Re: [dmarc-ietf] ARC questions

Michael Thomas <mike@mtcc.com> Mon, 23 November 2020 23:51 UTC

Return-Path: <mike@fresheez.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1364A3A1148 for <dmarc@ietfa.amsl.com>; Mon, 23 Nov 2020 15:51:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.248
X-Spam-Level:
X-Spam-Status: No, score=0.248 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mtcc-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 95FEFvWVmUJC for <dmarc@ietfa.amsl.com>; Mon, 23 Nov 2020 15:51:15 -0800 (PST)
Received: from mail-pg1-x534.google.com (mail-pg1-x534.google.com [IPv6:2607:f8b0:4864:20::534]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B9FE3A1146 for <dmarc@ietf.org>; Mon, 23 Nov 2020 15:51:15 -0800 (PST)
Received: by mail-pg1-x534.google.com with SMTP id 34so15753634pgp.10 for <dmarc@ietf.org>; Mon, 23 Nov 2020 15:51:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mtcc-com.20150623.gappssmtp.com; s=20150623; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding:content-language; bh=oZxmmVt/iP9/mkDrCYYMaAVeS0PwhBakwnBX/U7swAs=; b=ueEWMUHySD457A+fR4OXhlQ+Th8HRZP1GxrcM2rJKjZCaxUyy3Sjgt4C/0cwjo835c MHr0soNRnFPYHIUEb1nwpQLXgO0FzAbYW+s0RSdQ41612qFkeHEBSeDU1Rs0ypqqjrv9 G5WXr88vc1gvyBijaWMZjQoPQawOnrsaVd+oUk/DH/I2Ya3/6mFXzLLSwPjkUdz44jEa 44jD58fcAo7HJ9sdnTZzBeh3qKU4KdI/MT2aUYCKSj0vTSR2BEVKb/oet/MbqLNC/vIy Vm7OdD41rHamWOHwoveppjB9ji7iQzUM70y5AR3t5gLITwS1+ofVeEq7fNbIVyK3kSet nPfA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=oZxmmVt/iP9/mkDrCYYMaAVeS0PwhBakwnBX/U7swAs=; b=omR66c2kQRY9fuopLguWE1XTya/4Q316qq4JpQj7f38mWPs20dpfL4VCaPdCAPRae5 s+MSi0QhItW8mZO/DJmImTKP5dgVV2eWTBiC+SFGLo+4NnUBdSy24XrY7HotxfrUakwq YXla67CK8VpgRr3hbFUm/xg8Kq+j9U6pwS5058g00QokPT5NWIYt8GIFTpsO3V6a1iy8 A8wi1XewHnF7zQBNkFeg9E8nrx1mrNjFQ4HmoOr26zCdpbmr2riArV34hb/jmklfsYiD 2J+P/2zq1nkwIGb+UMiPS1yOQmZV8NUhkEJy9L00CJA25cZanaquSmReKFM03z688wWS R8qg==
X-Gm-Message-State: AOAM530x93YsZ8G0FmqOMhpkd6UTxmq4FjKMrViU0NhUKtU4908ZW/Fs EaA8312yr0Rexm+hDT2zaTLiqwTCdufq8Q==
X-Google-Smtp-Source: ABdhPJyi9GWdVG3G0njIHuJwVgKu6mS+uKKKX8S0v/cHxsEtejFcdPMvL/cLrLfkpWNXIL93PtOUog==
X-Received: by 2002:a62:7a47:0:b029:160:193:76bc with SMTP id v68-20020a627a470000b0290160019376bcmr1732204pfc.24.1606175474078; Mon, 23 Nov 2020 15:51:14 -0800 (PST)
Received: from mike-mac.lan (107-182-37-5.volcanocom.com. [107.182.37.5]) by smtp.gmail.com with ESMTPSA id s10sm3354572pgh.40.2020.11.23.15.51.13 for <dmarc@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 23 Nov 2020 15:51:13 -0800 (PST)
To: dmarc@ietf.org
References: <dcc265f9-a143-5093-eba0-94ee059c7cc7@mtcc.com> <CAMSGcLCzN5q_p_TtUqv5CvwC0ZTkAY9eFaT_za-1WJXgRUmF4A@mail.gmail.com> <CAHej_8nN+827KB+tTuyoeZXoUaKzcYoeizNmwSY-fKTquroPMA@mail.gmail.com> <e3d428f4-1a29-4c6f-4a31-96a24a347e54@gmail.com> <rph9gd$2mp3$1@gal.iecc.com> <4a800bd1-0334-137b-ab71-b98cc1d038cc@gmail.com> <ec7eb8b4-71a5-166-6d4b-49829e1bbcb2@taugh.com> <5eabd3b5-601b-f3c5-1ffa-80e7a8c4e52b@gmail.com> <9b926abf-2f35-565c-c4fa-49be3fde64c1@taugh.com> <0f1055bd-ef55-2e0d-499a-d2295a4630e6@gmail.com>
From: Michael Thomas <mike@mtcc.com>
Message-ID: <e8e1d300-fbe7-6d10-c15f-30c29ab74237@mtcc.com>
Date: Mon, 23 Nov 2020 15:51:12 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.4.3
MIME-Version: 1.0
In-Reply-To: <0f1055bd-ef55-2e0d-499a-d2295a4630e6@gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/82NReuUVyFpFn-_1-yXIDNr8X-M>
Subject: Re: [dmarc-ietf] ARC questions
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Nov 2020 23:51:18 -0000

On 11/23/20 3:00 PM, Dave Crocker wrote:
> On 11/23/2020 2:58 PM, John R Levine wrote:
>>> And, again, when ARC work was pursued, I don't recall anyone 
>>> claiming that mailing lists were (significant) sources of misbehavior.
>> Well, OK.  Please feel free to provide footnoted documentation of 
>> what the actual motivation for ARC was if you believe it was 
>> something else.
>
>
> Typically, the burden of substantiating a claim falls on the person 
> making the affirmative claim.
>
What I'm struggling to understand is what having authenticated auth-res 
from a previous hop helps. this is what i found:

"With this information, Internet Mail Handlers MAY inform local policy 
decisions regarding disposition of messages that experience 
authentication failure due to intermediate processing."

that and:

"When an Authenticated Received Chain is used to determine message 
disposition, the DMARC processor can communicate this local policy 
decision to Domain Owners as described in Section 7.2.2."

seems to be the only motivation I can find. without ARC, a receiver 
could always check the new DKIM signature from, say, the mailing list 
and look up its reputation to decide whether to pass it along or not 
overriding the originating domain's policy. my recollection was that 
this was the "you break it, you own it" policy which i recall being the 
consensus. and indeed, there is nothing to stop a filter to look at the 
mailing list's auth-res and take it into account even if it's not part 
of the headers in the signature. maybe there is some attack there i'm 
not seeing off the top of my head, but it seems like this really hinges 
on reputation as was pointed out to me earlier.

It would be kind of nice to understand what gap ARC actually plugs and 
why it's important if you ask me. Also: there seem to be a lot of ways 
to achieve this, but this one is probably the most complicated one that 
I can envision.

Mike