IETF Logo Mail Archive

Re: [Bimi] MUA Evaluation of BIMI

Trent Adams <tadams@proofpoint.com> Thu, 17 March 2022 19:20 UTC

Return-Path: <tadams@proofpoint.com>
X-Original-To: bimi@ietfa.amsl.com
Delivered-To: bimi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B06123A0915 for <bimi@ietfa.amsl.com>; Thu, 17 Mar 2022 12:20:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=proofpoint.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id asjX_6ubH8ti for <bimi@ietfa.amsl.com>; Thu, 17 Mar 2022 12:20:44 -0700 (PDT)
Received: from mx0a-00148503.pphosted.com (mx0b-00148503.pphosted.com [148.163.159.21]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5AB843A085E for <bimi@ietf.org>; Thu, 17 Mar 2022 12:20:42 -0700 (PDT)
Received: from pps.filterd (m0086146.ppops.net [127.0.0.1]) by mx0b-00148503.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 22HJKeHJ020727; Thu, 17 Mar 2022 12:20:40 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=proofpoint.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=corp-2019-08-07; bh=GPS3yx2U+l5mzdc594CHCxrJUnos+piGw2pWOxa/MPU=; b=WLijpOjuX38FS6IjHdZeQy0wEcDq8TeapEiZ+uN5bfbFRYhid/2Uj9uFPivRZfCeRWQl m0+7w1zrEh3eGMoJLjGdumKD46ZTMI0xJ1j/68Grr7mv/+ipxPLAAg6dPuTYfNlv/GYY Z2T03savSpNk28V36QepBD9sZLQUO8RKHsvJ/JFh8yIs9rHju/Hux4Zrd9Jk5nB3UR0Q qxXgVZytnGtXSa4GB/r7dHl1mo4seKFrS3jqdy4zcqg9smWAwXcknDEHoT3fTdrMLdjP SboVOpt5tswuLPBG6aGNiPYpKKH1piZ1fiSSRuxx3iT5uUYrvP1B8Jd1xuYklf+GFr8R 3Q==
Received: from lv-exch03.corp.proofpoint.com ([136.179.16.100]) by mx0b-00148503.pphosted.com (PPS) with ESMTPS id 3euqnvrcu1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 17 Mar 2022 12:20:39 -0700
Received: from lv-exch02.corp.proofpoint.com (10.94.30.38) by lv-exch03.corp.proofpoint.com (10.19.10.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.2308.21; Thu, 17 Mar 2022 12:20:38 -0700
Received: from NAM04-MW2-obe.outbound.protection.outlook.com (10.19.16.20) by lv-exch02.corp.proofpoint.com (10.94.30.38) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.2308.21 via Frontend Transport; Thu, 17 Mar 2022 12:20:38 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Dqz+tmuKBR5f9MRISr9coFDQHYpRoIOmFUQrIUXsOc3buNOp3lfyc39C+0Z9/dJvLE11AQ6ZP0VaibuTYPXi+loW2AKb9VzG0JCjOccIcwTLl6NBJyV5q7e1LbIsaR4IoZnGdNWDB2VMUuKl7/Qcc/VqiyBmgdA7jyhlphorVjVnDiZjkvg1YFEZOx0/cJR2umVBy9Yf3cfbOY/ZSHdP701uot+00Bv7PiUiI14UscjVVZt+PnIdbmCMOGzml0Wz8W/eMlENGReOJxAlG524MnEo/BJ5PGoX56Y/stZPO92ly3EcclOF8xSLrY5+ZKZSUAsvRfDR454pb69olwbkQw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Klvfw1iv08g6FIT3LH+dHl8BnAqfmCKe+7UjTXYasR8=; b=ACpaO701VCTWuKboVLCTN02qjbF59pXP8B+YE9YZnHlyADZVq9y7wm2MhB2tkSFtuEVnC6vl0qHXGMjPhZVizz3ScbnZXFdTJ0nH5jyFrjMwSq9+cpMh96hulz6eJyfLjtFLFN0T4BleMF3CNtm9CAialRMVdjoFLUN2Xz3WLmkFVCcLJU9svrlvI3oIZjr9boqgCYCGGNhdnCZHvWRp0czdo2OM7KLxA3hTuJkobGiodYLpa/ItGD3Folahs4v8DarBFsm+JjbPcAh+K+pE9UOf/9c4N6+zPCWqtkbNgc0wP4kMcDzRLGsPd8byzv+RPmMLKgXOncXFdD2XrSPEjA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=proofpoint.com; dmarc=pass action=none header.from=proofpoint.com; dkim=pass header.d=proofpoint.com; arc=none
Received: from CH2PR12MB5001.namprd12.prod.outlook.com (2603:10b6:610:61::18) by BN8PR12MB4787.namprd12.prod.outlook.com (2603:10b6:408:a1::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5081.15; Thu, 17 Mar 2022 19:20:36 +0000
Received: from CH2PR12MB5001.namprd12.prod.outlook.com ([fe80::4d89:e9d3:abef:5ebe]) by CH2PR12MB5001.namprd12.prod.outlook.com ([fe80::4d89:e9d3:abef:5ebe%8]) with mapi id 15.20.5081.017; Thu, 17 Mar 2022 19:20:36 +0000
From: Trent Adams <tadams@proofpoint.com>
To: John Levine <johnl@taugh.com>, "bimi@ietf.org" <bimi@ietf.org>
CC: "Alex_Brotman@comcast.com" <Alex_Brotman@comcast.com>
Thread-Topic: [Bimi] MUA Evaluation of BIMI
Thread-Index: AQHYNakS7cBGBKKcikGTe1q57Bj1Vqy/BUnggABVaQCAAOT4gIAAjqgAgAASRgCAAAbcrIAABSUAgAE58LCAADXFgIABO/GA
Date: Thu, 17 Mar 2022 19:20:36 +0000
Message-ID: <B0FB719D-DF38-4D9E-B18C-C1D65EA7CAA4@proofpoint.com>
References: <MN2PR11MB4351832ACD2F68404D87275FF7119@MN2PR11MB4351.namprd11.prod.outlook.com> <20220316182949.1A3F73945349@ary.qy>
In-Reply-To: <20220316182949.1A3F73945349@ary.qy>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.59.22031300
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 7d843941-0a0c-4e2f-78e3-08da084b36e6
x-ms-traffictypediagnostic: BN8PR12MB4787:EE_
x-microsoft-antispam-prvs: <BN8PR12MB478778D85C5A6E701BD53536B3129@BN8PR12MB4787.namprd12.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: kPzPCdcfK38qVf4WJDeXo5ep81g/2GTrqVfMfRjiZRp87ta+OzEiobdoP7vG4mCV9RtQo4hIvq7FsMMaqfo1irWsTMaJHzb0OMwKb4kZf12rPKpF8tup2EfaZY1SOYCRg15gcXT30rdthYD/ynHnF4ASaAJQBrfTltMUNDoJ4i+n6xDbVSsZeW1G1kKOS8vLXHln+y/8JZKkyTwHtMKevgxGCUjapdi7tMQGKuC/rbBGPusHB85rXzdTu7bKKpt4XuN5C9Gtlb1wuIxBePJqL8zQjBhmmy4XEhmGSbGb1Q1Gx/S5X1hBLF/1iWAgcB/XuOxOWbDWV2rr5atrLM2ADzPCVS74M2lqiCS8tdN1X50LGRzWQw1kt32TFUVuUVaCeVig+i5yh9vLSZtPhVuieSWvOBHWUMzUNTRLAW2QhZu41ICWjg7IuRhb+4Lw0PWn2nDe8Z/XtwcNCxrYsKyAvDHcw3UdO8DSEfcz6yjucGg8LU/BTXrbMPIJ+C68CZ+mU+Bj4DIEhY7U7qlU+oReUbyr685CfrYc0g095O2+TIm2LqKVh6jJLQTRQfwGzPm5yFHRbNG9/8Fc+MzKAm0QAgE75a/skbka3sfMC0z6ZnoGB1RUv0inTgNtReCoTpRWewcFapx5Flukao8pTj88F70vCndyD0pcNNEMtw8i89SEk/3HckTtEWJNYCWfy3YD/WxgboBMfsb5zKg09dppff7RuRj3sIoEDj4xGtluofF9nLMZq1y2cEr7W4KEqJakdB+jvpENZYX4kodMbPKygOWeDga79G1TZTbAgUfgZjzmKrpvVHX2TpHVtnE5AKvZ
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH2PR12MB5001.namprd12.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(76116006)(2906002)(508600001)(66476007)(66556008)(4326008)(64756008)(66446008)(110136005)(966005)(6486002)(71200400001)(36756003)(86362001)(6506007)(33656002)(6512007)(2616005)(91956017)(316002)(8676002)(66946007)(186003)(122000001)(38100700002)(38070700005)(8936002)(5660300002)(83380400001)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: jH3+LcndczHo/xzZV3fkgydvf50GktElFmIJzLEDqZdjTLj3VzXm13g3IKyM6pNRetd7+LaohDfr23fHlAhvF9owPsJh5FH3jcEUI8m1vmM37HC9cEPgKMGWa0d5cUF1gCKJ/iz/dCI1pUzR3HFTpdPbmI02yuyTBcPQSTyAxxuHQoufo87kWSSCOqeIq3zwV4DYEEudGuBckJ14h1aaeKRUtFS2clKDcH2YXuf2/GPFbRxyx5hwlvGHQuBD+D1yEH4lPEvhb1+miIL8tzvygp3wGprAkcuQ3Bqfcv+xMyvngAEWfw/zdp7vV0l5MrLRgBI5GzmiEZtbbOvJXPS0iy/60z0GMUbARZNeyUp+1oPQeF2bzbw4ASQNjGsmYFymFUpMJ+Zo0Ml+Ne37xMuIbZ6D9Zi4KukESyYAjeYqTA+9F+W17nXnE4POD6jmjz49GBPJBspZzVcMeCIlHw/e9SAqZ9kmyk+Mjp1TFwxXbaujHgIMgc0sLW7TgqPQ8n0vaOyPsPcNaosnJKwa/bz8n1PJlzfxEogtI6UtcRWPeBTtIw1hvhg0jEnSA0a9xTsUfNTOuL4/3MmsvNAL8gST3gwrOp9AvXw/aRhzykEGOkGRh7VXxqJlXNbirl/JCVjsQT8GZZJRWiwnZTlS4XlFT+nhFBqerb3KpK8VgXa0P3037fLXQKmYH/9ZYH97joAoKtBt5BKF36PvTZ/JPqijSYVgwO75jZ2WMuSKs21g6AKRXa9jNWLuX5jSMZH1dWTnegbjx03mS3TikBRLb+nsWq5zs89uLKns2hqer+IGcAFogXE+EiY8Nuvl1mePm0uAy6kqhg8HF9UaB+YdE7xLo3LSemP9z+LfuZKhEag+fO4oGurYqUbbVK1TMLrFdX7zpvhRC5LDG1o+HEcHtEsIISiCQtVLshkvtqDnjlbj3eUCFiCZMDoB3fiHJ6xnwMp35xwkYA+N8irxAS96axB+CB/vKsQgcRjMHFmRJN6KlLcykJfHFn39qqfONpDyw50Liv2vfljpWQFpb2fsaMVAwzcaN+OfkBxxh3LOyzHxiNmjYKs2INtD1PQ1dOgR9tBuL7RQhlqFK+DerfSXnvBUddC+FWQ4JAwJqUQRczhRx3zu5bDJ1TORe1p0DIr/r7JeXZFyrsnE55/NbQDACTczYVDwhOdk22JSPw2o3vhOpFUB2FD+4z3Lwkb9SmU79NBVbBCpRJMyBwcR81c/X99G3nSJUAh8emOGXH7KqbNuvJIeMIJfKdperEajYMnOdYyK4W195eICZJ7g5NbpIy7VaPnf1gf/KfCY+Ire78QrGYmsqhPW9YoahRbA45SsN0twOBOR/21C/GBd9F7wnM+6W0+l6WpEGh/oTkYsBGPWpcwmwNfi2r7HRJqo7DJLwVfONuc+ePQy9UInbOxnor+OdAksIYEZPl82oIIPQ/SXJd3Fs/qPQROluWKLZUlPaKVt0ipyps5rIGhkkhBueKVqJlE5NfbW+/64/GDWAZp6mZ737Hmrp3YcUY0MTHumyWoPj4eKoXzOWeNSPl49tYjimg==
Content-Type: multipart/alternative; boundary="_000_B0FB719DDF384D9EB18CC1D65EA7CAA4proofpointcom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH2PR12MB5001.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7d843941-0a0c-4e2f-78e3-08da084b36e6
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Mar 2022 19:20:36.2052 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46785c73-1c32-414b-86bc-fae0377cab01
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: gf5qHDniCas9lg0Tvj4WImUUtUwpahykWYt/zScMyWhJDFjBVrzURf414RRrJPbH6oV7qb8X6rg6ozJRtfyCug==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8PR12MB4787
X-OriginatorOrg: proofpoint.com
X-PassedThroughOnPremises: Yes
X-Proofpoint-GUID: GLi20HDZq8vJOwaOzq_NK_BYQfUMtxLT
X-Proofpoint-ORIG-GUID: GLi20HDZq8vJOwaOzq_NK_BYQfUMtxLT
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.850,Hydra:6.0.425,FMLib:17.11.64.514 definitions=2022-03-17_07,2022-03-15_01,2022-02-23_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 impostorscore=0 mlxlogscore=999 spamscore=0 suspectscore=0 phishscore=0 lowpriorityscore=0 clxscore=1011 bulkscore=0 mlxscore=0 malwarescore=0 adultscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2202240000 definitions=main-2203170109
Archived-At: <https://mailarchive.ietf.org/arch/msg/bimi/MzGkjhl2zMWdEKADRX8eqSL1PfI>
Subject: Re: [Bimi] MUA Evaluation of BIMI
X-BeenThere: bimi@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Brand Indicators for Message Identification <bimi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bimi>, <mailto:bimi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bimi/>
List-Post: <mailto:bimi@ietf.org>
List-Help: <mailto:bimi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bimi>, <mailto:bimi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Mar 2022 19:20:50 -0000

>From what I can tell, the decision of whether or not an independent MUA should display a BIMI logo reduces to: "can the MUA reliably determine what the mailbox provider states to be the AuthN results of the evaluation they performed."

I don't believe it's about whether or not the MUA trusts the AuthN evaluation performed by the mailbox provider; that ship has sailed by the time the MUA fetches the mail.  If the MUA starts second-guessing the veracity of what the mailbox provider states, all bets are off well beyond the purview of BIMI.

In case it helps get inside my head (and perhaps illuminate my insanity), here's a rough operational flow I think would work:

  1.  First, let's consider the case that would short circuit this entire flow.  If the independent MUA can verify DKIM for the message it fetched from the mailbox provider, it can evaluate DMARC and BIMI without relying on the AuthN-Results from the mailbox provider.  If so, then we can skip ahead and GOTO 8.  Otherwise, that's where the following process kicks in…
  2.  The following assumes that the MUA trusts mail it fetches from the mailbox provider (otherwise… why're they fetching it?).  If the MUA trusts that the mailbox provider is performing the necessary validation/verification/filtering, etc… then the MUA should be able to trust headers inserted by that specific MTA (as long as they can reliably identify them).
  3.  That's not to say that the MUA should trust all the headers… just the ones that can be confirmed as having been put there by the mailbox provider.  Enter ARC, not so much as a "trust the chain" mechanism, but primarily as a method to "identify AuthN-Results inserted by the mailbox provider".
  4.  If the MUA can identify and verify a signed ARC block that includes the AuthN-Results inserted by mailbox provider, the MUA can use it to make determinations related to BIMI.  Presumably, this includes enough information for the MUA to perform the same BIMI evaluation as the MTA would have.
  5.  Regardless of any other AuthN-Results hanging out in the headers (perhaps ones that the mailbox provider neglected to strip out), at least the MUA knows that the AuthN-Results in the signature block inserted by the mailbox provider indicates what their inbound MTA evaluated.
  6.  And sure, there may be other entries in the ARC chain before what the mailbox provider inserted… and perhaps the MUA will only trust valid AuthN-Results within the block inserted by that mailbox provider (i.e. not a full chain).  But the point of this is that the ARC signature block is currently the only way for the MUA to clearly identify the specific AuthN-Results header inserted by the mailbox provider.
  7.  Optionally… if there's no ARC header inserted by the mailbox provider, perhaps there's a special DKIM-like signed AuthN-Reults header (akin to what Alex suggested)… in that case, the MUA finds it, verifies the signature, and then uses it to move forward.
  8.  Whether the AuthN-Results come from directly validating DKIM, the ARC signature block, or a new DKIM-like signed header…  With this information, the MUA can now decide what to do about BIMI… knowing that they're only trusting the mailbox provider from which they fetched the email.

I get that this is all very hand-wavy at the moment… but I hope that by breaking up the process into discreet steps we can identify where the proposal goes off the rails.  Perhaps then we can focus in and address those specific points and run through it again (hopefully getting further down the track with the next iteration).

Once we see a full path… then we can figure out how to update the specification to more effectively clarify the functionality.

Thoughts?

- Trent



From: bimi <bimi-bounces@ietf.org> on behalf of John Levine <johnl@taugh.com>
Organization: Taughannock Networks
Date: Wednesday, March 16, 2022 at 12:30 PM
To: "bimi@ietf.org" <bimi@ietf.org>
Cc: "Alex_Brotman@comcast.com" <Alex_Brotman@comcast.com>
Subject: Re: [Bimi] MUA Evaluation of BIMI

It appears that Brotman, Alex <Alex_Brotman@comcast.com> said: >So it seems clear we need some way to validate the results of the MTA authentication evaluation, presuming they >divulge those results into the headers of the message.


It appears that Brotman, Alex <Alex_Brotman@comcast.com> said:

>So it seems clear we need some way to validate the results of the MTA authentication evaluation, presuming they

>divulge those results into the headers of the message.  Trent suggested ARC, and while that should do that, it

>may not be ideal given adoption, and perhaps creating an additional barrier.



I don't get it.  I can see situations where you believe the topmost A-R in the message and where you don't,

but I don't see how signing it would help, since I can sign my A-R even if I am lying so you have the

exact same situation deciding whether to believe the signer.



This would be a situation where an IMAP server mangles or forges A-R headers but is otherwise

trustworthy.  That seems kind of implausible.



R's,

John



--

bimi mailing list

bimi@ietf.org

https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/bimi__;!!ORgEfCBsr282Fw!sF7Rls7k9AVY7scazu54DZLRLoHEGm8BSBYOgPj2scNTvzzn_7vmp6Iq-D9sEJLg13wBiGGx9fO6pg$

v2.23.0 | Report a Bug | By Email