IETF Logo Mail Archive

Re: [dmarc-ietf] ARC Multi Proposal

Brandon Long <blong@google.com> Mon, 05 November 2018 21:06 UTC

Return-Path: <blong@google.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 466811288BD for <dmarc@ietfa.amsl.com>; Mon, 5 Nov 2018 13:06:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.501
X-Spam-Level:
X-Spam-Status: No, score=-17.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vGP10bzYBsuX for <dmarc@ietfa.amsl.com>; Mon, 5 Nov 2018 13:06:27 -0800 (PST)
Received: from mail-yb1-xb2d.google.com (mail-yb1-xb2d.google.com [IPv6:2607:f8b0:4864:20::b2d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 845F41286E7 for <dmarc@ietf.org>; Mon, 5 Nov 2018 13:06:27 -0800 (PST)
Received: by mail-yb1-xb2d.google.com with SMTP id o204-v6so4412429yba.9 for <dmarc@ietf.org>; Mon, 05 Nov 2018 13:06:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=te6DlG1tlmxZe+6hxRwUmMv9Y+V+d008KxNZqFNpiq0=; b=o8bWk+8FPYaihatYKp2h+UxjPqe3YpVJXDZD4b7mnRLLrtnxQoqRr6QstD7PVoP9u8 g03uv2RApwGlHM0tisI2YO+WCw4alSyRkVQ3bocmGuBzRdQ+s4PrQKAFmTK6S4wEm9S+ HEdErrxZDxm18wgiJl4tDfUFxZ8RxRPXyx/VFVam/glMCGchTgwLKFs/72KquwG+xOsN OMqAgWnV1oWDENgABFU6H1qHcRzPSSBSywqTCpoyVKs6q9yYWLGI+p8LRFdg6vQMi81f H0XoHmtICGNslQZgfs1LArHnr6bkGomrOm35+K10oCV3iC/AL4wDJM0G3ASEnGwx5sX/ 1y6g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=te6DlG1tlmxZe+6hxRwUmMv9Y+V+d008KxNZqFNpiq0=; b=GIMar4wiHGIzr66vxIykCqleH2Rdd4NPnbBqRqv79gxxNN1AdUvWWnW9TAGhMPn62u uZAMsxXWbKj7CxmbQOKBbsPtN1NRQljhqTgBklMjfhBGU74RDa57mggJNz8a9ZsVAjvY FSXlGby+nB13peU5Q/96E7wb+6Zbr3FAnKnDHxS83kZAfO4vZ+pH4fT1DIvliJU+j6wZ Pbk9MXTNxVMGV2xXEnc3sjU9uH/MF4LHvzikJh3D1hbj4hvAo258ruXvtPlKck3ctyYI DDLJtJO1s/R3XiZZpI2LqEl9Isc0R5u40rygJmD0k17I/TT4+viKrFgpSu94RGb9sHzJ RKpQ==
X-Gm-Message-State: AGRZ1gIPsM5Qhg0+ryw56ZtMwuPnvT4HD5pM7MtM4CxnwYgMtZefLrsJ WmihHsjwOYmVxfpsUyIK7zwXRygI8vmC1gsSEQBrCpkT0w==
X-Google-Smtp-Source: AJdET5dqwWsJB1iAeFRhT1dN04gnNJYoHHVzyyWlLEyHUEjtG2pSuZfYelJrmG0nf0XylkNHIZVoySDkHlPtE3VF8WM=
X-Received: by 2002:a25:9381:: with SMTP id a1-v6mr20713353ybm.386.1541451985824; Mon, 05 Nov 2018 13:06:25 -0800 (PST)
MIME-Version: 1.0
References: <9957335.dUWMaE32Bo@kitterma-e6430> <20181101235621.AF0B52007DFEBA@ary.local> <CABuGu1qOstiqvHfPSnZmfgHXx-VEAq543g9GWjWGaDQ3GxFUgw@mail.gmail.com> <alpine.OSX.2.21.1811021550560.13429@ary.local> <CABuGu1pCusR+L+QMBbOrODFRyaNbC+JBhHoSd46gGtB95nv_nA@mail.gmail.com> <alpine.OSX.2.21.1811021607520.13429@ary.local> <CABuGu1qvgfUS0PShX8AxYn0SwpR=SJL=7nFQXYM1Ckiii5T0xQ@mail.gmail.com>
In-Reply-To: <CABuGu1qvgfUS0PShX8AxYn0SwpR=SJL=7nFQXYM1Ckiii5T0xQ@mail.gmail.com>
From: Brandon Long <blong@google.com>
Date: Mon, 05 Nov 2018 13:06:13 -0800
Message-ID: <CABa8R6vrGNFj9dc9VJKAQhh+V4qWQMsYFak_Hxk8EEw8cOOXjg@mail.gmail.com>
To: "Kurt Andersen (b)" <kboth@drkurt.com>
Cc: John Levine <johnl@taugh.com>, IETF DMARC WG <dmarc@ietf.org>, Scott Kitterman <sklist@kitterman.com>
Content-Type: multipart/alternative; boundary="0000000000000e3db40579f142f0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/5v9cO0EiCR6_BbUcgLhJ7OfaibI>
Subject: Re: [dmarc-ietf] ARC Multi Proposal
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Nov 2018 21:06:29 -0000

On Fri, Nov 2, 2018 at 2:13 AM Kurt Andersen (b) <kboth@drkurt.com> wrote:

> On Fri, Nov 2, 2018, 18:09 John R Levine <johnl@taugh.com wrote:
>
>> On Fri, 2 Nov 2018, Kurt Andersen (b) wrote:
>> >> I mean ARC as it's implemented now, not in our multi-signing draft.
>> > It seems like a poor implementation choice to be enforcing something
>> which
>> > is not part of the spec :-), especially when there are parenthetical
>> > comments and references to things like ARC-MULTI to warn you against
>> > leaping to foot-shooting enforcement choices.
>>
>> I see it also says:
>>
>>     Valid ARC Sets MUST have exactly one instance of each ARC header
>>     field (AAR, AMS, and AS) for a given instance value and signing
>>     algorithm.
>>
>> I'm reasonably sure that doesn't match a lot of running code.  I'm
>> particularly thinking of gmail here.
>>
>
> That should be easy to test but not with a tiny keyboard as I board my
> flight from ICN --> BKK.
>

If it does work, I'd be a surprised.  Most likely, it'll fail validation
prior to full parsing (we extract the i= first, and only fully parse all
the k=v pairs later).

Also, does that mean you have to use the same algorithm in both the AMS and
AS for a given instance?  And how does that correspond to an AAR which
doesn't have an algorithm... and how does that work with the AS signing
previous headers, does it only sign the ones with matching algorithm?

I'd be a bit surprised if all of those caveats are correctly matched in the
original arc spec.

Brandon

v2.23.0 | Report a Bug | By Email