Re: [dmarc-ietf] Composition Kills: A Case Study of Email Sender Authentication
John Levine <johnl@taugh.com> Tue, 21 April 2020 18:23 UTC
Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 982D13A0988 for <dmarc@ietfa.amsl.com>; Tue, 21 Apr 2020 11:23:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.85
X-Spam-Level:
X-Spam-Status: No, score=-1.85 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=PjcQTJvb; dkim=pass (1536-bit key) header.d=taugh.com header.b=ZbaXuEjT
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RqkOzBQ4VVfQ for <dmarc@ietfa.amsl.com>; Tue, 21 Apr 2020 11:23:44 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7F27A3A0C19 for <dmarc@ietf.org>; Tue, 21 Apr 2020 11:22:44 -0700 (PDT)
Received: (qmail 50436 invoked from network); 21 Apr 2020 18:22:42 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=c502.5e9f39f2.k2004; bh=Ki6kFOZU1oTr9qc9AwW8Lb/vvNxVsZCB+o0/+/kd2A8=; b=PjcQTJvbkPk15ivokqV1bjV0WunyERWnzPXsmfHRRqowE6Ntxi91Fvj9GyXRPXljmUOkZkBIpo32w6krmXQhrt2qQh18tgjLCXfNxgdLqmDtHLofNOFeMuVf71Z4u97zcYLIGccDyAaYnLdPRkWyakD8Tlk71R78YIL/sroN/DseL7/BGiRNPHTUoywk7c8EzVQxQDgbWZSY7fApchmOyggS5aBt93w/pZLuM7W7I8AJkWXIWj1RjdCCm5Rfv/g7
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=c502.5e9f39f2.k2004; bh=Ki6kFOZU1oTr9qc9AwW8Lb/vvNxVsZCB+o0/+/kd2A8=; b=ZbaXuEjTNGZnhbNUnk5dY94kpuVczbEQ6ksNb0RVR0QlMmjSBxQP2fjcTC7ztpvjEYuD5N7o6tK0DaGA+vIIqsDHg4I+EPIyX9CQ/6HFrI/VaBqb0Peksc1uAlPVmHehdchRT3pBSNWFX9LX3vTaCU3GrqAw0fV8lyruPaqj21IgC2/Ag+kO8qWZcZCn1BrgnnodK7Z7J1MLQYj2DoJ1Rt+3lgBxymCWwW8PBsTphGLSiPZrJdCz8brlr8G+lk5b
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTP via TCP6; 21 Apr 2020 18:22:42 -0000
Received: by ary.qy (Postfix, from userid 501) id 15AEB181144D; Tue, 21 Apr 2020 14:22:41 -0400 (EDT)
Date: Tue, 21 Apr 2020 14:22:41 -0400
Message-Id: <20200421182242.15AEB181144D@ary.qy>
From: John Levine <johnl@taugh.com>
To: dmarc@ietf.org
Cc: scott@kitterman.com
In-Reply-To: <2656238.kvSPeydUtl@sk-desktop>
Organization: Taughannock Networks
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/4BgirbCChQafXdc8ACQ9X_-U6d8>
Subject: Re: [dmarc-ietf] Composition Kills: A Case Study of Email Sender Authentication
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Apr 2020 18:23:47 -0000
In article <2656238.kvSPeydUtl@sk-desktop> you write: >There is probably protocol improvement work that should be done based on: > >https://www.usenix.org/system/files/sec20fall_chen-jianjun_prepub_0.pdf I didn't see any protocol issues other than the well known DKIM multiple From: headers (the Doug Otis feature) and l=. They certainly did find a lot of implementation bugs, some of which I found pretty surprising, like Gmail allowing and misinterpreting NUL characters in DKIM signature headers. This sounds like we need more test suites and perhaps more reminders that when you're writing security software, being forgiving of other people's bugs will backfire on you. R's, John
- [dmarc-ietf] Composition Kills: A Case Study of E… Scott Kitterman
- Re: [dmarc-ietf] Composition Kills: A Case Study … Kurt Andersen (b)
- Re: [dmarc-ietf] Composition Kills: A Case Study … John Levine
- Re: [dmarc-ietf] Composition Kills: A Case Study … Dave Crocker
- Re: [dmarc-ietf] Composition Kills: A Case Study … Scott Kitterman
- Re: [dmarc-ietf] Composition Kills: A Case Study … John Levine
- Re: [dmarc-ietf] Composition Kills: A Case Study … Juri Haberland
- Re: [dmarc-ietf] Composition Kills: A Case Study … ned+dmarc