IETF Logo Mail Archive

Re: [Bimi] MUA Evaluation of BIMI

John Levine <johnl@taugh.com> Wed, 16 March 2022 18:29 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: bimi@ietfa.amsl.com
Delivered-To: bimi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61F0D3A082C for <bimi@ietfa.amsl.com>; Wed, 16 Mar 2022 11:29:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.861
X-Spam-Level:
X-Spam-Status: No, score=-1.861 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.248, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=FEGqULTm; dkim=pass (2048-bit key) header.d=taugh.com header.b=pcAYtVzM
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DXb9MMA9RoY1 for <bimi@ietfa.amsl.com>; Wed, 16 Mar 2022 11:29:52 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F3ACE3A0820 for <bimi@ietf.org>; Wed, 16 Mar 2022 11:29:51 -0700 (PDT)
Received: (qmail 70458 invoked from network); 16 Mar 2022 18:29:50 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=11336.62322c9e.k2203; bh=0v5mb4WWHPotf6RBpDpouGWO/NDXIOWd8ucxEhuPajI=; b=FEGqULTmn5luXG1GL8YrKpvT1agorvFdLv9UcqWvQetGSgte0qShz+OhMx/4xWAm2Q4lzFpxPEdCXBZ0fq2Ag0qdRNxyWdjX41NWXNm2pDXb5UcBA3b06UCNIwINSmXD+zuPDrtQytK36NDyCZGRQRTR+jSUC7qSzlU6LBmtp7TnWsKfe8yDDVsCu3QQ2VKOAKFIq84QgQAaRBW6A48hqjvw+la5Z8u5sWgZCYopg/SkV51tDr3T12zS/4WHaTq/QH9RRxCiM9TyE3sp58f9/7dIoxbEqMeE3B95+iljAKNikm/vptGntspugqL7fW2UjuB/YqVaSSNWqUQ93oEpww==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=11336.62322c9e.k2203; bh=0v5mb4WWHPotf6RBpDpouGWO/NDXIOWd8ucxEhuPajI=; b=pcAYtVzM3iLuuAs5M9uvWIdtnbvBch2rxck1FT2S/M/32g/zaNWGBzFmpzB3bBifxYdMf0MmQqkohP5TDgxoOyNUrR8Vx5znxSHOenWsRvHEcHY6+kqelcT1sYZobs22vpfEOzyt5m15uuW2+k6kDoawSJ7Y7oti6B74get5RHFqk1CDwWtOjg4Axi/cnB6CkRZHhnjSOAB2jIwvev27fk3uLRHnoO5w/IkbZhdTBW+4Uqz7hyOlsPiul2zLcJmxcw41QUNcoUTtgNy/BPkGCblgYTj3eUfBdX80LNksi8DMdsQPr4jBTAzE1O1YQY4wCfMfrgsVjkw+7uQxEJqljg==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 16 Mar 2022 18:29:49 -0000
Received: by ary.qy (Postfix, from userid 501) id 1A3F73945349; Wed, 16 Mar 2022 14:29:47 -0400 (EDT)
Date: Wed, 16 Mar 2022 14:29:47 -0400
Message-Id: <20220316182949.1A3F73945349@ary.qy>
From: John Levine <johnl@taugh.com>
To: bimi@ietf.org
Cc: Alex_Brotman@comcast.com
In-Reply-To: <MN2PR11MB4351832ACD2F68404D87275FF7119@MN2PR11MB4351.namprd11.prod.outlook.com>
Organization: Taughannock Networks
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/bimi/RP-cdRFbAX_KAxAx8GpxXWvOFQ0>
Subject: Re: [Bimi] MUA Evaluation of BIMI
X-BeenThere: bimi@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Brand Indicators for Message Identification <bimi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bimi>, <mailto:bimi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bimi/>
List-Post: <mailto:bimi@ietf.org>
List-Help: <mailto:bimi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bimi>, <mailto:bimi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Mar 2022 18:29:59 -0000

It appears that Brotman, Alex <Alex_Brotman@comcast.com> said:
>So it seems clear we need some way to validate the results of the MTA authentication evaluation, presuming they
>divulge those results into the headers of the message.  Trent suggested ARC, and while that should do that, it
>may not be ideal given adoption, and perhaps creating an additional barrier.

I don't get it.  I can see situations where you believe the topmost A-R in the message and where you don't,
but I don't see how signing it would help, since I can sign my A-R even if I am lying so you have the
exact same situation deciding whether to believe the signer.

This would be a situation where an IMAP server mangles or forges A-R headers but is otherwise
trustworthy.  That seems kind of implausible.

R's,
John

v2.23.0 | Report a Bug | By Email