Re: [Bimi] Today's BoF

[John C Klensin <john-ietf@jck.com>]

Wei,

Two observations on separate notes...

--On Sunday, March 31, 2019 16:48 -0700 Wei Chuang
<weihaw@google.com> wrote:

>...
> My worry, as Dave Crocker's recent message on BIMI highlights,
> is that these domain based authentication methods depend on
> the integrity of DNS, and apparently there's now viable
> attacks on DNS (The Route 53/BGP hijack is another).  Perhaps
> this proposal needs to take into account such DNS attacks now
> rather than later.
>...

There are two other, far more fundamental and closely related,
issues with domain-based authentication that I don't think the
BIMI proposal addresses.  

We've now got somewhat more than 1500 top level domains.  For a
significant fraction of them (I'd guess the vast majority) there
are only two qualifications for obtaining a second-level domain
under that TLD: ability to pay what is usually a fairly nominal
amount and a working email address.   Typical contracts between
a TLD operator and the buyer of an SLD transfer all
responsibility for obedience to, or violation of, trademark laws
to the latter.  There is, in general, no requirement for the TLD
to pay any attention to whether a proposed SLD name would
infringe on a trademark, even an internationally well-known one,
and considerable incentive for them not to do so.

So assume you have a company who holds a registered trademark
and associated domain name as, e.g., BigCo.co.uk.  They have all
of the right certificates and bind a logo to that domain.   Now
let's assume that a party comes along who wants to attack BigCo
and its logo.  Rather than pointing the finger at existing
domains, assume that a TLD names "evil" is allocated and
delegated in the near future and that their business model was a
little ethics-challenged (perhaps not much more than the
average, but that is not an important issue).  So someone comes
along, someone who is clearly not BigCo, and obtains BigCo.evil
(remember, all they need is ability to pay and an email
address).   They have little trouble obtaining certificates in
that name because, as far as the DNS environment is concerned,
they legitimately hold it.   They send mail out from that
address using BigCo's logo, either embedded or via some URL.
So, think the users will notice the logo does not have your seal
of approval and that the domain is in "evil." rather than
"co.uk."?  See the problem?  

Of course, BigCo can attempt to use the courts and/or ICANN
procedures to challenge BigCo.evil on the grounds of
infringement of their registered trademark, but there are two
problems with that.  One is that such challenges take a while
and are typically easily dragged out so that, by the time they
win and BigCo.evil is taken down, significant damage has been
done already and the operators of BigCo.evil are laughing all
the way to the bank.   The other is the second basic problem.

With the possible exception of a relatively small number of
internationally well-known / famous names and marks, registered
trademarks are tied to both geography and field of application.
If BigCo.co.uk sells widgets and BigCo.us makes blankets for
wizzles, there is most likely no trademark violation and both
companies may be completely legitimate (unlike the example
above), have the marks appropriately registered, and are able to
obtain even the highest assurance certificates possible
--different jurisdictions and business locations and different
fields of application.   Even if both selected logos that were
very similar, trademarks wouldn't help much.  

As Dave said, people have been working on these issues for well
over a century with very little discernable progress.    I can't
recommend holding your breathe about the latter problem and,
even if it were solved, that would still leave the nature of the
domain name market.

best,
   john