Re: [dmarc-ietf] Gaining Legitimacy
"Murray S. Kucherawy" <superuser@gmail.com> Tue, 02 May 2023 04:15 UTC
Return-Path: <superuser@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 07F23C1519B2 for <dmarc@ietfa.amsl.com>; Mon, 1 May 2023 21:15:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SPNbTFDh-hmU for <dmarc@ietfa.amsl.com>; Mon, 1 May 2023 21:15:35 -0700 (PDT)
Received: from mail-ej1-x62c.google.com (mail-ej1-x62c.google.com [IPv6:2a00:1450:4864:20::62c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BFE34C1519B4 for <dmarc@ietf.org>; Mon, 1 May 2023 21:15:35 -0700 (PDT)
Received: by mail-ej1-x62c.google.com with SMTP id a640c23a62f3a-94ea38c90ccso94897866b.1 for <dmarc@ietf.org>; Mon, 01 May 2023 21:15:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1683000934; x=1685592934; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=VVhkfIKuXk0Zsakha825i1tl4rKl1kOwoo4WwV0KVeA=; b=XJLbvadA/THjUs87S/uzCw4OWMol8+d8QtdVEu57DMv5cZTyKbpEiGeyI74OcvUW16 iWvRnBjgZSAXrFtKuoxcEn/bF4CkL3yJox+I2OkW/Py/a6i+6jctt4/OMyIGp9cuIqkB mfDlr0biju/tbw9xWnNWIIplB0wvMjGrSU6gIp/+JfqA65akDspQJEVq28oCDc9E0FFs /1YMnMj+EJy8HGgUc7RXrlBacFk5fq+00CcUCKJ4dNXPQjtE0+ALhfjRU3jEdxaohg8s Pe3cAZV+RReFvF+0t03s4JaFpZaFrKrYLzEQW53cVTNn4H/lU7/+HXCgTNGe4LzkMxUY PlTQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683000934; x=1685592934; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=VVhkfIKuXk0Zsakha825i1tl4rKl1kOwoo4WwV0KVeA=; b=BfnMK5tw+9l8R4yP4dHf79FaZQBhn/hscNFMvgMXCnpiiNLXpUyxxR9iim1cAzRskq aALH8LtdY3kWespSEsOPmxIw0GIPsZYlvP62L+hw7JNkYXK6FlKCDXcnT4ONNkZocsnN TITJXJoVMDqszV/de4QlO3pTyNncHVPYPAt/scnXfMfN1lUb9uDQZuM4bj1/q99rPP5J S+foauSQ27p8krlSq7+elD47B7ci7/kjI29ujz7/U3UyAfl5vhh8djWRbe/innYSdD42 GB4Cn4h40bZ8uzKyfKxn/Xh/3BLcWuGlmRhKtVVfcX+ck/jrmJ02E0z1DiEB9x1amCZl 7yDQ==
X-Gm-Message-State: AC+VfDwcyiZD8tF9RdDtA+qiszgEZdUpZ1EHVXQp0B30mBG4UiwSjHfo XeXiKuaVTt84gxfWxVGWptd8R9eyAh9tAVwAr514Ebmm
X-Google-Smtp-Source: ACHHUZ7WSRLu4Jgkb8b1UTiHl3V/aLtBNQLtrM+eRK+fFVJq4siOfc2L1DuZydjgmE3tMf+VFmpXX2bkGehMQN5pwf8=
X-Received: by 2002:a17:906:73cb:b0:94a:5f0d:d9d6 with SMTP id n11-20020a17090673cb00b0094a5f0dd9d6mr938262ejl.4.1683000934115; Mon, 01 May 2023 21:15:34 -0700 (PDT)
MIME-Version: 1.0
References: <CAH48Zfzt9Q-1vfF0NCSMn1k3PpVBbKaTZQXCNV9Wnya23DEMhw@mail.gmail.com>
In-Reply-To: <CAH48Zfzt9Q-1vfF0NCSMn1k3PpVBbKaTZQXCNV9Wnya23DEMhw@mail.gmail.com>
From: "Murray S. Kucherawy" <superuser@gmail.com>
Date: Mon, 01 May 2023 21:15:21 -0700
Message-ID: <CAL0qLwbOiCt3w-YOpit6YAm3a3Wg0YU=Fug=fxsEvWceW1Z1HA@mail.gmail.com>
To: Douglas Foster <dougfoster.emailstandards@gmail.com>
Cc: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000d5abc705faae307f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/9aGriBDmYcchl4fYf4Jbqj53OjQ>
Subject: Re: [dmarc-ietf] Gaining Legitimacy
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 May 2023 04:15:38 -0000
Replying to something almost two weeks old, apologies: On Tue, Apr 18, 2023 at 7:10 PM Douglas Foster < dougfoster.emailstandards@gmail.com> wrote: > When John says that list members plead their case, but their pleas are > dismissed unsympathetically, it is evidence that mailing lists have a > legitimacy problem. As with many social issues, there are extremes: AOL > has unmoveably chosen security over list access. The EDU community has > chosen list access over perceived security benefits. In the middle are > people who might be convinced, but need convincing. These are the people > that should be the focus of effort by mailing list advocates. > The first sentence here contains a presumption that mailing lists are under some obligation to prove their legitimacy. This perhaps underscores the chasm between the two perspectives. > As an administrator of a business email system, I find myself in that > middle ground. So here are the areas where I would like to be convinced: > > 1. Why is it necessary for mailing lists, in general, to modify > content? RFC 7960 needed a companion document on this topic, When I > read 7960, I was unmoved because my thought was, "Intermediaries should not > be modifying content in the first place." There must be others who have > the same response. I doubt that RFC 7960 changed any attitudes, because > it never addressed the "why" behind the problem. > > Because consumers of mailing lists expect them to. Users like the Subject tags and the footers and the MIME rewriting and the whatever-else mutations subscribers have come to rely on for (it is not an exaggeration when I say) decades. They have developed automations around them (sorting, filtering, etc.). These features have evolved over many years and are now pretty typical, to the point where a list that doesn't do those things would be an outlier. The mutations have not been standardized, however, probably because nobody has ever felt a need to do so, and some are probably specific to particular implementations. And there's little need to specify them openly; they are all just text and MIME mutations that are fully compatible with whatever transport and storage are applied and the display software that ultimately consumes them. I feel compelled to repeat the same refrain you've heard before: Mailing lists have been around for a long time, and none of this mattered. DKIM appeared early this century, and suddenly there was a problem. Paragraph renumbering is automatic, sorry... > > 1. Even if I become convinced, in concept, that SOME mailing lists > need to make SOME content changes, I would not conclude that ANY mailing > list must be allowed to make ANY change, without limit. Before embracing > a particular list, I would want to know the particulars of what changes > that list makes, and why those changes are necessary to the success of that > list. Isn't that reasonable? Are there any industry norms for this type > of disclosure? If not, why not? If there are norms, why am I unable to > find such information for this list? For this forum, I don't know what > attachments are allowed, whether posts are subject to malware scanning, > whether TinyURLs and their equivalents are allowed, or anything else > related to participation security. I just checked the link at the bottom > of every message, and it contained nothing about these topics. > > I don't think anyone is arguing that absolutely any change is allowed, or should be. There's a relatively small number of mutations that are common. We could probably write them all down; in fact, I think back far enough in this list's archive, I took a run at doing so. But they are in some cases hard to describe, and they can be applied in varying combinations. And since we're talking about DKIM, two implementations that differ by a byte produce different results. Note that this is squarely the problem that the DKIM transforms drafts were trying to address. I think this is probably the first time that there has been a demand made that a subscriber should know a priori how messages to that list might be mutated before distribution. There are no industry norms of this type of which I am aware, probably for the same reason I gave above. If such standards came into existence today, what would we expect people to do with them? What would you do with them? What could we hope automated systems could do with them? > > 1. Assuming that the first two objections are overcome, the last one > remains critical. Acceptance of broken signatures will mean that I > delegate responsibility for sender authentication from myself to the list > server. Can the list under discussion be trusted to ensure that both > MailFrom and From are free of deception? Given my assumption that we are > talking about closed lists, this should be feasible. Ale's abuse > demonstration was a deal breaker for me, because it demonstrated that this > list cannot be trusted with delegated responsibility for > sender authentication. What will be done to restore my trust in this > list? What can be done to ensure that trustworthy sender authentication is > the industry norm, rather than the exception? When I can trust the list > to authenticate every post, I don't need to detect and parse an ARC set on > every message. If I can only trust messages with DMARC PASS in an ARC > Set, then I will never be able to accept more than a subset of all messages > sent to me by a list server. > > There is, to my knowledge, no standard way to establish the trust you're talking about. Today, this is left to the realm of reputation and judgement. > As much as I hear the felt pain of mailing list advocates, I find the list > industry to be woefully deficient on all three of these topics, and I see > no movement to address any of the three. If list advocates want to > increase legitimacy with people in the middle ground, these issues need to > be addressed. Without it, I do not believe your language choice between > "MUST NOT", "SHOULD NOT", and "should not" will make any difference. > Once again, we're placing the burden of proof here on the list implementers and operators. I would like to hear an explanation as to why that's where the burden belongs. Maybe that's right and maybe it's not, but I've yet to see a convincing argument. Otherwise, I'm left with the notion of an exploratory force already set in its ways arriving in heavily populated foreign lands and demanding the inhabitants explain themselves. Until that happens, what I see is an irresistible force and an immovable object, which leaves us with an obligation to document the problems we've been unable to solve and not assign culpability. -MSK, participating
- [dmarc-ietf] Gaining Legitimacy Douglas Foster
- Re: [dmarc-ietf] Gaining Legitimacy Murray S. Kucherawy