IETF Logo Mail Archive

Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5.1.2 - cv=fail should sign greedily

"Kurt Andersen (b)" <kboth@drkurt.com> Tue, 21 August 2018 05:39 UTC

Return-Path: <kurta@drkurt.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 823BF130FB7 for <dmarc@ietfa.amsl.com>; Mon, 20 Aug 2018 22:39:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=drkurt.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1Dq3GzTzqvnK for <dmarc@ietfa.amsl.com>; Mon, 20 Aug 2018 22:39:43 -0700 (PDT)
Received: from mail-lf1-x132.google.com (mail-lf1-x132.google.com [IPv6:2a00:1450:4864:20::132]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 80F20130F7C for <dmarc@ietf.org>; Mon, 20 Aug 2018 22:39:43 -0700 (PDT)
Received: by mail-lf1-x132.google.com with SMTP id q13-v6so5186010lfc.2 for <dmarc@ietf.org>; Mon, 20 Aug 2018 22:39:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=drkurt.com; s=20130612; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=DGBfWHlBNFDS08PSMfBaIk/LtIJ+6lZqPBeeMDT0b4E=; b=WyZibcgwdmDwbx+bXRpw3oaOCL+7+yUqCK/XJiLASogRWFwo0dYx6R4DsBM5cVCH9U i18LBZhdr2azT8Qea8CeBxkietYF7FpuD8BJNZRSzoyogkI9Ejo4miDmBr3mq22pEJjj h1HiT7++1ksX2uFxLlnEgLbtCRUvBKDES2ug0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=DGBfWHlBNFDS08PSMfBaIk/LtIJ+6lZqPBeeMDT0b4E=; b=G+5Rha5LNcI12jGMUCnIFe7vGfOc9vE29GrKVvlhjSqEbm0pM6yCC9NnGH8fYyNUh/ oHZtvJ7rLcGFwiPHHGvz/RaMKXrLeO2vVroi5tWuN7ZmUQWiPToxlpoZkpVckRoJXabD 9eyuB7XApuRaA+Wf6jqVm0WZjaVREskQ1uyaS39TPmN3Aj/5/00ClE2TMVTJrgoFuvsI R03z1cfaeNhyyGbvbTteaNyYgPdMww1XCl0mmK7vzFnswQzNCIduh33Fm2wcbw3blCdy JLRkfeJWFhegATUPNIUmEuX0VY7nB+5D+4XPz1o6A1f6LalGvOxtR7psdvoHxb4J0yb1 WyNg==
X-Gm-Message-State: AOUpUlENJt7xISAURVd2J91rqJsbO9Pyp1Y3rZjLDHlA7QnMcdZDecQK nxO7jHCi3MBhDB/mVR1yqjbT2RliaBn9dNGPDcpW56sRedA=
X-Google-Smtp-Source: AA+uWPx5zQeTLfO3+cvTgeGI16ZHjLUg740oxgd4lJ0xQll/sbXzz25J6y3mJ6IWxwFqv/PqTlGMQhTsDMzjYbIa7rk=
X-Received: by 2002:ac2:420c:: with SMTP id y12-v6mr30190006lfh.123.1534829981461; Mon, 20 Aug 2018 22:39:41 -0700 (PDT)
MIME-Version: 1.0
Sender: kurta@drkurt.com
Received: by 2002:a19:5943:0:0:0:0:0 with HTTP; Mon, 20 Aug 2018 22:39:40 -0700 (PDT)
In-Reply-To: <20180821021844.1DE842003B88CA@ary.qy>
References: <CABuGu1qZY2PtLJG+A-1aHDKiKY_1VHRPZ5aNJ1ans4pHnczrzQ@mail.gmail.com> <20180821021844.1DE842003B88CA@ary.qy>
From: "Kurt Andersen (b)" <kboth@drkurt.com>
Date: Mon, 20 Aug 2018 22:39:40 -0700
X-Google-Sender-Auth: PAmNAjMl8TRYltsYqnEcNpw-TNQ
Message-ID: <CABuGu1qUc_vxw06i=M=-fFi6rogpHkjMckWN+d_DXK-ZcPaaVQ@mail.gmail.com>
To: John Levine <johnl@taugh.com>
Cc: "dmarc@ietf.org" <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000d6026f0573eb7351"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/7Jk8zPYx0u-Gus6vqDlqGIztPQw>
Subject: Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5.1.2 - cv=fail should sign greedily
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Aug 2018 05:39:59 -0000

On Mon, Aug 20, 2018 at 7:18 PM, John Levine <johnl@taugh.com> wrote:

> In article <CABuGu1qZY2PtLJG+A-1aHDKiKY_1VHRPZ5aNJ1ans4pHnczrzQ@mail.
> gmail.com> you write:
> >My contention to Seth is that in a multi-hop scenario, the *only* report
> >with meaningful data will be the one from the handler who made the "fail"
> >determination and any subsequent reports are untrustworthy.
>
> Assuming that "subsequent" means earlier in the chain, I agree.
>

No, by subsequent I mean intermediaries who handle the message after the
point of initial "oh, this is broken" determination. So if I'm the 5th
intermediary (let's assume that all are ARC participating for this
discussion), and the chain on the message that I receive does not pass the
validation checks (for any of the three possible reasons), then my report
is meaningful to the sender but reports from 6, 7, 8, etc are not.

--Kurt

v2.23.0 | Report a Bug | By Email