IETF Logo Mail Archive

Re: [dmarc-ietf] Reversing modifications from mailing lists

Alessandro Vesely <vesely@tana.it> Thu, 02 December 2021 11:52 UTC

Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5ECA03A1070 for <dmarc@ietfa.amsl.com>; Thu, 2 Dec 2021 03:52:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.95
X-Spam-Level:
X-Spam-Status: No, score=-3.95 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-1.852, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=tana.it header.b=41FEzTSE; dkim=pass (1152-bit key) header.d=tana.it header.b=CVN4LLgd
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QOQfCXLTCr_R for <dmarc@ietfa.amsl.com>; Thu, 2 Dec 2021 03:52:34 -0800 (PST)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 197713A1072 for <dmarc@ietf.org>; Thu, 2 Dec 2021 03:52:31 -0800 (PST)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=tana.it; s=epsilon; t=1638445945; bh=ZLs8d5Sj+Pz/aq9zmxfGdGBsya25ccvo+WSD6w8k8PA=; h=Subject:To:References:From:Date:In-Reply-To; b=41FEzTSEp7TE01EE3H36lHgtRJw8stgayqHf3JWyx4n9fwI6cAs3PR2HLg8i0Gs9y hvZezkVJoWaO+HaxrwZCA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1638445945; bh=ZLs8d5Sj+Pz/aq9zmxfGdGBsya25ccvo+WSD6w8k8PA=; h=To:References:From:Date:In-Reply-To; b=CVN4LLgdQCEoTHuxnR7vk1GjPNVaU4ahlgB6mZy6FSi5vj/eA1mBzVLt0k+KN5WBU 6ioVzXtVE/yfQDjAB/S+hYkZgbgzWV5I+qHKA0xL3UKsWStC2vfN8pIcjy1+MMHNJ1 AzMj6zLzUM3aoWJp5r3ZRJ7jbh7v/82kJ49qcfJA+DTlKdEfuZdXNDcOiDEgd
Authentication-Results: tana.it; auth=pass (details omitted)
Original-From: Alessandro Vesely <vesely@tana.it>
Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3, 128bits, ECDHE_RSA_AES_128_GCM_SHA256) by wmail.tana.it with ESMTPSA id 00000000005DC0BA.0000000061A8B379.00003EFB; Thu, 02 Dec 2021 12:52:25 +0100
To: John Levine <johnl@taugh.com>, dmarc@ietf.org
References: <20211201191030.72CD830D4C9E@ary.qy>
From: Alessandro Vesely <vesely@tana.it>
Message-ID: <dc58114f-ce2d-d945-98e4-f96d7c6fde7d@tana.it>
Date: Thu, 02 Dec 2021 12:52:23 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.14.0
MIME-Version: 1.0
In-Reply-To: <20211201191030.72CD830D4C9E@ary.qy>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/9-6vyjcqcNEZ5rYf3lfTHjtgKdk>
Subject: Re: [dmarc-ietf] Reversing modifications from mailing lists
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Dec 2021 11:52:42 -0000

On Wed 01/Dec/2021 20:10:30 +0100 John Levine wrote:
> It appears that Alessandro Vesely  <vesely@tana.it> said:
>>I'm not clear about the last but one paragraph of that section:
>>
>>    An example of such an attack includes altering the MIME structure,
>>    exploiting lax HTML parsing in the MUA, and defeating duplicate
>>    message detection algorithms.
>>
>>I'm going to file an errata about it.  Altering the MIME structure is only 
>>possible if the value of l= is less than the original message length. 
> 
> I wish you hadn't.  I think the original concern was for sloppy MIME that
> forgot the -- after the last part.


I hope such errors are not so common as to deserve some kind of standardization.


>>Anyway, I wouldn't want to authenticate a message that underwent an HTML footer 
>>addition, because it can completely replace the original content in the end 
>>recipient's eyes.  My draft requires footers to be plain text.
> 
> Yet that's exactly what one of the largest discussion group services in the world did.
> As I keep pointing out, this is like an UNCOL, it does not generalize enough to be useful.
> 
> On the other hand, ARC handles this just fine.


I, for one, am unable to use ARC as a receiver and authenticate messages that 
may well be spear phishing.  So even though ARC can handle everything, it is 
not usable by everyone.

In order to trust the authorship of a message from Yahoo groups you have to 
trust Yahoo, either expressing your trust in an ARC filter configuration file 
or directly whitelisting Yahoo groups in a DMARC filter.  However, not all 
mailing lists need such special settings to authenticate their posters.  There 
are mailing lists which make no changes, and ones which make revertible changes.

Your objection sounds like you find that a lisp compiler is useless because it 
doesn't compile fortran, which is one of the most ubiquitous languages in the 
world.

Two methods is better than one.


Best
Ale
--

v2.23.0 | Report a Bug | By Email