IETF Logo Mail Archive

Re: [Bimi] Proposal to Clarify Role of MUA in BIMI Evaluation

Todd Herr <todd.herr@valimail.com> Tue, 19 July 2022 19:15 UTC

Return-Path: <todd.herr@valimail.com>
X-Original-To: bimi@ietfa.amsl.com
Delivered-To: bimi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5411CC15A72B for <bimi@ietfa.amsl.com>; Tue, 19 Jul 2022 12:15:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H8ERMc8Hp7IC for <bimi@ietfa.amsl.com>; Tue, 19 Jul 2022 12:15:10 -0700 (PDT)
Received: from mail-yw1-x1136.google.com (mail-yw1-x1136.google.com [IPv6:2607:f8b0:4864:20::1136]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AD545C157B32 for <bimi@ietf.org>; Tue, 19 Jul 2022 12:15:10 -0700 (PDT)
Received: by mail-yw1-x1136.google.com with SMTP id 00721157ae682-31d7db3e6e5so151283017b3.11 for <bimi@ietf.org>; Tue, 19 Jul 2022 12:15:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=sI9a4r3XWWSXidKJV9NAJfRdFSjETYNWyrpJArG18C4=; b=Av6wOiezO73lQhXhGz3zlxcXR0mu9VM037NQoYFGIYqBBFOxZe3Ypq+uFerxCqrFfE R7WC5vnhS7cQxdtuIg6s7f4kC1ffplLLwj4gWROWRZQpC/qqW2B3vCKXsNgcPey/MISz Mw8BDvfRc6TdWp+zlBdyscofR58IBchK9ZBEq0laMQ4KjkW/l6H6mPghQe6eW0UpizpQ SsvqOvLU4mSzqvXTfp14S+n9TkctLIgK4kGFelSdIxXL0IeSXvRgrzxWsofuLUkHOwJn GiRPqUb+kefnKZxOV+rBDRC2Ud9tyUPxwB459SOrXR9QXvI3KMKQjE+tjMUe92t5Gd8y RR3g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=sI9a4r3XWWSXidKJV9NAJfRdFSjETYNWyrpJArG18C4=; b=s4bPX0DMGqMT8b1/Iplh0Fv9lP5xoyMMeZh8PirHBACOpxmjYNAoxNgFIjqNnJeqdQ 9EKZESCKRu5bQ/QpClNc9LSSt4Qk/EsxDB+3XVlemP4ndoF+/e2MOVBMyFRQznz8A+3o vChHxZqG48XRZdxskSl+vJdlJrDtldyPbyPhEcgFmuWPxPoRQ1rh/Fy99JkHXffqg451 3517SGx2s1HitGyzJT23G6LPmPdqQ/AZvmt8spnf2jF9TuThG6abAV9MTS7EVPTxvMEw YMSo30hvxMGlaS8SbjjP1YhdAPk2KMIlH3miSq9knnpMkw6u3eFN0lS77SpxRG/foSL0 pR5A==
X-Gm-Message-State: AJIora8945VKb/eYysEtICI6jBtrGLdaObZZCvoA4mogBaZBiBMntgsW lsKPfasct718nT84wG4AsDJcvrkLsVphGs1U9ci11RJEUyixfg==
X-Google-Smtp-Source: AGRyM1sCOu3s6HFXq1D46LQ5i+8QccXo1igY5ZalgfU8jMROX+OlcNp+CbDB+WmQtK3HDhPqxGE2i8AQi6KQB84iA6I=
X-Received: by 2002:a81:5a06:0:b0:31d:a775:7350 with SMTP id o6-20020a815a06000000b0031da7757350mr38169493ywb.130.1658258109628; Tue, 19 Jul 2022 12:15:09 -0700 (PDT)
MIME-Version: 1.0
References: <DE61AC51-4BC3-44FF-862D-7D8ADFB3BC29@proofpoint.com> <20CBD506-7E50-4161-ADE6-64614630B1B2@proofpoint.com> <CAHej_8kridbc322MDRpxfgd+8Y2yNacxTAtvr+HF=+wevdRQhw@mail.gmail.com> <VI1PR01MB70538965904FD08A49F75C37C78C9@VI1PR01MB7053.eurprd01.prod.exchangelabs.com> <11A2B052-A26C-4A9C-9D88-72B594DA1C59@proofpoint.com> <VI1PR01MB70537BA29DA1F456B858C17FC78C9@VI1PR01MB7053.eurprd01.prod.exchangelabs.com> <6993E8B6-11A0-4AF3-A94E-044F880E56BC@proofpoint.com> <CAHej_8kjwtGE4rDrXfTpgThOD-jh7t0GK9EUnVjVZT_OJzzsvg@mail.gmail.com> <VI1PR01MB705353E36328899609DE2471C78C9@VI1PR01MB7053.eurprd01.prod.exchangelabs.com> <12a85dfe-664f-d757-0fa2-81f17c8088c2@dcrocker.net> <4e9ab94e-8675-df70-3e4b-00edcedb266e@dcrocker.net> <5DE65D46-853F-4F61-ADA7-20CB5E7E6840@kitterman.com> <7f030278-3f9b-c8ea-f9eb-644f006cded9@dcrocker.net> <CC11EF68-1E27-41CD-AE2D-AC26DA261EAD@kitterman.com>
In-Reply-To: <CC11EF68-1E27-41CD-AE2D-AC26DA261EAD@kitterman.com>
From: Todd Herr <todd.herr@valimail.com>
Date: Tue, 19 Jul 2022 15:14:53 -0400
Message-ID: <CAHej_8mNCTw0LpnWTBCpqZJhHQcDgrsC4truK1dD_-HbyVgsWA@mail.gmail.com>
To: Scott Kitterman <sklist@kitterman.com>
Cc: bimi@ietf.org
Content-Type: multipart/alternative; boundary="00000000000092194805e42d4d77"
Archived-At: <https://mailarchive.ietf.org/arch/msg/bimi/Xy_d8awsFv7oRSBU1_e1I08hQYg>
Subject: Re: [Bimi] Proposal to Clarify Role of MUA in BIMI Evaluation
X-BeenThere: bimi@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Brand Indicators for Message Identification <bimi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bimi>, <mailto:bimi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bimi/>
List-Post: <mailto:bimi@ietf.org>
List-Help: <mailto:bimi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bimi>, <mailto:bimi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jul 2022 19:15:14 -0000

On Tue, Jul 19, 2022 at 2:07 PM Scott Kitterman <sklist@kitterman.com>
wrote:

> On July 19, 2022 6:03:10 PM UTC, Dave Crocker <dhc@dcrocker.net> wrote:
>
> >Considering your comments a bit further, it appears you are suggesting
> that BIMI does not need to validate at the time of display.
>
> Maybe.  I won't claim to have been following the details closely enough to
> have an opinion.  For underlying authentication methods, such as DKIM, I
> think it's critical to evaluate them at the time of receipt and store the
> results.  That might also be true of Bimi, but I don't know.
>
>
To me, BIMI's reliance on DMARC passing (and being at something other than
p=none) means that the condition at time of message receipt is the only one
that matters. The current version of the draft specification even discusses
a method for recording results -
https://datatracker.ietf.org/doc/html/draft-brand-indicators-for-message-identification#section-7.7
- and those results could theoretically be relied on by an MUA at display
time, assuming that the MUA has reason to trust the recorded results.

-- 

*Todd Herr * | Technical Director, Standards and Ecosystem
*e:* todd.herr@valimail.com
*m:* 703.220.4153

This email and all data transmitted with it contains confidential and/or
proprietary information intended solely for the use of individual(s)
authorized to receive it. If you are not an intended and authorized
recipient you are hereby notified of any use, disclosure, copying or
distribution of the information included in this transmission is prohibited
and may be unlawful. Please immediately notify the sender by replying to
this email and then delete it from your system.

v2.23.0 | Report a Bug | By Email