IETF Logo Mail Archive

Re: [dmarc-ietf] third party authorization, not, was non-mailing list

Hector Santos <hsantos@isdg.net> Sun, 16 August 2020 17:19 UTC

Return-Path: <hsantos@isdg.net>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 597623A080C for <dmarc@ietfa.amsl.com>; Sun, 16 Aug 2020 10:19:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.049
X-Spam-Level:
X-Spam-Status: No, score=-3.049 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.949, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b=a8auzpmJ; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b=MoKSF3nq
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mbe3Zq5ALqqB for <dmarc@ietfa.amsl.com>; Sun, 16 Aug 2020 10:19:03 -0700 (PDT)
Received: from mail.winserver.com (ntbbs.winserver.com [76.245.57.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 313BE3A058F for <dmarc@ietf.org>; Sun, 16 Aug 2020 10:19:02 -0700 (PDT)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=3602; t=1597598335; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=+FXQI5qwZb7bTSB1sFk0IcT+GsU=; b=a8auzpmJtnpgH6gRR3Jerg+vcpz/W3MA4fD5mxBdO5u8enE8RWCQgw8y2By+5Y LOTHnrPcUz6MA0HFuM0mVaaeaAZEImIyY2dFvML+spXELeKF+GM3NHPgK84svEXD XoV6rrHqY1tN3ADwDRwJo0XKN9PhJ+rmM8iKf7iPTp4sY=
Received: by mail.winserver.com (Wildcat! SMTP Router v8.0.454.10) for dmarc@ietf.org; Sun, 16 Aug 2020 13:18:55 -0400
Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; dmarc=pass policy=reject author.d=isdg.net signer.d=beta.winserver.com (atps signer);
Received: from beta.winserver.com ([76.245.57.74]) by mail.winserver.com (Wildcat! SMTP v8.0.454.10) with ESMTP id 4030608095.1.7088; Sun, 16 Aug 2020 13:18:53 -0400
DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=3602; t=1597598187; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=ed+Rw2/ SEa/nfz04Z8UNhLgRtmo7vK0Dg9fI/ZVhcQ0=; b=MoKSF3nqHEBV1YczspfBlnP XN4CaceIo/z9Szn0bzsO1QZQyc74eh4C3/5GfFO6uHoEWeONaAEirGDZ+xjrZ91A Bz+sjLABVRK0x7Njj7flaNGk/qjB9+5TFVH4JvUcj8nvi4vT+1+FFg+Q9EsRwcX6 ZI8+sydbBblDEfB3p05o=
Received: by beta.winserver.com (Wildcat! SMTP Router v8.0.454.10) for dmarc@ietf.org; Sun, 16 Aug 2020 13:16:27 -0400
Received: from [192.168.1.68] ([75.26.216.248]) by beta.winserver.com (Wildcat! SMTP v8.0.454.10) with ESMTP id 3741362203.1.79424; Sun, 16 Aug 2020 13:16:26 -0400
Message-ID: <5F396A77.3000109@isdg.net>
Date: Sun, 16 Aug 2020 13:18:47 -0400
From: Hector Santos <hsantos@isdg.net>
Reply-To: hsantos@isdg.net
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1
MIME-Version: 1.0
To: dmarc@ietf.org
References: <20200810172411.A13681E7CD8B@ary.local> <7e9326fc-ae27-d4bd-9f2b-9896da8320f1@dcrocker.net> <CAL0qLwacyBbJscEM_a4-nvugO0HBaSAdPqUPkfYYOOb++cOjQQ@mail.gmail.com>
In-Reply-To: <CAL0qLwacyBbJscEM_a4-nvugO0HBaSAdPqUPkfYYOOb++cOjQQ@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/2pp__alpL7zefg2RzbOAWI8kOLw>
Subject: Re: [dmarc-ietf] third party authorization, not, was non-mailing list
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Aug 2020 17:19:05 -0000

On 8/13/2020 8:21 PM, Murray S. Kucherawy wrote:
> On Mon, Aug 10, 2020 at 10:27 AM Dave Crocker <dhc@dcrocker.net
> <mailto:dhc@dcrocker.net>> wrote:
>
>     > We have had a lot of attempts at third-party authorization schemes
>     .....
>     > With this in mind, I cannot see any point in designing yet another
>     > vouching or authorization scheme unless we have evidence that an
>     > interesting fraction of the world's mail systems want to use it. I
>     > don't see that, and honestly see no chance that we ever will.
>
>     +1
>
>
> I'm disappointed that the experiment never really got its day in
> court,

+1  and I want to give you credit for trying. Without you, I might 
have been long gone from the DKIM project WGs. So I thank you for 
keeping it interesting, but....

> but the consensus is clear.  +1.

Here I have to disagree. I don't ask anyone to agree with me but to 
understand my viewpoint as a long time participant and advocate of the 
DKIM Policy Model.  Early on, we had limited policy proponents. But 
not today.

I have a different viewpoint, a viewpoint that really that was blocked 
by the two controlling cogs who had DKIM interest else where, namely 
Levine, Crocker. Crocker has been more open ended. Not Levine. Since 
day 0, Levine never liked policy and to his credit, he admitted it as 
much. He killed SSP with the "poison pill" (crippled draft) ADSP 
replacement he knew would never make it pass LC.  Levine was always 
for the 3rd party trust/list signer idea - never a 1st party 
authorization. But he narrowed down the scope to the restrictive 
policy, removing any 3rd party consideration.  The same will most 
likely be true with DMARC with the same problems. Yet, why would any 
list developer deny new security options for list operations?  I never 
got that and that was before ADSP or even ATPS.  When it comes to 
DKIM, if Levine didn't like it, it simply wasn't happening. Sad to say 
and I don't see that changing.  So now that we have the top three cogs 
DKIM agreeing, there is not much reason to even bother anymore when 
one of them is the AD. What is one to think at this point?  "Follow 
the Chieftain" syndrome?

Just consider, we are 15+ yrs into all this and nothing was 
accomplished with DKIM in regards to LIST systems.  DMARC, with the 
same exact problems as ADSP, snuck on via an informational status. 
Nothing wrong there, but it was pushed as a standard and ventures were 
started.  Who wins? who loses?

I believe it would be prudent for the AD to look at the reasons why 
the IETF has failed with this DKIM Project.  If a cog is not for ADSP 
but for DMARC with the same problems, then what is that to say about 
this process?  It has not been a fair process to say the least. A lot 
of wasted time, money and energy.  It has been a long 15+ yrs and has 
become very tiring. :-(

Despite the 3rd party authorization brush back, the concept has never 
gone away. It says a lot and it will never go away under the current 
DKIM POLICY model using the required hash bound Author Domain anchor 
as the forcing function for authorization.

At this point, I would suggest to give the new generation IETF mail 
developers a new chance at DKIM-based security.  Rewrite DKIM as v3.0 
as you guys want it for 3rd party trust.  Remove the Author Domain 
dependency so that the world can nip the Mail tampering bug opened 
with Levine's Rewrite crud.

I wouldn't worry about backward compatibility. Two different streams, 
only the newer one will matter.


-- 
Hector Santos,
https://secure.santronics.com
https://twitter.com/hectorsantos

v2.23.0 | Report a Bug | By Email