Re: [dmarc-ietf] ARC-Seal is meaningless security theatre
Hector Santos <hsantos@isdg.net> Wed, 09 August 2017 00:16 UTC
Return-Path: <hsantos@isdg.net>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 60A5113219D for <dmarc@ietfa.amsl.com>; Tue, 8 Aug 2017 17:16:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b=kTDYSzQH; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b=iLDHYxjz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8VI7y2r3gfr9 for <dmarc@ietfa.amsl.com>; Tue, 8 Aug 2017 17:16:37 -0700 (PDT)
Received: from ntbbs.winserver.com (dkim.winserver.com [76.245.57.69]) by ietfa.amsl.com (Postfix) with ESMTP id 1AB901320CC for <dmarc@ietf.org>; Tue, 8 Aug 2017 17:16:36 -0700 (PDT)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=4865; t=1502237792; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=rJ/h1tFuR7PI63TUNGieXXJZtdI=; b=kTDYSzQHgbrezvq8HoTYC6HOwNfkm5277L7uQQTO4KBsHl6V1+/JZUJqkR0Pip viome+gPg/2ZTABwCyCIjIX/bC9U2//+HjBC7uP2I2ddyMHiieTHcuXI8Gn9neW+ I1DODj/GRbMVLwSb5cliiKxwxxUT3ILWOPpfV/JnPmqOY=
Received: by winserver.com (Wildcat! SMTP Router v7.0.454.6) for dmarc@ietf.org; Tue, 08 Aug 2017 20:16:32 -0400
Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; adsp=pass policy=all author.d=isdg.net asl.d=beta.winserver.com;
Received: from beta.winserver.com ([76.245.57.74]) by winserver.com (Wildcat! SMTP v7.0.454.6) with ESMTP id 2301655279.1.1096; Tue, 08 Aug 2017 20:16:31 -0400
DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=4865; t=1502237768; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=Lzd/8O8 H8mAlMH2NkjPTfxzdLoPfsSvqUvjyHV5c+YE=; b=iLDHYxjziDd/lk0rC78P/IU Ie89VgZQdBpPQ7lr7gnDX7l8zI5MauUQLMeK8KiAe1EUarxkmYzIe9kLmg1BnrDE 5TQWz1ja+2Z8fmP1HSYECQYdGW7V7h3iZD7XmHDNlwNXI7LQ2XEtJYi5VjNknKaf qVsKmooOY4SDnuK2dQqU=
Received: by beta.winserver.com (Wildcat! SMTP Router v7.0.454.6) for dmarc@ietf.org; Tue, 08 Aug 2017 20:16:08 -0400
Received: from [192.168.1.68] ([99.121.5.8]) by beta.winserver.com (Wildcat! SMTP v7.0.454.6) with ESMTP id 2844165408.9.270892; Tue, 08 Aug 2017 20:16:07 -0400
Message-ID: <598A545E.3080708@isdg.net>
Date: Tue, 08 Aug 2017 20:16:30 -0400
From: Hector Santos <hsantos@isdg.net>
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1
MIME-Version: 1.0
To: dmarc@ietf.org
References: <1502083287.2191248.1065195288.7CDC7FF3@webmail.messagingengine.com> <CAD2i3WOCFHf7C4qjpCcGCFKJKsZC2+Wty1arkQgTU_jtrS6MuQ@mail.gmail.com> <1502165454.4116080.1066378520.2314FE46@webmail.messagingengine.com> <CABuGu1oTMbuLd4yTwecu5sKFnsmH+HiwT1FG=JpySYHzpMTx_w@mail.gmail.com> <1502200759.3946686.1066841264.607B4D0B@webmail.messagingengine.com>
In-Reply-To: <1502200759.3946686.1066841264.607B4D0B@webmail.messagingengine.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/CyDjDhzYIck_G2XWNh5IVBJnttw>
Subject: Re: [dmarc-ietf] ARC-Seal is meaningless security theatre
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Aug 2017 00:16:40 -0000
On 8/8/2017 9:59 AM, Bron Gondwana wrote: > On Tue, 8 Aug 2017, at 23:36, Kurt Andersen (b) wrote: >> >> Is your concern that the last hop (or any other) can essentially do >> a wholesale replacement of the message contents and that there is no >> way to distinguish that from a semantically meaningless footer tweak? >> >> I'm not sure that I understand your assertion that you can forge an >> AS any more than you could forge a DKIM signature. > > The whole point of verifying the chain of AS all the way back to i=1 > is that you can tell that the message went through those servers, in > that order. > > But it's bogus, because AS doesn't sign anything except itself and > some AMS and AAR. Once AMS doesn't validate any more (any change at > all) then you can't really tell that the message passed through there, > just the _a_ message passed through there. > > So I could take an existing message that had passed through Google and > create a brand new message and pass it off as if it had passed through > Google before passing through my server on its way to you. > > In which case - the AS is meaningless. It claims something which is > only true if everyone plays by the rules. But if everyone plays by > the rules, then it's excessive. You could just check the previous AAR > and know that the previous site had validated the hop before it, and > so on. It's crypto that doesn't add anything of value. > > It's not actively damaging (other than the advice to do excessive DNS > lookups), but it's also not doing anything meaningful, and it's adding > something forgeable that looks like it means something. > I think we are falling back a Policy Model where we need to know what the all important originating Author domain desires. What is the expected here for mail processing by the domain? I thought the main reason, purpose, the "PayOff" for ARC, was to help deal with indirect mail breakage when a DMARC p=reject policy is set and more importantly, SMTP receivers with embedded DMARC support have begun honoring with hard 55x rejects or ACCEPT/DISCARD/SPAM local policy logic. It is the same problem ADSP had, but it wasn't fully realized, only a proof of concept (demo) was shown (here in the list, by me). Receivers had yet to implement or turn on the ADSP DISCARD switch but we envisioned the indirect mail issue would begin when they did. So it was foreseeable Mailing List members would begin to get unsubscribed due to perpetual erroneous receiver rejections. DMARC proved it when the idea was implemented and honored and the screaming began. ARC is trying to automate something without the help of the originating domain. If ARC is suppose to help save the "message" and the author domain from using a p=reject on a mailing list or indirect mail travel, then it leverage the DNS lookup it is already doing. I think we have made this all too complex by resisting a policy concept that helps with all this main processing. ADSP and DMARC had to same issue, so when was ADSP abandoned and replaced with the "Super ADSP" version called DMARC, the only difference was the reporting stuff, which is really not helping. Anyway, food for thought, a DMARC Tag Extension called ArcSeal. I'm just winging it, so the ARC cogs can consider, or not: ArcSeal=All ; All ARC seals must be valid start to finish. ArcSeal=Last ; Only the last sender/ARC signer is necessary (because of the chain of trust). I suppose there is a "Hops" count concept in there, but the ArcSeal tag does not exist, the the message is in an indeterminate state. If it exist, thats added value to the Domain declaring to the world what it expects and allows, including desirable hard rejection. The main thing is the automation. It help with an incentive to encourage implementors sitting on the fence. It can help by relaxing the rejection of the DMARC p=reject policy using ARC. Isn't that a big help? Personally, I really don't want to waste any more years working on this ARC complex proposal and really, this DKIM project since the early 2000s. Folks, we are approaching 15 years on this stuff!!!! It has been a battle of the Trust Model vs Policy Model. We almost had it VBR for TRUST and for Policy with ADSP (proposed standard) plus ATPS (experimental) as a possible solution to the indirect mail problem. But abandoned and replaced with DMARC (Informational) which has the same problem ADSP was abandoned far. Sorry for repeating the same thing, but DMARC is the same problem and whey we are here, no? So if DMARC is it, can we please fix it and have it work with ARC to help resolve the indirect mail problem? If not, than other than marketing bullshit, is there any "mail" benefit and convincing reason why ARC should be implemented? Thanks. -- HLS
- [dmarc-ietf] ARC-Seal is meaningless security the… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Tim Draegen
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… John Levine
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Scott Kitterman
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen (b)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… MH Michael Hammer (5304)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen (b)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen (b)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen (b)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… mhammer@americangreetings.com
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos