IETF Logo Mail Archive

Re: [dmarc-ietf] ARC-Seal is meaningless security theatre

Scott Kitterman <sklist@kitterman.com> Tue, 08 August 2017 14:28 UTC

Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E35DF132337 for <dmarc@ietfa.amsl.com>; Tue, 8 Aug 2017 07:28:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kitterman.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QNCxae71wkit for <dmarc@ietfa.amsl.com>; Tue, 8 Aug 2017 07:28:15 -0700 (PDT)
Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [208.43.65.50]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 32FE213232F for <dmarc@ietf.org>; Tue, 8 Aug 2017 07:28:15 -0700 (PDT)
Received: from kitterma-e6430.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id 2E415C403DE for <dmarc@ietf.org>; Tue, 8 Aug 2017 09:28:13 -0500 (CDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=201409; t=1502202493; bh=f7HUM/4fqdDSgCPyYZF4UC0Jc5k5/GGVKXYI3QfJR/8=; h=From:To:Subject:Date:In-Reply-To:References:From; b=A4ZdPklPKbgZXq7gBZhQvUxFtiGDdOstt8JqX81tBlgWfzUBNfRP+5TUsDaOkk9lX wM3Jh/vjfyt17KBhMmW+SFOopiI+HoDEQCOnPcUIKCpl0mpvdYdbtNceVEJnXoS9IX AvJL1I0hzCWDY3kigywTASAe3OCOZ/lhqAnCBRMI=
From: Scott Kitterman <sklist@kitterman.com>
To: dmarc@ietf.org
Date: Tue, 08 Aug 2017 10:28:12 -0400
Message-ID: <2720431.u3G7bbkkxK@kitterma-e6430>
User-Agent: KMail/4.13.3 (Linux/3.13.0-125-generic; KDE/4.13.3; x86_64; ; )
In-Reply-To: <1502200759.3946686.1066841264.607B4D0B@webmail.messagingengine.com>
References: <1502083287.2191248.1065195288.7CDC7FF3@webmail.messagingengine.com> <CABuGu1oTMbuLd4yTwecu5sKFnsmH+HiwT1FG=JpySYHzpMTx_w@mail.gmail.com> <1502200759.3946686.1066841264.607B4D0B@webmail.messagingengine.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/-x7S6mhX19GKSQBvDVVjOkCGpMo>
Subject: Re: [dmarc-ietf] ARC-Seal is meaningless security theatre
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Aug 2017 14:28:17 -0000

On Tuesday, August 08, 2017 11:59:19 PM Bron Gondwana wrote:
> On Tue, 8 Aug 2017, at 23:36, Kurt Andersen (b) wrote:
> > On Mon, Aug 7, 2017 at 9:10 PM, Bron Gondwana
> > <brong@fastmailteam.com> wrote:>> __
> > 
> >> . . .  If you aren't willing to agree that the most recent liar can
> >> 
> >>   repurpose an existing chain, I'm happy to avoid making the forgery,
> >>   otherwise I'll make up a forgery and send it to the list.>>
> >> 
> >> But since you either trust every hop to do good checks, or you
> >> don't trust the entire message - then the ARC-Seal is literally
> >> adding nothing.  It adds no meaning, just extra work.  Hence my
> >> snakeoil claim.>>
> > 
> > Is your concern that the last hop (or any other) can essentially do a
> > wholesale replacement of the message contents and that there is no way
> > to distinguish that from a semantically meaningless footer tweak?>
> > I'm not sure that I understand your assertion that you can forge an AS
> > any more than you could forge a DKIM signature.
> 
> The whole point of verifying the chain of AS all the way back to i=1
> is that you can tell that the message went through those servers, in
> that order.
> But it's bogus, because AS doesn't sign anything except itself and some
> AMS and AAR.  Once AMS doesn't validate any more (any change at all)
> then you can't really tell that the message passed through there, just
> the _a_ message passed through there.
> So I could take an existing message that had passed through Google and
> create a brand new message and pass it off as if it had passed through
> Google before passing through my server on its way to you.
> In which case - the AS is meaningless.  It claims something which is
> only true if everyone plays by the rules.  But if everyone plays by the
> rules, then it's excessive.  You could just check the previous AAR and
> know that the previous site had validated the hop before it, and so on.
> It's crypto that doesn't add anything of value.
> It's not actively damaging (other than the advice to do excessive DNS
> lookups), but it's also not doing anything meaningful, and it's adding
> something forgeable that looks like it means something.
> Bron.

I think the "Once AMS doesn't validate anymore ..." argument is an suggestion 
that it's fragile, not that it's pointless.  I have concerns myself about the 
robustness of this design, but I think that's best addressed through 
deployment and experimentation.

The fail case isn't very interesting.  If it doesn't validate it, ignore it.

I'm not sure yet what exactly the pass case buys, but I'm not convinced it's 
nothing.

Scott K

v2.23.0 | Report a Bug | By Email