[dmarc-ietf] Weakend Signatures vs Experimental draft
"Douglas E. Foster" <fosterd@bayviewphysicians.com> Wed, 30 September 2020 10:27 UTC
Return-Path: <btv1==542a4e86b95==fosterd@bayviewphysicians.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16AEC3A0AAB for <dmarc@ietfa.amsl.com>; Wed, 30 Sep 2020 03:27:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bayviewphysicians.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vh-hr5hG8rkW for <dmarc@ietfa.amsl.com>; Wed, 30 Sep 2020 03:27:36 -0700 (PDT)
Received: from mail.bayviewphysicians.com (mail.bayviewphysicians.com [216.54.111.133]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 155FF3A0A90 for <dmarc@ietf.org>; Wed, 30 Sep 2020 03:27:35 -0700 (PDT)
X-ASG-Debug-ID: 1601461654-11fa3109a827ca60001-K2EkT1
Received: from webmail.bayviewphysicians.com (webmail.bayviewphysicians.com [192.168.1.49]) by mail.bayviewphysicians.com with ESMTP id TpT4xv9Q9g9120I9 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NO) for <dmarc@ietf.org>; Wed, 30 Sep 2020 06:27:34 -0400 (EDT)
X-Barracuda-Envelope-From: fosterd@bayviewphysicians.com
X-Barracuda-RBL-Trusted-Forwarder: 192.168.1.49
X-SmarterMail-Authenticated-As: fosterd@bayviewphysicians.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bayviewphysicians.com; s=s1025; h=message-id:reply-to:subject:to:from; bh=uxYVJp53G61SEtxYBzPwo9WUcxFZAVy4oseNOh8sToo=; b=cJENk6z4OAiAHX/yXoI5Sj27d6whetlTm5sCejTFob3o+eF6zkqJjkwoYr8+nSjUo L1FXnFGp7KlHXC1D79YkZN6rwBHMqJ6TE/YvkKWjP3H4PrK5EvVKCuZBUROyHyNzG PCAEI5b42y8lSk0mi/vXqbKjOh9CNP+1T4Z7pBm7Q=
From: "Douglas E. Foster" <fosterd@bayviewphysicians.com>
To: "dmarc@ietf.org" <dmarc@ietf.org>
Date: Wed, 30 Sep 2020 06:27:26 -0400
X-ASG-Orig-Subj: Weakend Signatures vs Experimental draft
Reply-To: fosterd@bayviewphysicians.com
Message-ID: <11b4d6127cd748afa47c75387ed85c04@bayviewphysicians.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="11dcd077b24f48b28efd7fc0f9ab2831"
X-Exim-Id: 11b4d6127cd748afa47c75387ed85c04
X-Barracuda-Connect: webmail.bayviewphysicians.com[192.168.1.49]
X-Barracuda-Start-Time: 1601461654
X-Barracuda-Encrypted: ECDHE-RSA-AES256-SHA384
X-Barracuda-URL: https://mail.bayviewphysicians.com:443/cgi-mod/mark.cgi
X-Virus-Scanned: by bsmtpd at bayviewphysicians.com
X-Barracuda-Scan-Msg-Size: 9337
X-Barracuda-BRTS-Status: 1
X-Barracuda-Spam-Score: 0.00
X-Barracuda-Spam-Status: No, SCORE=0.00 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=9.0 tests=HTML_MESSAGE
X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.84978 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- 0.00 HTML_MESSAGE BODY: HTML included in message
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/3fJ62R-sr566AD_2VJIB7qdUSGE>
Subject: [dmarc-ietf] Weakend Signatures vs Experimental draft
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Sep 2020 10:27:38 -0000
Weakened signatures seem capable of getting to the desired goal more quickly than the draft under consideration. Building on prior discussions of conditional signatures, I define a "weakened signature" as: one where SUBJECT is omitted from the header list, and l=0 is included to exclude the body content. The protected user-visible content becomes limited to From, To, and Date headers. Benefits ====== Legitimate edits are allowed. Mailing lists, auto-forwarders, and other mediators can edit subject and body content without invalidating the signature. DMARC policy can still be set to p=reject or p=quarantine. Only Mediators can use the weakened signature To benefit from the weakened signature, a system must be in possession of a validly-signed message. Time-Limited A weak signature is only valid until is expiration time. No specification needed This approach can be implemented immediately, by anyone. Disadvantages ============ Replay Attacks are possible. Any attacker who gains possession of a weakened-signature message can use it to send an unlimited number of messages, using the same From/To/Date combination, until the signature expiration. Since the SMTP Recipient address is not required to align with the Message To header, the attacks could include recipients unrelated to the original message. Potentially-wide scope: Every recipient of a mailing list message is a potential source for leakage of signature information, so the message is at risk both when in transit and when at rest in destination systems. Mitigation Options ============== Sender-side mitigations by the Domain Owner Limited Deployment A sender could choose to only apply the weakened signature when the destination is a known to need to make changes and is trusted to do so. This limits the opportunity for messages to be intercepted for use in a replay attack. Dual Signatures A sender could apply a weakened signature and a traditional signature, to permit recipient systems to evaluate messages based on the strength of the signature used. By using different selectors for the two signatures, DMARC reporting would help identify which mediators are making signature-altering changes. To help ensure that a traditional signature is detected and used first by the receiving system, the traditional signature should appear first, followed by the weakened one. Recipient-side mitigations A recipient could check signature parameters to determine whether it was weakened or traditional, and prefer the traditional signature when both are valid. When only a weakened signature is valid, the recipient can perform differential handling, based on the reputation of the submitting server and other factors. Changes required: ============== Sending Domains Senders would need to choose to participate in this scheme by applying a weakened signature. Conditional use of a weakened signature may require software changes. Simultaneous application of weakened and traditional signatures may require software changes. Mediators Mediators would need to test for the presence of a weakened signature, and use that result to decide whether From-rewrite could be avoided. Recipient Domains Recipients can be assumed to participate immediately, on the assumption that very few recipients currently apply differential handling of traditional and weakened. Software changes may be needed, if recipient domains wish to implement differential handling of traditional and weakened signature. Comparison to Crocker Draft ====================== Draft proposal requires sender domains to opt-in by configuring a DNS entry, so all outbound messages are affected. Draft proposal allows impersonation by any system which can apply a Sender header and a valid signature for the sender domain, so the range of possible spoof sources is unlimited once a domain opts-in. Draft proposal can be used to impersonate without intercepting a valid message. Draft proposal requires recipient domains to opt-in, and to implement new logic when doing so. Draft proposal does not provide a way for mailing lists to know or assume that the recipient domain is participating.
- [dmarc-ietf] Weakend Signatures vs Experimental d… Douglas E. Foster
- Re: [dmarc-ietf] Weakend Signatures vs Experiment… Alessandro Vesely