Re: [Bimi] Today's BoF
Wei Chuang <weihaw@google.com> Sun, 31 March 2019 23:48 UTC
Return-Path: <weihaw@google.com>
X-Original-To: bimi@ietfa.amsl.com
Delivered-To: bimi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F5A51201BE for <bimi@ietfa.amsl.com>; Sun, 31 Mar 2019 16:48:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.501
X-Spam-Level:
X-Spam-Status: No, score=-17.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zkNXQqWuxKyR for <bimi@ietfa.amsl.com>; Sun, 31 Mar 2019 16:48:44 -0700 (PDT)
Received: from mail-ua1-x932.google.com (mail-ua1-x932.google.com [IPv6:2607:f8b0:4864:20::932]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6DE90120073 for <bimi@ietf.org>; Sun, 31 Mar 2019 16:48:44 -0700 (PDT)
Received: by mail-ua1-x932.google.com with SMTP id d5so2459202uan.6 for <bimi@ietf.org>; Sun, 31 Mar 2019 16:48:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=6fNEG2yBG1OdpTjE+H43lq2o30yb0VAbq2Og8llaQHQ=; b=gcNav4SbICrVR0jENFJFslPznC3kx3HhxOIk6KGdM7Xc71y2lLeJQplVqE+b3e8iqX 2lE5QXgV/DS7Uvhx0CpQ/UGmJWX2QomwDaAx5s668yuqbW2C//hiHPs5x7GzBzxs45Ev 0OtEnYDl47+pJC4B62NAIUsrCQJK3MFcZGGmA97IkF/D00OMzEW5UbQLpl4czhjryaZU kcV+iZj8zRvrMfVNsm4P9EHuwYvGf6s260aiPljZkOlymfrNNeY0C7TF8/tvRJJUKUIe a+K7hEZ9MwsQjpv4J28WyQO2Io8vc36c5v8MPfo5df4caauBjEAJZrqayNCTXYIJifp1 iq/g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=6fNEG2yBG1OdpTjE+H43lq2o30yb0VAbq2Og8llaQHQ=; b=unHlxGXNxlZXTo5dFjk2ylJtUmcynn9gPsNAf/N2po25AHYey3SENnWF5rXoKhBUnE 2VZkYujj9COthvtcp4cyW24gdwlL+W4Qn52YeWZyhOqMezuSJqSckaFx/QB94LQ147EB vFTfGCAu0mIIEvpMkKNOJQ1L70hHJK/P1XgluDdU34HEW7KNRNZcHtHU1G1ApCR4ukNV Bt1vx5zUGVhjYxyzqakYLD9SrxHw75F1VKCXLR2bsG2GBIqOmy3vZwDLKP4MpnZ611zc nG+rQPQXR2tv3R9BF8ww2llhZZG4vpEe1qdO3cF032HNS6sC+f5XtCPLUJPeCXV++3OD DQNQ==
X-Gm-Message-State: APjAAAVUlKmViDHdV26ixJBetnyk9kFQirx7al/RW3pnkUUpi9t1DsGx tNhCOeEZdOcNjunDo4gwM1csemstzpUjA0Qjs/3RNA==
X-Google-Smtp-Source: APXvYqwrV6dKivpFAWIzacn56sBK310k1ObEW+449nFjD03xedM4wVR3dmswxPAEM0f043I+z+i7HPZTUEMNMziyDrA=
X-Received: by 2002:a9f:24ee:: with SMTP id 101mr28001350uar.87.1554076122978; Sun, 31 Mar 2019 16:48:42 -0700 (PDT)
MIME-Version: 1.0
References: <309EBD4AD64BE436663E721D@PSB>
In-Reply-To: <309EBD4AD64BE436663E721D@PSB>
From: Wei Chuang <weihaw@google.com>
Date: Sun, 31 Mar 2019 16:48:15 -0700
Message-ID: <CAAFsWK3uhFfeEt34wRJRQen1YVK4uNo=nxJoaGc4m84Y1J+ctQ@mail.gmail.com>
To: John C Klensin <john-ietf@jck.com>
Cc: bimi@ietf.org
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="0000000000004e724e05856c8b43"
Archived-At: <https://mailarchive.ietf.org/arch/msg/bimi/dTO8Xv_AnRlNOM8PjJvzLTe4BtY>
Subject: Re: [Bimi] Today's BoF
X-BeenThere: bimi@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Brand Indicators for Message Identification <bimi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bimi>, <mailto:bimi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bimi/>
List-Post: <mailto:bimi@ietf.org>
List-Help: <mailto:bimi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bimi>, <mailto:bimi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 31 Mar 2019 23:48:47 -0000
John, Apologies for the delay as I was in transit. *From: *John C Klensin <john-ietf@jck.com> *Date: *Thu, Mar 28, 2019 at 5:01 PM *To: * <bimi@ietf.org> > > More into the IETF problem space, the presentation, as I > understood it, seems to rely on technological ideas that have > been tried and rather thoroughly demonstrated to not work or not > be deployable in practice. BIMI depends on DMARC/DKIM/SPF, and if the sender/receiver chooses to validate the logo owner X.509. Certainly the former has been deployed at scale for email, and the latter web and other places at scale. > For starters, remember that we knew > by the late 1980s what a technical solution that would have > dealt with all of the key targets of the BIMI proposal and many > others would look like: Sign message bodies, and optionally > encrypt them, using a PKI that provided very strong assurance of > the binding between the certificate, the authenticated identity > of the signer, and with at least some connection to reputational > information. If that information did not check out on receipt, > the message would either be discarded or would be delivered with > very strong warnings. In particular, if brand identity > information were sent with the message, the recipient could be > assured of its authenticity by knowing where the message came > from in much stronger ways than provided by SPF, DKIM, and/or > DMARC. > On that I agree, that email sender based PKI aka S/MIME would provide much strong i.e. per sender verifiable identiy. > > While the technology evolved somewhat, it never took off. It > would probably be safe to say that, with the exception of a > rather few extra-paranoid or extra-privacy-sensitive individuals > and some special applications, adoption has been about zero. > Agreed. > There were several people at the BOF --in the room or remote-- > who could tell you at great length why that never happened > (although we might have different theories about which elements > were most important) but the bottom line is that, AFAICT, the > model presented at today's BOF relies on either the the > assumptions on that early idea The BIMI proposal depends on different, domain based authentication technologies that have been already deployed at scale. > and would be likely to have > deployment problems for similar reasons, or relies on variations > on those assumptions that are so diluted as to make attacks by a > determined party rather easy. > But agreed that using S/MIME would have been problematic, and that constraint certainly guides the BIMI proposal. My own informal polling was the key management per sender is too difficult for most senders to deploy. Even managing relatively few keys per domain as needed by DKIM and the crypto involved is burdensome to many, hence the proposal still allows for SPF. My worry, as Dave Crocker's recent message on BIMI highlights, is that these domain based authentication methods depend on the integrity of DNS, and apparently there's now viable attacks on DNS (The Route 53/BGP hijack is another). Perhaps this proposal needs to take into account such DNS attacks now rather than later. -Wei > john > > -- > bimi mailing list > bimi@ietf.org > https://www.ietf.org/mailman/listinfo/bimi >
- [Bimi] Today's BoF John C Klensin
- Re: [Bimi] Today's BoF Wei Chuang
- Re: [Bimi] Today's BoF Dave Crocker
- Re: [Bimi] Today's BoF Wei Chuang
- Re: [Bimi] Today's BoF Dave Crocker
- [Bimi] Laches (was: Today's BoF) Richard Clayton
- Re: [Bimi] Today's BoF John C Klensin
- Re: [Bimi] Today's BoF John Levine
- Re: [Bimi] Today's BoF John C Klensin
- Re: [Bimi] Today's BoF Wei Chuang
- Re: [Bimi] Today's BoF Wei Chuang
- Re: [Bimi] Today's BoF Wei Chuang
- Re: [Bimi] Today's BoF Richard Clayton
- Re: [Bimi] Laches (was: Today's BoF) Wei Chuang
- Re: [Bimi] Laches Dave Crocker
- Re: [Bimi] Laches John Levine
- Re: [Bimi] Laches Dave Crocker
- Re: [Bimi] Today's BoF Wei Chuang