Re: [dmarc-ietf] ARC-Seal is meaningless security theatre

Hector Santos <hsantos@isdg.net> Sat, 19 August 2017 06:33 UTC

Message-ID: <5997DBA6.3080701@isdg.net>
Date: Sat, 19 Aug 2017 02:33:10 -0400
From: Hector Santos <hsantos@isdg.net>
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1
MIME-Version: 1.0
To: dmarc@ietf.org
References: <1502083287.2191248.1065195288.7CDC7FF3@webmail.messagingengine.com> <CABuGu1oTMbuLd4yTwecu5sKFnsmH+HiwT1FG=JpySYHzpMTx_w@mail.gmail.com> <1502200759.3946686.1066841264.607B4D0B@webmail.messagingengine.com> <2720431.u3G7bbkkxK@kitterma-e6430> <1502317564.1935379.1068588344.040173AF@webmail.messagingengine.com> <a08c7590-ded3-1642-4ffc-07848b3c6cd2@gmail.com> <e14f2130-6f00-4ef1-485b-850a4cc1c48c@gmail.com> <1502495646.4099176.1070896040.2B09B1F8@webmail.messagingengine.com> <166070f0-4ba1-70da-1f73-885b4a7f7640@gmail.com> <1502497178.4103451.1070917304.23DD466D@webmail.messagingengine.com> <598F9484.7020700@isdg.net> <CABuGu1p=oLfLRkuoaDHoz3Cv3_FrURdsFPzkac7jNzBpqBmiSg@mail.gmail.com> <599484FB.9050908@isdg.net> <1502929303.4038704.1075868960.5D80A788@webmail.messagingengine.com>
In-Reply-To: <1502929303.4038704.1075868960.5D80A788@webmail.messagingengine.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/8LxDTprTo0T7_VOJdPfSnBO05hE>
Subject: Re: [dmarc-ietf] ARC-Seal is meaningless security theatre
Precedence: list

On 8/16/2017 8:21 PM, Bron Gondwana wrote:
> On Thu, 17 Aug 2017, at 03:46, Hector Santos wrote:
>> On 8/13/2017 10:28 AM, Kurt Andersen (b) wrote:
>>
>>     On Sat, Aug 12, 2017 at 4:51 PM, Hector Santos wrote:
>>
>>       If we even have a DMARC ARC Policy concept, than that may be
>>       enough to begin pursuing the high cost of experimentation and
>>       development here.
>>
>>
>>     Beyond the protocol and usage specs, what are you looking for?
>>
>>
>> A practical purpose for supporting (implementing) this work.   It
>> appears ARC wants the network to stamp mail "blindly" as the mail
>> travels from point to point.  I am trying to grasp how it helps
>> resolve the main issue with "unauthorized" indirect 3rd party
>> signatures, in particular when dealing with strong, exclusive DKIM
>> signature policy models such as DMARC p=reject.
>
> We spent a while thinking about this (Neil and myself from FastMail)
> at IETF99 after learning how ARC works, and came to the conclusion
> that ARC as specified can't help with DMARC p=reject.
>
> The only way you could even hope (as a mailing list) to avoid
> rewriting the sender is for every site that currently has DMARC
> p=reject to change that to a new policy which explicitly means "only
> reject if no ARC chain" - otherwise you can't stop rewriting sender
> until you know that every receiver on your list is ARC-aware.

The MLS (Mail List Server) cam also reject submissions from 
restrictive (p=reject) domains because that MAY be the intent of the 
originating author domain.   The MLS can so prohibit new subscriptions 
by verifying the user's domain is not restrictive.

We need more protocol information from what extracted from DMARC.  As 
I see it, these are some of the boundary conditions:

    DMARC p=reject;  arc=none;       ignore ARC, same as no arc= tag
    DMARC p=reject;  arc=all;        reject if any arc seals is invalid
    DMARC p=reject;  arc=first;      don't reject if first arc seal is 
valid
    DMARC p=reject;  arc=last;       don't reject if last arc seal is 
valid
    DMARC p=reject;  arc=first,last; don't reject if first and last 
arc seals are valid

arc=none (or no arc= tag) means the domain has no interest whatsoever 
in ARC. It is a highly exclusive restricted domain and it expects that 
complaint DMARC readers will honor the policy.  No interference.  This 
is the highest payout with the highest security value.

It gets more relax with the others; first or last or first and last, 
but with arc=all it is a tougher condition that requires all seals to 
be valid.  If any fails, reject.

I would also try to get more bang for the buck with a tag that could 
informs MLS to honor the DMARC p=reject policy by restricting users 
from a) subscribing and b) submitting list mail from restricted 
p=reject domains, although I think such a tag is needed to tell the 
MLS this. It should be a requirement, imo, cross all the teas, dot all 
the eyes.  If the MLS knows its going to be problematic, it should 
restrict the subscription and submission to relax policies only.

-- 
HLS

[dmarc-ietf] ARC-Seal is meaningless security the… Bron Gondwana
Re: [dmarc-ietf] ARC-Seal is meaningless security… Tim Draegen
Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
Re: [dmarc-ietf] ARC-Seal is meaningless security… John Levine
Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
Re: [dmarc-ietf] ARC-Seal is meaningless security… Scott Kitterman
Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen (b)
Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
Re: [dmarc-ietf] ARC-Seal is meaningless security… MH Michael Hammer (5304)
Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen (b)
Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen (b)
Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen (b)
Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
Re: [dmarc-ietf] ARC-Seal is meaningless security… mhammer@americangreetings.com
Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen
Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos