Re: [dmarc-ietf] ARC questions

John R Levine <johnl@taugh.com> Mon, 23 November 2020 20:29 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A1C93A0E29 for <dmarc@ietfa.amsl.com>; Mon, 23 Nov 2020 12:29:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.2
X-Spam-Level:
X-Spam-Status: No, score=-0.2 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=hHuA2Bmd; dkim=pass (2048-bit key) header.d=taugh.com header.b=I7R8Rkaf
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4NEj9HaNuvtA for <dmarc@ietfa.amsl.com>; Mon, 23 Nov 2020 12:29:53 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 658983A0E27 for <dmarc@ietf.org>; Mon, 23 Nov 2020 12:29:53 -0800 (PST)
Received: (qmail 73405 invoked from network); 23 Nov 2020 20:29:52 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type; s=11eba.5fbc1bc0.k2011; i=johnl-iecc.com@submit.iecc.com; bh=uW1tOhgqcxw055t7DhoKhtL2+CXImQN9uW+871Js56s=; b=hHuA2BmdIabmwNmcSh4QxC4t+BGwGm1ziOMsporFIBIKQ8NEv3VZmFCwrTgE9CmHkl/RQBx+TQgn6Ra2Pb3FAx/S/95d23PD27abgjBTG9bG0USg4I44Z7PWbguNIF7sTI8fXeiqEQqb13oiqqUw2hNZGsqDL4i/WBme7YUW14t8+AqRr6D+8ekSI1vEu3n3TGzpNRQRukf2d1kYWlBFmverbvVrcd88HwV80AXu7Ede5TQgh9YyWSP3Zn9BuZybigfxTsRTYy3/mZbNpOqrdJfaVyJqB5hV5EpgH6JcxaB1/d13x8vpD9zJ49I3DXF8tLzmZrnTU61teJU8oZ0L2g==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type; s=11eba.5fbc1bc0.k2011; olt=johnl-iecc.com@submit.iecc.com; bh=uW1tOhgqcxw055t7DhoKhtL2+CXImQN9uW+871Js56s=; b=I7R8RkafRS/lF1q9PfrDSDVO28S6uxxUtF7wdrKMJf5PR0pbRDsaG6axzqdmrOlQYaPsyUA54YML+eeKHrPaXkN6I1qojkZGgADXTZww14AoeZe7NwhVyNRJsXS/NBl9EKTVq3Qs85xDUwf7/Le4BUgK8V6A49DOIZ7wud4xPf1SOFYgnioF2XFeZ/OOkNXiFmMK764AqGVv4q5IXnBIHfan7xlb1VmIRC+fX2H5aYen+vQTaCHpkLrLE6MqbRVzIh6JyMnthmbm/1a9ZPQnd7Jj48cSNFxM0BJ8qwcLMmcLrgRy1X405gZwio7oA/alh7JAyiGswTAnZ0W7AoRRVA==
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPSA (TLS1.3 ECDHE-RSA AES-256-GCM AEAD, johnl@iecc.com) via TCP6; 23 Nov 2020 20:29:52 -0000
Date: 23 Nov 2020 15:29:51 -0500
Message-ID: <53b21bdc-546c-c17c-5ec-d6b63ac2cb57@taugh.com>
From: "John R Levine" <johnl@taugh.com>
To: "Michael Thomas" <mike@mtcc.com>
Cc: "dmarc@ietf.org" <dmarc@ietf.org>
In-Reply-To: <8db80384-c03f-109c-c2b4-7d4db96aa727@mtcc.com>
References: <dcc265f9-a143-5093-eba0-94ee059c7cc7@mtcc.com> <20201122021417.B5E6E27B3E59@ary.qy> <CABuGu1pX=5ZC4RLsv19qrosRN9nCrPdeSk5Xg4O7ViEZit6dnA@mail.gmail.com> <453c4db4-fc62-dc76-5b15-707623d66f9f@mtcc.com> <64f18b-ae8-8c15-3d33-ff2d864c35bc@taugh.com> <884541e6-5076-7f8f-d1d2-d68ea9c5a2bc@mtcc.com> <8fa2d88c-55df-aa8e-932f-8f7bc97d741@taugh.com> <77854271-296a-b4f6-202e-c085036289d4@mtcc.com> <feac41f-6144-2e21-c3fa-2b7770bfeefc@taugh.com> <30ecfcdf-a90a-7e1d-8241-64df3332089f@mtcc.com> <a85b22c9-1f1c-f596-8cb4-8488a251e528@taugh.com> <8db80384-c03f-109c-c2b4-7d4db96aa727@mtcc.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/6bU0dsPbDjhGnNIda8GxuJ9BV8s>
Subject: Re: [dmarc-ietf] ARC questions
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Nov 2020 20:29:56 -0000

> 1) A mailing list creates an auth-res on the incoming mail to the list
>
> 2) It modified the message
>
> 3) It resigns the message with DKIM
>
> 4) It is then delivered to the subscriber's mail server
>
> 5) The destination mail server can look at the incoming message including the 
> mailing list's auth-res and decide whether to trust it or not just like ARC.
>
> It seems to me this covers the vast majority of cases. What are the other 
> cases where this is not sufficient and how significant are they in reality?

Two or more levels of forward are quite common, particularly in large mail 
systems.  Look at mail coming out of Google and Microsoft's hosted mail 
and you'll see a lot of ARC headers.

Considering that the ARC RFC was published over a year ago, and it is 
implemented all over the place, could you explain what the point of this 
discussion is?  The people who designed ARC are not idiots.  If we could 
have fixed the mailing list problem with existing DKIM signatures, we 
would have.

Regards,
John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly