IETF Logo Mail Archive

Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5.1.2 - cv=fail should sign greedily

"Kurt Andersen (b)" <kboth@drkurt.com> Fri, 17 August 2018 21:30 UTC

Return-Path: <kurta@drkurt.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C83D130FC2 for <dmarc@ietfa.amsl.com>; Fri, 17 Aug 2018 14:30:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=drkurt.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eaNiagk2PP8a for <dmarc@ietfa.amsl.com>; Fri, 17 Aug 2018 14:30:03 -0700 (PDT)
Received: from mail-lf1-x135.google.com (mail-lf1-x135.google.com [IPv6:2a00:1450:4864:20::135]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 954DA130FBB for <dmarc@ietf.org>; Fri, 17 Aug 2018 14:30:02 -0700 (PDT)
Received: by mail-lf1-x135.google.com with SMTP id f18-v6so6860761lfc.2 for <dmarc@ietf.org>; Fri, 17 Aug 2018 14:30:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=drkurt.com; s=20130612; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=8dMPXaPYGhwSF4RZDGlCoXg1ddWyy0Qi8YgVNKucV7M=; b=YK6Hih5IqU/smucodrWBRVFPW8bn77jWA1V19lJGIhgU+PrcOavvM2DdAn8AKhX8/6 drhErusLa6JJvCl0NjEo41KcaIY2BgVJx/0O8pnnfOnw8YeXRckpgcnUf0z1BLXOY9XT Jj9/OSKM17LFGlbc0vUmU92zvGLXRSI9X4N7w=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=8dMPXaPYGhwSF4RZDGlCoXg1ddWyy0Qi8YgVNKucV7M=; b=TQqukcxJ4kBiikObbZ1UyUFxzjLWvSPq35f3lPfCuHhRnHnfdXqSj3dE49ue4JxnGx YqcdVYccfhzocVJTMcIsE8/EzKDiNkq8hN/Jrf4Iz2wyOHo9GCyMASh4w2jpcy9P2DDf eq2gEOjYcNrbApEWKUrDO1TEGzyktvSHO2s5ArGeVLVYPxKvC6dhB8SN4w29cqYvI+mf xw7+39rKSVWgjNzbJ+vGiL31qhFTP9RgRrCkcgZe+y866wEQ2ou4W69QBjBl6Iq4hRfc xvVIcNKN9XiYzFpSvkG0tkq7Xwe7Z34qAMdc31Sg5fee72tvm+Rh57rJgEhc52bVxnH8 ltWw==
X-Gm-Message-State: AOUpUlF5LanAc1o3HufBhdqiv3tZ/38svCd3+vwdWcDEfdYWPhszrrxy 6yxNMswF1I3I8DsgfVpcg+o+LGkm6ALUbG+oFAU77g==
X-Google-Smtp-Source: AA+uWPzsv0w94KWsTjhf2cIN7lGMDomY00GIWYW0KSNv4kXz1WVle1HxkMF+SD+Ib2QXfEnZZjTPCi/mFooYHB0eZuY=
X-Received: by 2002:a19:8f10:: with SMTP id r16-v6mr8642493lfd.1.1534541400781; Fri, 17 Aug 2018 14:30:00 -0700 (PDT)
MIME-Version: 1.0
Sender: kurta@drkurt.com
Received: by 2002:a19:5943:0:0:0:0:0 with HTTP; Fri, 17 Aug 2018 14:29:59 -0700 (PDT)
In-Reply-To: <a14464deaad64e14982740852c56fe81@COPDCEX19.cable.comcast.com>
References: <20180815183022.09ED420038205D@ary.qy> <5a48a9af-1dc7-92dd-eaa8-c1df09ae26cf@gmail.com> <alpine.OSX.2.21.1808151449300.17305@ary.qy> <bd537a2a-5396-9d11-bef4-2363382d8954@gmail.com> <alpine.OSX.2.21.1808151550370.18082@ary.qy> <a14464deaad64e14982740852c56fe81@COPDCEX19.cable.comcast.com>
From: "Kurt Andersen (b)" <kboth@drkurt.com>
Date: Fri, 17 Aug 2018 14:29:59 -0700
X-Google-Sender-Auth: mTBzq-9UPmhaomR7VEeF3_ekXho
Message-ID: <CABuGu1r8C9zvXfPVnY5NvkveydMdbXPKi-HNvQ398sDyshYe3A@mail.gmail.com>
To: "Brotman, Alexander" <Alexander_Brotman@comcast.com>
Cc: John R Levine <johnl@taugh.com>, Dave Crocker <dcrocker@gmail.com>, "dmarc@ietf.org" <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000164c4d0573a843d5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/C8NV19zmlXjgybwrkaiXIBqwyW8>
Subject: Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5.1.2 - cv=fail should sign greedily
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Aug 2018 21:30:05 -0000

I'm still at a bit of a loss as to how one can effectively do a "greedy"
seal over a broken chain in a deterministic fashion. I'm also not sure why
one would report much of anything (back to the hypothetical sending domain)
from a broken chain, given that it has no validity.

--Kurt

On Fri, Aug 17, 2018 at 12:43 PM, Brotman, Alexander <
Alexander_Brotman@comcast.com> wrote:

> I'd say that I agree with John (and Seth) on this one.  I'm not sure if a
> consensus was reached, though it doesn't appear so.  I think the idea that
> being able to have trust in the broken chain information potentially sent
> back to us as a report has value.  It's hard to be sure that the value will
> override the cost of the signature, but as John suggested below, I can't
> imagine the cost to be very high.
>
> --
> Alex Brotman
> Sr. Engineer, Anti-Abuse
> Comcast
>
>
> -----Original Message-----
> From: dmarc [mailto:dmarc-bounces@ietf.org] On Behalf Of John R Levine
> Sent: Wednesday, August 15, 2018 3:54 PM
> To: Dave Crocker <dcrocker@gmail.com>
> Cc: dmarc@ietf.org
> Subject: Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5.1.2 - cv=fail
> should sign greedily
>
> On Wed, 15 Aug 2018, Dave Crocker wrote:
> > This is a very different kind and degree of vague (and without
> > precedent, I believe (unless someone can point to operational
> > experience on the net that is similar?)
>
> I believe there are lots of trace fields that don't have a concrete use.
> I am not familiar with any standardized use of the values in the ID field
> in Received headers, although they're often handy in practice to track down
> the details of what happened to a message.
>
> Can you explain in words the damage that cv=fail signatures will cause,
> and a rough idea of the cost to ARC signers and verifiers?  To me the
> answers are none, and trivial.
>
> R's,
> John
>
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>

v2.23.0 | Report a Bug | By Email