IETF Logo Mail Archive

Re: [Bimi] MUA Evaluation of BIMI

Dave Crocker <dcrocker@bbiw.net> Tue, 15 March 2022 18:15 UTC

Return-Path: <dcrocker@bbiw.net>
X-Original-To: bimi@ietfa.amsl.com
Delivered-To: bimi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3580E3A14DD for <bimi@ietfa.amsl.com>; Tue, 15 Mar 2022 11:15:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.109
X-Spam-Level:
X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=bbiw.net header.b=tKBohP3M; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=aQx023at
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id InvIGmEnDzJR for <bimi@ietfa.amsl.com>; Tue, 15 Mar 2022 11:14:57 -0700 (PDT)
Received: from wout2-smtp.messagingengine.com (wout2-smtp.messagingengine.com [64.147.123.25]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C70783A18DF for <bimi@ietf.org>; Tue, 15 Mar 2022 11:14:38 -0700 (PDT)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailout.west.internal (Postfix) with ESMTP id 94FAE32020C1; Tue, 15 Mar 2022 14:14:37 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Tue, 15 Mar 2022 14:14:37 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bbiw.net; h=cc :cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to; s=fm2; bh=RlGO/8IqiiAbxW qS6L1BjKBu48nv550lG1UAz73qyds=; b=tKBohP3MMTgXP9hUdl9qtQQ7kL4fRN vwWgmsRTQr60Q8If7NSZPDiNwZXkQBNKzw3rCYLXXtLgSUadU9OHxNfsZr+PDAPC Z3BQ0N5E0gmu1DzFZxHbIAWplztbH+1qcAzYmV6I9I1wak6rWyJW6pOsG+M67ceo cWG4f/PxPqAhb+s2JslV5xMWtBAq0lFGBm3M9otebnMtqKJp+Sh/orssbZ86fv+G EG+wMlwxamn+mH5OkFy9MYGmZ3xWqfNVnueMX7qptflz0jS4sMmQ2CARoi456w/f Sqg0EHCRha5EnGsXy8EgfqPoRl50V/9SPdPHgbPR4ctILb6X9vlKd4Sw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; bh=RlGO/8IqiiAbxWqS6L1BjKBu48nv550lG1UAz73qy ds=; b=aQx023atL0QfYEJ/ykqFJhwPkcQHXiLNB2NBNy7KAkG+xS5ffZi+Q8XNW 2DRAefTpK+rqOeMBzzm9P5GLdsj/7q5haGUeqg1RgawvVWvXNeB08BfFVAck71HU bWWYfLtoH71wKzhB0Xzn4jlSfsW9NbVw0TZ2a3B4LUazYWWoHWgUeG0FHMaTZ7B3 DW+cbuh89sTks5V66MRzKW/vUUbsvU1XoEWCVCGz0qWwzj9HlTijO1xJWcwd35qA WQ84O7CX4JKacU7xvogxNtbnGKWn+CBaOvZ3qhIMlsWH45EdWy0e7Me00QGvAx+0 z4JahBCXQg2IDdZJ/s6Su6xwizzAQ==
X-ME-Sender: <xms:jNcwYiTRkxYWLzz2sEDD49UcI8DutWU65C8knRkemSgKZJ5A2fD77g> <xme:jNcwYnyA_LfR6aNpCI4bkcURf7g3P8AdkzcUdpQyibb2nCcwKuOkjJuWaS1PMV7NW -t4Tx-94K23kygzrg>
X-ME-Received: <xmr:jNcwYv10oiPpqACg3RZPduLVsPwgP8IpVHlGnZ3L_v7CwPtUPJWVFnng_EXhjisgTEbUZTFdF9u1droamp_Qkai0LX5HgprfRAy3jMIs>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddrudeftddguddtlecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefkffggfgfuvfhfhfhojggtgfesthejredttdefjeenucfhrhhomhepffgr vhgvucevrhhotghkvghruceouggtrhhotghkvghrsegssghifidrnhgvtheqnecuggftrf grthhtvghrnhepheejuefguefgveeutdffkeeifeeuveetfffgfefgvdekveetvdfggeej tdeigfevnecuffhomhgrihhnpegssghifidrnhgvthenucevlhhushhtvghrufhiiigvpe dtnecurfgrrhgrmhepmhgrihhlfhhrohhmpegutghrohgtkhgvrhessggsihifrdhnvght
X-ME-Proxy: <xmx:jNcwYuCJZqVX1XlxIM5_aUqR7hr1PbFMT6-YAb6uokFnDa2-vggvWQ> <xmx:jNcwYri4SyP7a02N1NXWfmJ8kap290nFq6GHpXCXQILVpqkRHIRLEw> <xmx:jNcwYqqSuWmoyBjTkUC07BL-gIr2sCnkzhdwjBAPcnBj7KeWUiH60A> <xmx:jdcwYusk4EsOx_MJL7rkyF5kcWvDLN77RffUsdImUwFvv_GakIJ6wA>
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 15 Mar 2022 14:14:36 -0400 (EDT)
Message-ID: <93af3d33-bf16-74cc-9c9f-c65865dc5c4d@bbiw.net>
Date: Tue, 15 Mar 2022 11:14:34 -0700
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0
Content-Language: en-US
To: Ken O'Driscoll <ken=40wemonitoremail.com@dmarc.ietf.org>, Trent Adams <tadams@proofpoint.com>, "Brotman, Alex" <Alex_Brotman@comcast.com>
Cc: "bimi@ietf.org" <bimi@ietf.org>
References: <7639D8E5-B8CA-48E6-B6F3-63BA091C3AC5@contoso.com> <VI1PR01MB7053B6AF625A5FFB2222F795C70F9@VI1PR01MB7053.eurprd01.prod.exchangelabs.com> <MN2PR11MB4351276056888F77815E220EF70F9@MN2PR11MB4351.namprd11.prod.outlook.com> <CB922168-3B56-488E-90DD-2591B064F9FF@proofpoint.com> <VI1PR01MB70533C10733D41443FD2A801C7109@VI1PR01MB7053.eurprd01.prod.exchangelabs.com> <a9fc90ba-7015-cf52-e433-6bf80ca26b0a@dcrocker.net> <VI1PR01MB7053973E7BE66482A2E23E8EC7109@VI1PR01MB7053.eurprd01.prod.exchangelabs.com>
From: Dave Crocker <dcrocker@bbiw.net>
Organization: Brandenburg InternetWorking
In-Reply-To: <VI1PR01MB7053973E7BE66482A2E23E8EC7109@VI1PR01MB7053.eurprd01.prod.exchangelabs.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/bimi/eXiKUYQhd-iqRlZhGyymyR7GYGc>
Subject: Re: [Bimi] MUA Evaluation of BIMI
X-BeenThere: bimi@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Brand Indicators for Message Identification <bimi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bimi>, <mailto:bimi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bimi/>
List-Post: <mailto:bimi@ietf.org>
List-Help: <mailto:bimi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bimi>, <mailto:bimi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Mar 2022 18:15:07 -0000

On 3/15/2022 11:00 AM, Ken O'Driscoll wrote:
>> So, not, it is not (necessarily) the wrong place for the
>> operation.
> 
> Sure, DKIM can be implemented in an MUA, but the accuracy of the
> results is architecture dependent. For example, if the architecture
> modifies inbound messages after DKIM is verified (e.g., puts an
> "External message" warning in) then while the A-R header is correct,
> the MUA-level DKIM validation will give a different answer. The MUA
> may correctly validate DKIM but that does not fully inform the user
> of anything useful regarding message authentication.
> 
> So yes, it's possible but with too many caveats to be useful to
> recommend in general, or in a specification.

1. the concern applies to all components that touch the message along 
the path.  Within a recipient's enterprise system, the odds of this 
being a problem might be higher, but that simply points to the need for 
clarity about end-to-end trust issues with BIMI use; it also turns out 
to play into the next, larger point...

2. Just as the enterprise might mess up the DKIM signature, it might 
create problems with an A-R field.



> I believe the same goes, to a lesser degree, for MUA-level ARC

Sorry to have left that off.  As I recall, it, too, is an end-to-end 
architecture that can reasonably be implemented in the MUA.  And yes, 
handlers along the path to it can mess up the ARC data.



>> As for the receiving MTA lying, turn the issue around:  how can the
>> MUA know that the field came from that specific, well-behaved,
>> thoroughly compliant MDA or MTA.
>> 
>> Broadly, how is the chain of trust established sufficiently for the
>> MUA to know that the A-R header field is to be trusted?
> 
> I'm actually not sure that they should be programmatically trusted by
> an MUA because there isn't an established reliable low-cost mechanism
> to do so. 

I think you've just implied that an independent MUA should never display 
a BIMI icon, since it can't be trusted...


By that I mean, for example, even if the ARC trust issue
> was solved tomorrow, I doubt that a mobile phone based MUA is going
> undertake the resource cost of reliability implementing ARC
> validation for each message.

I was making an architectural point, which means it is independent of 
implementation specifics.

You are making a reasonable point, but it is about a specific 
implementation/use concern  (And given the power and connectivity of 
typical smartphones these days, uhhh...)



> MUA level trust in headers should be based on user/implementor
> awareness of its limitations and risks. A spec. can do that. A spec.
> could even say that a TLS connection between the MUA and MTA is
> required. If you want chain of trust at MUA level, then use a
> PKI-based solution.

This goes back to the original point that this issue needs due diligence 
and documentation.



> I believe the goal should be to avoid as much as possible some future
> MTA-level implementation with the hypothetical
> "Always_show_BIMI_logo_regardless = true;" configuration option. I
> think that best way to work towards that goal is for the
> specification to clearly articulate the conditions, limitations, and
> considerations for implementing BIMI at MUA level.

+1

d/


-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net

v2.23.0 | Report a Bug | By Email