IETF Logo Mail Archive

Re: [dmarc-ietf] Is From spoofing an interoperability issue or not?

Alessandro Vesely <vesely@tana.it> Sun, 23 April 2023 10:10 UTC

Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 99B5AC14CE55 for <dmarc@ietfa.amsl.com>; Sun, 23 Apr 2023 03:10:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=tana.it header.b="1XTvfKkY"; dkim=pass (1152-bit key) header.d=tana.it header.b="DCs1Ychz"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i8dEagSB4wgr for <dmarc@ietfa.amsl.com>; Sun, 23 Apr 2023 03:10:40 -0700 (PDT)
Received: from wmail.tana.it (wmail.tana.it [94.198.96.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 06F4CC14CE38 for <dmarc@ietf.org>; Sun, 23 Apr 2023 03:10:38 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=tana.it; s=epsilon; t=1682244636; bh=0xNDgPGSTZVcmu2AG9eSTv5BaDFXk3V2UbLxCtVMics=; h=Author:Date:Subject:To:References:From:In-Reply-To; b=1XTvfKkY/4ks6w2xNKRMaeZ9kDWcIFa7FeM7sQ9J9GbHd8S6qMd7MFnHt86f/Mgmn OtzqjZIMtJEUMujv2WRBQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1682244636; bh=0xNDgPGSTZVcmu2AG9eSTv5BaDFXk3V2UbLxCtVMics=; h=Date:Subject:To:References:From:In-Reply-To; b=DCs1YchzEnKqksHx9S+5vblGlZlk7tnx1MLCwrUJEMmEHQhAj6Z9R+5RRODBe250q Ip4buBnKdNJwBT7O6mS3YvOr5hQp/IEr8N3LuCTnflOd3c6xCpFvVtfCLQw5a7ue32 hZKn+Qu5jis1aXLrkWLGTORph1BWl9IxcJ96YflXzt4/7TqmIRsE9SVwUZtEr
Original-Subject: Re: [dmarc-ietf] Is From spoofing an interoperability issue or not?
Author: Alessandro Vesely <vesely@tana.it>
Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3, 128bits, ECDHE_RSA_AES_128_GCM_SHA256) by wmail.tana.it with ESMTPSA id 00000000005DC0CE.000000006445041C.00006A27; Sun, 23 Apr 2023 12:10:36 +0200
Message-ID: <a31a3a91-1fe1-40b0-ae4c-0e76520e722c@tana.it>
Date: Sun, 23 Apr 2023 12:10:35 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.9.0
Content-Language: en-US, it-IT
To: dmarc@ietf.org
References: <0abf9711-ca1c-bfcf-afb2-15e16b9de149@tana.it> <20230420153727.DB568C106CE9@ary.qy> <CAJ4XoYeyoOYeXW1QN+yeMbxt4SF7Kn2Xi=FP7VmX4MhKiDi9hQ@mail.gmail.com> <C3D9E708-EDC7-43BC-AE5E-DF4FFAECCC2B@kitterman.com> <7e2ae4c0-6ebf-4539-55b9-e5d85765a024@tana.it> <185759A8-10CD-40F8-89C8-FE774B077F52@kitterman.com>
Authentication-Results: tana.it; auth=pass (details omitted)
From: Alessandro Vesely <vesely@tana.it>
In-Reply-To: <185759A8-10CD-40F8-89C8-FE774B077F52@kitterman.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/9IU_7PdbeBShVx-7o1mYEdgRBQc>
Subject: Re: [dmarc-ietf] Is From spoofing an interoperability issue or not?
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Apr 2023 10:10:46 -0000

On Fri 21/Apr/2023 18:43:30 +0200 Scott Kitterman wrote:
> On April 21, 2023 3:57:54 PM UTC, Alessandro Vesely <vesely@tana.it> wrote:
>>On Fri 21/Apr/2023 05:41:03 +0200 Scott Kitterman wrote:
>>> On April 20, 2023 4:18:08 PM UTC, Dotzero <dotzero@gmail.com> wrote:
>>>> On Thu, Apr 20, 2023 at 11:38 AM John Levine <johnl@taugh.com> wrote:
>>>>> It appears that Alessandro Vesely  <vesely@tana.it> said:
>>>>> 
>>>>>> IMHO at least an appendix should say that if you can't do anything better you have to rewrite From: with examples of legitimate display-phrase, expanding a bit the first bullet in Section 11.4. That can also be a good place to explain the kind of damage DMARC causes. >>>
>>>>> Absolutely not. This sort of thing is utterly outside the scope of our job and wasting time on it just further delays our already extremely late work.
>>>> 
>>>> +1
>>>> 
>>>> There are many things John and I may disagree on but he clearly understands why avoiding scope creep (and bad ideas) is important.
>>> 
>>> Definitely agree with both of you on this.
>>
>>Eeeh, what an uprising!  I just proposed a couple of paragraphs, not a new rocket science theory.
>>
>> As for the badness, why wouldn't a concise but detailed explanation be better than obscure forbiddings and dark forebodings, such as MUST NOT be used by humans or interoperability will break down?
>>
>> BTW, what's the outcome of that discussion?
> 
> That, specifically is a question for the chairs, so no idea.


My recollection is that Barry said a Proposed Standard can get away without 
MUST NOT.  Had we been we aiming at full standard directly before?


> There are a nearly infinite set of few paragraphs we could write that would make things clearer.  If we ever want to finish this, some of them need to be out of scope.


Fully agreed.  However, I think we must select out of that "nearly infinite 
set" the paragraphs that explain the MLM issue and other interoperability 
damage, which includes From: rewriting.

Meanwhile, digressions about ATPS and similar schemes can help casting some 
light on future evolution.  From: rewriting cannot be the final solution; it is 
a temporary hack.  Digressions don't slow down the publication, as discussions 
about actual text quickly prevail.  They are just a mean to help convergence 
toward a common vision of the future.


Best
Ale
--

v2.23.0 | Report a Bug | By Email