Re: [dmarc-ietf] Response to a claim in draft-crocker-dmarc-author-00 security considerations
Dave Crocker <dcrocker@gmail.com> Fri, 17 July 2020 18:35 UTC
Return-Path: <dcrocker@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C3B5C3A0A3C for <dmarc@ietfa.amsl.com>; Fri, 17 Jul 2020 11:35:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0r4b-aKOlhTR for <dmarc@ietfa.amsl.com>; Fri, 17 Jul 2020 11:35:13 -0700 (PDT)
Received: from mail-oo1-xc43.google.com (mail-oo1-xc43.google.com [IPv6:2607:f8b0:4864:20::c43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 79B073A0816 for <dmarc@ietf.org>; Fri, 17 Jul 2020 11:35:13 -0700 (PDT)
Received: by mail-oo1-xc43.google.com with SMTP id z23so2020262ood.8 for <dmarc@ietf.org>; Fri, 17 Jul 2020 11:35:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language; bh=1YgxPSmvh54eylcglrcWcGtSmhWy/mr5lho7fZqYFdc=; b=AKgimeMr7MejfYBtlrto6sIE5J+FSLLUTMtR2ANKF5s+Qfzl9sVisu+rW230jIA6bD OSIdrx0w1Ay6zYAwopspfwgE1ak2QFYB7CUpKPqg+1zdKVznV+5zdSVf2aNi2ZdJJl66 31AquzV6vSejwkRGIbZqTbi/80SJjm/AVpW2JWdmdAzlI4JeGrkE5b2VdaXWW4gmfBAf X6uBsMj6y/Bmepv0+ld1RXtwVnxswyZnMfjsCRqHW6kyG9XRueXABNGcZmBLBxWJU66B sUU5bcQlvAgrHvpzhbeXxcrjtm8iIaX4g5WEG2vin8iLI+dVZwLLbmwM+ijs2PH+Yeqx mQOQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=1YgxPSmvh54eylcglrcWcGtSmhWy/mr5lho7fZqYFdc=; b=gexcNTeU90hZ8t+wqQgOfyG0QVzm4euOjkVwlmdjT8E6b4lj9N3tjA+MlaE3qoby82 hWy4BRJPVcKIbPjs1vcqlwyd8hWxbpgx4r2JPeLwDfJs3YQSJYs0KUfpOoJqqBSjnghx 88OVIfsW6rzkVk2Ec8aSGtOkPTWvhmPpl0TcFnQtPqXCPoVvlsCa+NEHYrjQ4FdqQFtO l92+UXrSsKASX5+63Uc3hyCNQjcTa7UgE1ZQ0c2P3Ibk3KKcpzGzDVaEngiIfxthdgz6 ojMP13KE/fywQ9+SVM2oHGBA6I2gaR40MRwCdzUIEdt3sY2bcBcZirXU0iBMvmhIEjd6 Y7Lg==
X-Gm-Message-State: AOAM531YJiRjovg1SR0lVNznt69iSPF9Q9FpX9xXcngzv1AbWd2Yb109 jDCcMXhTWBfzj7JByedC3llP5NynZto=
X-Google-Smtp-Source: ABdhPJxgfqTzyVeGV9xzuvsDemiWV0H1A00GRAy1urW/uNLVz7qunCEyk2ZjoJlqfFiUw7rMnNa3Vg==
X-Received: by 2002:a4a:b006:: with SMTP id f6mr9763708oon.13.1595010912483; Fri, 17 Jul 2020 11:35:12 -0700 (PDT)
Received: from ?IPv6:2600:1700:a3a0:4c80:39b9:ee99:c817:8bd8? ([2600:1700:a3a0:4c80:39b9:ee99:c817:8bd8]) by smtp.gmail.com with ESMTPSA id 108sm2056812oth.48.2020.07.17.11.35.11 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 17 Jul 2020 11:35:12 -0700 (PDT)
To: "Kurt Andersen (IETF)" <kurta+ietf@drkurt.com>, "dmarc@ietf.org" <dmarc@ietf.org>
References: <CABuGu1o3V00haqJB9s-PXvtV7nJmYE5sJ42a8mE290D+E3Gt-Q@mail.gmail.com>
From: Dave Crocker <dcrocker@gmail.com>
Message-ID: <cd9258e6-3917-2380-dd9b-66d74f3a64d3@gmail.com>
Date: Fri, 17 Jul 2020 11:35:10 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <CABuGu1o3V00haqJB9s-PXvtV7nJmYE5sJ42a8mE290D+E3Gt-Q@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------C30B88A34651FFCCC025982B"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/56Ni2f3T9vx59oOzgBHxxoRrf38>
Subject: Re: [dmarc-ietf] Response to a claim in draft-crocker-dmarc-author-00 security considerations
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jul 2020 18:35:15 -0000
On 7/17/2020 11:30 AM, Kurt Andersen (IETF) wrote: > Dave writes: > > However, for all of the real and serious demonstration of users' being tricked by deceptive or false content in a message, there is no evidence that problematic content in a field providing information about message's author directly contributes to differential and problematic behavior by the end user. > > I'd counter by personal anecdote that we have had to undertake > security remediations because of messages which were forwarded by our > CEO to other employees for responses which happened to contain malware > and/or bad links. Presumably, the cachet which was carried along with > "important person says look into this" overcame whatever native > caution or skepticism might have prevented them from falling prey > otherwise. Except that the problem isn't the email address, especially since almost no one sees those any more. And the display name isn't protected. I'm not quite motivated enough, or I'd have had this message contain: Kurt Anderson <dcrocker@gmail> and it would have passed the necessary tests... In other words, when we talk about threats and we talk about mitigations, we need to be careful that they align properly. (I suspect there's some irony in my choosing 'align' but it was not intentional, though I'll take the extra point for noting it.) -- Dave Crocker Brandenburg InternetWorking bbiw.net
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- [dmarc-ietf] Response to a claim in draft-crocker… Kurt Andersen (IETF)
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker on behalf of Kurt Andersen
- Re: [dmarc-ietf] Response to a claim in draft-cro… Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Alessandro Vesely
- Re: [dmarc-ietf] Response to a claim in draft-cro… Jim Fenton
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Murray S. Kucherawy
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Murray S. Kucherawy
- Re: [dmarc-ietf] Response to a claim in draft-cro… Alessandro Vesely
- Re: [dmarc-ietf] Response to a claim in draft-cro… Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… John Levine
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] no from addresses nowhere, Respo… John Levine
- Re: [dmarc-ietf] Response to a claim in draft-cro… Murray S. Kucherawy
- Re: [dmarc-ietf] Response to a claim in draft-cro… Murray S. Kucherawy
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Murray S. Kucherawy
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Alessandro Vesely
- Re: [dmarc-ietf] Response to a claim in draft-cro… Laura Atkins
- Re: [dmarc-ietf] Response to a claim in draft-cro… Benny Lyne Amorsen
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dotzero
- Re: [dmarc-ietf] Response to a claim in draft-cro… Benny Lyne Amorsen
- Re: [dmarc-ietf] Response to a claim in draft-cro… Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Jesse Thompson
- Re: [dmarc-ietf] Response to a claim in draft-cro… Brandon Long
- Re: [dmarc-ietf] Response to a claim in draft-cro… Brandon Long
- Re: [dmarc-ietf] Response to a claim in draft-cro… Brandon Long
- Re: [dmarc-ietf] Response to a claim in draft-cro… Murray S. Kucherawy
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… John Levine
- Re: [dmarc-ietf] Response to a claim in draft-cro… Laura Atkins
- Re: [dmarc-ietf] Response to a claim in draft-cro… Laura Atkins
- Re: [dmarc-ietf] Response to a claim in draft-cro… Laura Atkins
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Jesse Thompson
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Brandon Long
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dotzero
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Hector Santos
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Joseph Brennan
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dotzero
- Re: [dmarc-ietf] Response to a claim in draft-cro… Joseph Brennan
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Brandon Long
- Re: [dmarc-ietf] Response to a claim in draft-cro… Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Jesse Thompson
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Doug Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… John Levine
- Re: [dmarc-ietf] Response to a claim in draft-cro… Jesse Thompson
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dotzero
- [dmarc-ietf] DMARC marketing Jim Fenton
- Re: [dmarc-ietf] Response to a claim in draft-cro… Joseph Brennan
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Joseph Brennan
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Benny Pedersen
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Joseph Brennan
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Benny Pedersen
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Hector Santos
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Jim Fenton
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Hector Santos
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Hector Santos
- Re: [dmarc-ietf] Response to a claim in draft-cro… Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dotzero
- Re: [dmarc-ietf] DMARC marketing Jesse Thompson
- Re: [dmarc-ietf] Response to a claim in draft-cro… Jesse Thompson
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker