IETF Logo Mail Archive

Re: [dmarc-ietf] DMARC threat analysis needed

Hector Santos <hsantos@isdg.net> Fri, 17 July 2020 16:02 UTC

Return-Path: <hsantos@isdg.net>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DAE0B3A07F5 for <dmarc@ietfa.amsl.com>; Fri, 17 Jul 2020 09:02:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b=At3s4SsH; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b=hbwmh1pb
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8dpoFqcIOGS1 for <dmarc@ietfa.amsl.com>; Fri, 17 Jul 2020 09:01:58 -0700 (PDT)
Received: from mail.winserver.com (winserver.com [76.245.57.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D17D3A07EE for <dmarc@ietf.org>; Fri, 17 Jul 2020 09:01:58 -0700 (PDT)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=1845; t=1595001707; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=fzepwMQO9RIaQJT+PZND3JcbM9U=; b=At3s4SsH5Ve00aJd009TwGO2pA+MogJk0A6W4rEJZdVIqQUEmX8FuTW5FciBzF bqb+Jp2nlBqtD6SgGCR91Im6UH/JoMVD/Zs+Pb8EDmrg9rOW5Ofd3eF71Y+mmTp3 QO3jJu7xQm98iQ7hntz58vd8aXPpCnTj+Yjprb87bYwqU=
Received: by mail.winserver.com (Wildcat! SMTP Router v8.0.454.10) for dmarc@ietf.org; Fri, 17 Jul 2020 12:01:47 -0400
Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; dmarc=pass policy=reject author.d=isdg.net signer.d=beta.winserver.com (atps signer);
Received: from beta.winserver.com ([76.245.57.74]) by mail.winserver.com (Wildcat! SMTP v8.0.454.10) with ESMTP id 1434010578.8424.4588; Fri, 17 Jul 2020 12:01:46 -0400
DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=1845; t=1595001612; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=4Jw10gh DZ9Quw+ZV6UzSf/HCzUflwVJwXJuRaObyVuY=; b=hbwmh1pbHKfU8ZR4ctnH6un UOsW0wlBrBo6Hw8sPNpwWH6Mb8EBgO/RNdkWPEQupEIHV+aUCuH+uRuvjEUKdKOO KtXa5sG6ycVJq3xyeV4WKl+Z4lzreel4zORcD5mCOVaX6d7GTTTOvApGmbh0t9qM nFUgZzm0BVYjioi8amWk=
Received: by beta.winserver.com (Wildcat! SMTP Router v8.0.454.10) for dmarc@ietf.org; Fri, 17 Jul 2020 12:00:12 -0400
Received: from [192.168.1.68] ([75.26.216.248]) by beta.winserver.com (Wildcat! SMTP v8.0.454.10) with ESMTP id 1144787265.3.24088; Fri, 17 Jul 2020 12:00:11 -0400
Message-ID: <5F11CB6C.3050101@isdg.net>
Date: Fri, 17 Jul 2020 12:01:48 -0400
From: Hector Santos <hsantos@isdg.net>
Reply-To: hsantos@isdg.net
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1
MIME-Version: 1.0
To: dmarc@ietf.org
References: <ab2296fb-201a-3bfb-f61c-27848ac5acf3@bluepopcorn.net>
In-Reply-To: <ab2296fb-201a-3bfb-f61c-27848ac5acf3@bluepopcorn.net>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/6xwX8aSydoaodf6xQZnbLggnjzQ>
Subject: Re: [dmarc-ietf] DMARC threat analysis needed
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jul 2020 16:02:01 -0000

On 7/15/2020 8:14 PM, Jim Fenton wrote:
> Unburying this from a different thread.
>
> I'm really struggling to understand what problem(s) DMARC is trying to
> solve. The most common answer I have heard says something about
> "defending brand identity", which is a marketing, not a technical
> consideration.
>
> IMO we need a threat analysis, ala RFC 4686 or RFC 5016, to define the
> technical requirements. I am NOT volunteering to do this.

Jim, if we review both RFC4686 and RC5016, I believe we might find 
there is not much to be changed. However, imo, something will have to 
be done regarding RFC5016 section 5.3 item:

   https://tools.ietf.org/html/rfc5016#section-5.3
   5.3.  Practice and Expectation Requirements

   10. SSP MUST NOT provide a mechanism that impugns the existence of
       non-first party signatures in a message.  A corollary of this
       requirement is that the protocol MUST NOT link practices of first
       party signers with the practices of third party signers.

        INFORMATIVE NOTE: the main thrust of this requirement is that
        practices should only be published for that which the publisher
        has control, and should not meddle in what is ultimately the
        local policy of the receiver.

This provision with strict protocol language "MUST NOT" prohibits any 
DKIM Policy protocol, formally called SSP "Sender Signing Practices" 
and now today, DMARC, from impugning on 3rd party policies such as how 
a MLM operator via local policy exceptions can ignorantly and blinding 
destroy the integrity and resign the mail instead of just honoring it.

This language would have be updated or removed and just leave the 
implicit idea that local policy always prevails in all SMTP situations.

Have a good weekend, be safe.

-- 
Hector Santos,
https://secure.santronics.com
https://twitter.com/hectorsantos

v2.23.0 | Report a Bug | By Email