Re: [Bimi] Fwd: bimi Digest, Vol 10, Issue 2
Jakub Olexa <jakub@mailkit.com> Fri, 30 July 2021 16:25 UTC
Return-Path: <jakub@mailkit.com>
X-Original-To: bimi@ietfa.amsl.com
Delivered-To: bimi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C9D43A3073 for <bimi@ietfa.amsl.com>; Fri, 30 Jul 2021 09:25:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.588
X-Spam-Level:
X-Spam-Status: No, score=-1.588 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001, URI_NOVOWEL=0.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mailkit.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BPeQ3T0kF_BD for <bimi@ietfa.amsl.com>; Fri, 30 Jul 2021 09:24:55 -0700 (PDT)
Received: from mail.mailkit.eu (mail.mailkit.eu [185.136.200.19]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4719B3A3072 for <bimi@ietf.org>; Fri, 30 Jul 2021 09:24:54 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.mailkit.eu (Postfix) with ESMTP id CBCE820447 for <bimi@ietf.org>; Fri, 30 Jul 2021 18:24:50 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at mailkit.eu
Received: from mail.mailkit.eu ([127.0.0.1]) by localhost (mail.mailkit.eu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jZwPnVkSIliX for <bimi@ietf.org>; Fri, 30 Jul 2021 18:24:46 +0200 (CEST)
To: bimi@ietf.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mailkit.com; s=mk-2; t=1627662286; bh=+2pB8f4frIhEUFNt0HfswdkxN6iucpCO174ZbrnqNmY=; h=To:References:From:Subject:Date:In-Reply-To; b=lyMp4YfmHXIwZYOAc6E9BJLZVKcBRIXdDMQyoiQX64BRKMThqe7aQy8f17H/KZRPm 5dEm0c9HyZP/uAZ8SL9lzTI+zJqR0xc+wOpQcsjgwpeJ2kv5C/cdhq3fM47Nlpt6+2 BSMhOZF+llbIO5mbtsltn21IeD/xNRFo+i5eF9Pil3Une2CsB+aWS554S0zQb2G5YH Hlvn9wuq+T3nydh4+warQISepFsl8qTdO0qTb3LDMkLyBNZcq85vVlUnbXwkWM3TyA LeJBhdjwPmR3Wg6ANuiGfc5lU9cL009XOsvLbYJZX81jlyxgjl6h9Bg27Oa8Z3phIM Nd/Zxbr+4Alqg==
References: <mailman.3635.1627587941.6855.bimi@ietf.org> <CAFLkOerrax+qYyaR_u1SJH6xQH_asxqbzd=rb4AWKwYudZodCw@mail.gmail.com> <MN2PR11MB435147F86056FB81D919657EF7EC9@MN2PR11MB4351.namprd11.prod.outlook.com> <CAFLkOerqLfm8rqcCDOkrS=9S3XV41exDSOMB_zndYaC6NKuGSw@mail.gmail.com>
From: Jakub Olexa <jakub@mailkit.com>
Organization: Mailkit
Message-ID: <e735630f-c539-cc33-8ff4-4dfaf932917e@mailkit.com>
Date: Fri, 30 Jul 2021 18:24:46 +0200
MIME-Version: 1.0
In-Reply-To: <CAFLkOerqLfm8rqcCDOkrS=9S3XV41exDSOMB_zndYaC6NKuGSw@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------AB4AD04E6D6D3A9386CF1402"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/bimi/GAvf33acPlplD3-hagcKvgFo0Wk>
Subject: Re: [Bimi] Fwd: bimi Digest, Vol 10, Issue 2
X-BeenThere: bimi@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Brand Indicators for Message Identification <bimi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bimi>, <mailto:bimi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bimi/>
List-Post: <mailto:bimi@ietf.org>
List-Help: <mailto:bimi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bimi>, <mailto:bimi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Jul 2021 16:25:01 -0000
Hi Marcel, i'm missing the check for the SVG logo. Do you intend to fully rely on VMC itself? I believe I have raised this topic before but if not - not checking that the SVG stored in VMC matches the logo in l= brings potential risks and most imporantly allows for misaligned logos across services. Allowing brands to create BIMI records that would return different logos in l= and a= could result in bad user experience and even VMC abuse. fetching the l= logo should not be an option but mandatory and the draft is clear on the fact that it's required. At least that's how I read the assertion discovery part and I believe that it makes no sense to permit different logo in l= and a= and not checking for the alignment of the 2 logos could lead to abuse. If the retrieved Assertion Record does not include a valid bimi- location in the l= tag, then Indicator Discovery has failed, and the Indicator MUST NOT be displayed. The bimi-location entry MUST be a URI with a HTTPS transport. Jakub Olexa Founder & CEO E-mail: jakub@mailkit.com <mailto:jakub@mailkit.com> Tel: +420 777 744 440 <tel:+420777744440> Mailkit - Closing the circle between Deliverability and Engagement <https://www.mailkit.com> On 30.07.2021 16:45, Marcel Bokhorst wrote: > > I understood that always "xfinity.com <http://xfinity.com>" should be > checked and never subdomains like "emails.xfinity.com > <http://emails.xfinity.com>". Am I wrong? > > "/Everything checks out/" means: > > * The VMC could be downloaded from location referenced in the BIMI > TXT record > * The certificate chain up to a known CA certificate is valid > * The certificate is of the right type (BIMI) > * The DNS name of the certificate matches the domain name of the > sender and of the BIMI DNS record > * A logo is present and could be extracted from the certificate > * The /Authentication-Results/ header says "pass" for DKIM, SPF and > DMARC > * The DMARC DNS record policy is "reject" or "quarantine" > > > > > > Op vr 30 jul. 2021 om 15:19 schreef Brotman, Alex > <Alex_Brotman@comcast.com <mailto:Alex_Brotman@comcast.com>>: > > Consider “emails.xfinity.com <http://emails.xfinity.com>”. We > didn’t want BIMI on “xfinity.com <http://xfinity.com>”, but just > that sub-domain (for now). There is no BIMI record at > “xfinity.com <http://xfinity.com>”, though it does exist at > “emails.xfinity.com <http://emails.xfinity.com>”. I believe this > is covered in the drafts. > > The flag could be nice, but again, that only covers IMAP. What > about POP (or MAPI) users? The cryptographic solution may be more > intensive, but seems like it may make BIMI more available (but > yes, at the expense of mobile CPU). > > Could you elaborate on the “everything checks out” from your > section about evaluation? > > -- > > Alex Brotman > > Sr. Engineer, Anti-Abuse & Messaging Policy > > Comcast > > *From:* bimi <bimi-bounces@ietf.org > <mailto:bimi-bounces@ietf.org>> *On Behalf Of * Marcel Bokhorst > *Sent:* Friday, July 30, 2021 3:57 AM > *To:* bimi@ietf.org <mailto:bimi@ietf.org> > *Subject:* [Bimi] Fwd: bimi Digest, Vol 10, Issue 2 > > FairEmail will not rely on the BIMI-Location header because this > requires support from the email server. Instead, FairEmail will > use the logo in the VMC and fallback to the DNS record logo > location if needed (logo missing in the VMC, etc). The logo will > always be shown, but the verified sender icon (a double check mark > before the sender's name) will be shown only when everything > checks out. > > > I think it would be a good idea to summarize the steps to follow > to fetch/decode/check BIMI because I think it will make it easier > for developers to implement BIMI and to do this in the right way. > > The BIMI TXT record is always being fetched from the top level > domain (example.org > <https://urldefense.com/v3/__http:/example.org__;!!CQl3mcHX2A!QOleDIsQOkjN3HXlKrItrq62gf5-G3hak8l7aDR3RAX6gQqWqTVXcLfIwcPA3DMVHSX2WGk$>). > I hope this is correct. > > An IMAP flag would be nice, but I guess it will take quite some > time until all email servers are supporting this. Something like a > signed authentication results header would be nice, as long as it > can be checked in a simple and efficient way. For example heavy > cryptographic operations and looking up DNS records (for > certificates, etc) would result in slow downs and increased > battery usage when downloading many messages. > > Currently, the authentication header inserted by the email server > is just being trusted, but this relies on either inserting the > header by the receiving email server or removing previous headers > of intermediate email servers. > > FairEmail will cache the logo for two weeks, which is the same as > for favicons. IMHO this is a reasonable default, preventing logos > from being fetched too often and still allowing to change the logo > by the sender (which I guess won't happen too often). > > I hope this clarifies things, else feel free to reply. > > Marcel Bokhorst (author of FairEmail) > > > ---------- Forwarded message ---------- > From: "Brotman, Alex" <Alex_Brotman@comcast.com > <mailto:Alex_Brotman@comcast.com>> > To: Trent Adams <tadams=40proofpoint.com@dmarc.ietf.org > <mailto:40proofpoint.com@dmarc.ietf.org>>, "bimi@ietf.org > <mailto:bimi@ietf.org>" <bimi@ietf.org <mailto:bimi@ietf.org>> > Cc: > Bcc: > Date: Thu, 29 Jul 2021 19:45:04 +0000 > Subject: Re: [Bimi] Independent BIMI-capable Email Client > > I do have that app, but I haven’t yet pointed it at a platform > utilizing BIMI. I’ll make a note to give it a try. > > From below: > > * They aren't entirely clear on how (or why) to evaluate a logo > referenced by the BIMI record and the one retrieved from a VMC. > > What about the BIMI-Location header instance, if present? > (assuming you want to trust that header, etc). After that, I’d > probably use the VMC if present. Should we add an evaluation path > to the core document? > > * It's also not all that clear where to retrieve the BIMI logo > when the email is sent from a subdomain, and match that up > with the DMARC results. > > I’m not sure I follow the issue here. Is there some example that > shows the questionable path? > > * There's also the question about whether or not an independent > client can/should trust the authentication results performed > by the mailbox provider when deciding to display the BIMI logo. > > If you go back to -00 of the core spec, there was an IMAP flag > that was meant to be set (Section 8.6). That was removed in -01. > I don’t recall the justification, but may have had to do with MUA > workload. Seems like the IMAP flag could be reintroduced (POP3 > would be an issue though). Or perhaps something akin to a DKIM > signature signed by the inbound MTA that could be verified by the > MUA. The latter could potentially be reused though? > > * There is a non-zero addition of processing required by the > client to handle BIMI, leading to the question about what > impact this may have on a client... and what efficiencies can > be introduced with local caching (if any). > > I’d think at least equivalent to the TTL of the BIMI DNS record, > perhaps even up to the expiration of the VMC (though I could > understand where a domain holder could refresh their VMC and > change logos, etc). I’m sure there’s a better answer somewhere in > between. > > -- > > Alex Brotman > > Sr. Engineer, Anti-Abuse & Messaging Policy > > Comcast > > *From:* bimi <bimi-bounces@ietf.org > <mailto:bimi-bounces@ietf.org>> *On Behalf Of *Trent Adams > *Sent:* Friday, July 23, 2021 5:36 PM > *To:* bimi@ietf.org <mailto:bimi@ietf.org> > *Subject:* [Bimi] Independent BIMI-capable Email Client > > Since Gmail's announcement, more companies are starting to play > around with BIMI (no surprise there). And, as expected, the > increased attention is helping to put more eyeballs on the experiment. > > And while some of the major mailbox providers are adding BIMI > support to their own mobile clients, I ran into a FOSS project run > by a developer in the Netherlands who has already added BIMI to > their independent mobile mail client. > > If you get a chance, I'd suggest taking a look at their FairEmail > implementation as they made some interesting choices: > > https://email.faircode.eu/ > <https://urldefense.com/v3/__https:/email.faircode.eu/__;!!CQl3mcHX2A!UUyJEN3_Ay0ac-Ux9txqVoPDIfnSSmOT5S-OCXjjRVeXJEEqrPRjGUg2a_oFLJHfdsADeC4$> > > The current Android client package can be downloaded from their > GitHub repository: > > https://github.com/M66B/FairEmail/releases > <https://urldefense.com/v3/__https:/github.com/M66B/FairEmail/releases__;!!CQl3mcHX2A!UUyJEN3_Ay0ac-Ux9txqVoPDIfnSSmOT5S-OCXjjRVeXJEEqrPRjGUg2a_oFLJHf2gwnAj4$> > > So far, they've already found some useful results from their > experiment. And now we're finally at a point where we can test > the architecture (and pressure-test the specifications) beyond the > handful of usual suspects. > > For example, here're a few issues this work as already surfaced > when interpreting the specifications [1] [2] [3]: > > * They aren't entirely clear on how (or why) to evaluate a logo > referenced by the BIMI record and the one retrieved from a VMC. > * It's also not all that clear where to retrieve the BIMI logo > when the email is sent from a subdomain, and match that up > with the DMARC results. > * There's also the question about whether or not an independent > client can/should trust the authentication results performed > by the mailbox provider when deciding to display the BIMI logo. > * There is a non-zero addition of processing required by the > client to handle BIMI, leading to the question about what > impact this may have on a client... and what efficiencies can > be introduced with local caching (if any). > > What I found most interesting was how the specifications assume a > tight coupling between the client and the mailbox provider. It > definitely opens the question of whether it's possible (or > recommended) for an independent client to support BIMI even for > email received by mailbox providers that don't support it. It's > real-world interop testing like this that I hope will highlight > issues that need to be discussed as the experiment continues. > > Also, if anyone would be willing to test the FairEmail client, I'd > be keen to hear if you think that the way it leverages BIMI > matches your expectations. Also, are there any others out there > that might contribute their learnings to the conversation? > > Anyway, thanks for any feedback you may have. It'll be useful to > hash out ideas for improvements and next steps on the list. > > Cheers, > > Trent > > [1] https://datatracker.ietf.org/doc/html/draft-blank-ietf-bimi-02 > <https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/html/draft-blank-ietf-bimi-02__;!!CQl3mcHX2A!UUyJEN3_Ay0ac-Ux9txqVoPDIfnSSmOT5S-OCXjjRVeXJEEqrPRjGUg2a_oFLJHfVUyABq4$> > > [2] > https://datatracker.ietf.org/doc/html/draft-fetch-validation-vmc-wchuang-00 > <https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/html/draft-fetch-validation-vmc-wchuang-00__;!!CQl3mcHX2A!UUyJEN3_Ay0ac-Ux9txqVoPDIfnSSmOT5S-OCXjjRVeXJEEqrPRjGUg2a_oFLJHfIMZn7Z8$> > > [3] > https://datatracker.ietf.org/doc/html/draft-brotman-ietf-bimi-guidance-03 > <https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/html/draft-brotman-ietf-bimi-guidance-03__;!!CQl3mcHX2A!UUyJEN3_Ay0ac-Ux9txqVoPDIfnSSmOT5S-OCXjjRVeXJEEqrPRjGUg2a_oFLJHfQyodXbk$> > > -- > > *J. Trent Adams* > > /Director, Ecosystem Security/ > > *Proofpoint* > > tadams@proofpoint.com <mailto:tadams@proofpoint.com> > > bimi mailing list > bimi@ietf.org <mailto:bimi@ietf.org> > https://www.ietf.org/mailman/listinfo/bimi > <https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/bimi__;!!CQl3mcHX2A!QOleDIsQOkjN3HXlKrItrq62gf5-G3hak8l7aDR3RAX6gQqWqTVXcLfIwcPA3DMVB8lC6MU$> > >
- [Bimi] Fwd: bimi Digest, Vol 10, Issue 2 Marcel Bokhorst
- Re: [Bimi] Fwd: bimi Digest, Vol 10, Issue 2 Brotman, Alex
- Re: [Bimi] Fwd: bimi Digest, Vol 10, Issue 2 Marcel Bokhorst
- Re: [Bimi] Fwd: bimi Digest, Vol 10, Issue 2 Todd Herr
- Re: [Bimi] Fwd: bimi Digest, Vol 10, Issue 2 Marcel Bokhorst
- Re: [Bimi] Fwd: bimi Digest, Vol 10, Issue 2 Jakub Olexa
- Re: [Bimi] Fwd: bimi Digest, Vol 10, Issue 2 Trent Adams
- Re: [Bimi] Fwd: bimi Digest, Vol 10, Issue 2 Marc Bradshaw
- Re: [Bimi] Fwd: bimi Digest, Vol 10, Issue 2 Dave Crocker
- Re: [Bimi] Fwd: bimi Digest, Vol 10, Issue 2 Marcel Bokhorst
- Re: [Bimi] Fwd: bimi Digest, Vol 10, Issue 2 Marc Bradshaw
- Re: [Bimi] bimi logos from non-giant companies John Levine