement, more companies are starting to play
> around with BIMI (no surprise there). And, as expected, the
> increased attention is helping to put more eyeballs on the experiment.
>
> And while some of the major mailbox providers are adding BIMI
> support to their own mobile clients, I ran into a FOSS project run
> by a developer in the Netherlands who has already added BIMI to
> their independent mobile mail client.
>
> If you get a chance, I'd suggest taking a look at their FairEmail
> implementation as they made some interesting choices:
>
> https://email.faircode.eu/
> <https://urldefense.com/v3/__https:/email.faircode.eu/__;!!CQl3mcHX2A!UUyJEN3_Ay0ac-Ux9txqVoPDIfnSSmOT5S-OCXjjRVeXJEEqrPRjGUg2a_oFLJHfdsADeC4$>
>
> The current Android client package can be downloaded from their
> GitHub repository:
>
> https://github.com/M66B/FairEmail/releases
> <https://urldefense.com/v3/__https:/github.com/M66B/FairEmail/releases__;!!CQl3mcHX2A!UUyJEN3_Ay0ac-Ux9txqVoPDIfnSSmOT5S-OCXjjRVeXJEEqrPRjGUg2a_oFLJHf2gwnAj4$>
>
> So far, they've already found some useful results from their
> experiment. And now we're finally at a point where we can test
> the architecture (and pressure-test the specifications) beyond the
> handful of usual suspects.
>
> For example, here're a few issues this work as already surfaced
> when interpreting the specifications [1] [2] [3]:
>
> * They aren't entirely clear on how (or why) to evaluate a logo
> referenced by the BIMI record and the one retrieved from a VMC.
> * It's also not all that clear where to retrieve the BIMI logo
> when the email is sent from a subdomain, and match that up
> with the DMARC results.
> * There's also the question about whether or not an independent
> client can/should trust the authentication results performed
> by the mailbox provider when deciding to display the BIMI logo.
> * There is a non-zero addition of processing required by the
> client to handle BIMI, leading to the question about what
> impact this may have on a client... and what efficiencies can
> be introduced with local caching (if any).
>
> What I found most interesting was how the specifications assume a
> tight coupling between the client and the mailbox provider. It
> definitely opens the question of whether it's possible (or
> recommended) for an independent client to support BIMI even for
> email received by mailbox providers that don't support it. It's
> real-world interop testing like this that I hope will highlight
> issues that need to be discussed as the experiment continues.
>
> Also, if anyone would be willing to test the FairEmail client, I'd
> be keen to hear if you think that the way it leverages BIMI
> matches your expectations. Also, are there any others out there
> that might contribute their learnings to the conversation?
>
> Anyway, thanks for any feedback you may have. It'll be useful to
> hash out ideas for improvements and next steps on the list.
>
> Cheers,
>
> Trent
>
> [1] https://datatracker.ietf.org/doc/html/draft-blank-ietf-bimi-02
> <https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/html/draft-blank-ietf-bimi-02__;!!CQl3mcHX2A!UUyJEN3_Ay0ac-Ux9txqVoPDIfnSSmOT5S-OCXjjRVeXJEEqrPRjGUg2a_oFLJHfVUyABq4$>
>
> [2]
> https://datatracker.ietf.org/doc/html/draft-fetch-validation-vmc-wchuang-00
> <https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/html/draft-fetch-validation-vmc-wchuang-00__;!!CQl3mcHX2A!UUyJEN3_Ay0ac-Ux9txqVoPDIfnSSmOT5S-OCXjjRVeXJEEqrPRjGUg2a_oFLJHfIMZn7Z8$>
>
> [3]
> https://datatracker.ietf.org/doc/html/draft-brotman-ietf-bimi-guidance-03
> <https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/html/draft-brotman-ietf-bimi-guidance-03__;!!CQl3mcHX2A!UUyJEN3_Ay0ac-Ux9txqVoPDIfnSSmOT5S-OCXjjRVeXJEEqrPRjGUg2a_oFLJHfQyodXbk$>
>
> --
>
> *J. Trent Adams*
>
> /Director, Ecosystem Security/
>
> *Proofpoint*
>
> tadams@proofpoint.com <mailto:tadams@proofpoint.com>
>
> bimi mailing list
> bimi@ietf.org <mailto:bimi@ietf.org>
> https://www.ietf.org/mailman/listinfo/bimi
> <https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/bimi__;!!CQl3mcHX2A!QOleDIsQOkjN3HXlKrItrq62gf5-G3hak8l7aDR3RAX6gQqWqTVXcLfIwcPA3DMVB8lC6MU$>
>
>
- [Bimi] Fwd: bimi Digest, Vol 10, Issue 2 Marcel Bokhorst
- Re: [Bimi] Fwd: bimi Digest, Vol 10, Issue 2 Brotman, Alex
- Re: [Bimi] Fwd: bimi Digest, Vol 10, Issue 2 Marcel Bokhorst
- Re: [Bimi] Fwd: bimi Digest, Vol 10, Issue 2 Todd Herr
- Re: [Bimi] Fwd: bimi Digest, Vol 10, Issue 2 Marcel Bokhorst
- Re: [Bimi] Fwd: bimi Digest, Vol 10, Issue 2 Jakub Olexa
- Re: [Bimi] Fwd: bimi Digest, Vol 10, Issue 2 Trent Adams
- Re: [Bimi] Fwd: bimi Digest, Vol 10, Issue 2 Marc Bradshaw
- Re: [Bimi] Fwd: bimi Digest, Vol 10, Issue 2 Dave Crocker
- Re: [Bimi] Fwd: bimi Digest, Vol 10, Issue 2 Marcel Bokhorst
- Re: [Bimi] Fwd: bimi Digest, Vol 10, Issue 2 Marc Bradshaw
- Re: [Bimi] bimi logos from non-giant companies John Levine