Re: [dmarc-ietf] Response to a claim in draft-crocker-dmarc-author-00 security considerations

"Douglas E. Foster" <fosterd@bayviewphysicians.com> Sun, 19 July 2020 12:13 UTC

Return-Path: <btv1==469a0311ee2==fosterd@bayviewphysicians.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 287993A097D for <dmarc@ietfa.amsl.com>; Sun, 19 Jul 2020 05:13:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTML_TAG_BALANCE_BODY=0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bayviewphysicians.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cjLERlcm_cjT for <dmarc@ietfa.amsl.com>; Sun, 19 Jul 2020 05:13:51 -0700 (PDT)
Received: from mail.bayviewphysicians.com (mail.bayviewphysicians.com [216.54.111.133]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6274F3A097C for <dmarc@ietf.org>; Sun, 19 Jul 2020 05:13:51 -0700 (PDT)
X-ASG-Debug-ID: 1595160825-11fa3107a810c70001-K2EkT1
Received: from webmail.bayviewphysicians.com (smartermail4.bayviewphysicians.com [192.168.1.49]) by mail.bayviewphysicians.com with ESMTP id kJwfsot2BRqQNEtH (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NO); Sun, 19 Jul 2020 08:13:45 -0400 (EDT)
X-Barracuda-Envelope-From: fosterd@bayviewphysicians.com
X-Barracuda-RBL-Trusted-Forwarder: 192.168.1.49
X-SmarterMail-Authenticated-As: fosterd@bayviewphysicians.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bayviewphysicians.com; s=s1025; h=from:message-id:subject:to; bh=vseg8aein52Dh2mIAZE7bTGUWklskWLUdy+mkg6w1kk=; b=iYwSwda2mQeVb2Z2wjU0Iwbl02+8eNEkLo3cv9C5pBE8NjET1/jkJyhgWPntX8YDz NGdNke2cjBRLFuuuPPTC6cyJ5hbFeCal7FHRnh7Z8UmfHB5DWdYt4+VngvI0XLmLn 9rBNakosYDUAlIFGQYQjukTz6zQPpZd+tcWeeuhzM=
Received: by webmail.bayviewphysicians.com via HTTP; Sun, 19 Jul 2020 08:13:38 -0400
To: Dave Crocker <dcrocker@gmail.com>, "Murray S. Kucherawy" <superuser@gmail.com>
Cc: IETF DMARC WG <dmarc@ietf.org>
Date: Sun, 19 Jul 2020 08:13:37 -0400
X-ASG-Orig-Subj: Re: [dmarc-ietf] Response to a claim in draft-crocker-dmarc-author-00 security considerations
Message-ID: <eb91e0bcb3f74629b13b9149e3558397@com>
MIME-Version: 1.0
Content-Type: multipart/multipart; boundary="b810581c61a84b17844412b76c8e9b28"
Importance: normal
From: "Douglas E. Foster" <fosterd@bayviewphysicians.com>
X-Exim-Id: eb91e0bcb3f74629b13b9149e3558397
X-Barracuda-Connect: smartermail4.bayviewphysicians.com[192.168.1.49]
X-Barracuda-Start-Time: 1595160825
X-Barracuda-Encrypted: ECDHE-RSA-AES256-SHA384
X-Barracuda-URL: https://mail.bayviewphysicians.com:443/cgi-mod/mark.cgi
X-Virus-Scanned: by bsmtpd at bayviewphysicians.com
X-Barracuda-Scan-Msg-Size: 5771
X-Barracuda-BRTS-Status: 1
X-Barracuda-Spam-Score: 0.81
X-Barracuda-Spam-Status: No, SCORE=0.81 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=9.0 tests=HTML_MESSAGE, HTML_TAG_BALANCE_BODY
X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.83307 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- 0.81 HTML_TAG_BALANCE_BODY BODY: HTML has unbalanced "body" tags 0.00 HTML_MESSAGE BODY: HTML included in message
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/DI4LzKLieWVaSr9dvka11IuhUJI>
Subject: Re: [dmarc-ietf] Response to a claim in draft-crocker-dmarc-author-00 security considerations
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Jul 2020 12:13:53 -0000

Your comments mply that for non-MLM messages, the only purpose of rfc5322.From is trust.   A related action would be attribution:  after an attack, whom do I blame?  Domain owners do not want to be attributed to someone else's crime.But obviously, there are other purposes, such as searching and sorting.   These also depend on accurate values.   Consequently, spoofing affects multiple  functions which are important to domain owners and message readers.  You asserted again that nearly all MUAs hide the From address, then ignored contrary data.   Gmail and Outlook have significant user bases.   No one has identified the long list of MUAs that hide, or indicated the market share of those MUAs.What has also not been explained is:   why it is an uncoscienable burden for MLMs to use rfc5322.From addresses of the form user=domain@MLM?  Any such attempt is weakened by your assertions that From matters to no one.Any MLM can create their own rules by operating in a dedicated domain which issues domain accounts to its subscribers.  But as long as it chooses to operate in a shared realm, it must accommodate the needs of others within the shared realm.DF<div>
</div><div>
</div><!-- originalMessage --><div>-------- Original message --------</div><div>From: Dave Crocker <dcrocker@gmail.com> </div><div>Date: 7/18/20  9:32 PM  (GMT-05:00) </div><div>To: "Murray S. Kucherawy" <superuser@gmail.com> </div><div>Cc: IETF DMARC WG <dmarc@ietf.org> </div><div>Subject: Re: [dmarc-ietf] Response to a claim in draft-crocker-dmarc-author-00 security considerations </div><div>
</div>On 7/18/2020 5:16 PM, Murray S. Kucherawy wrote:
> At some point in the past, Gmail decided to show the email address 
> only unless that address was in the recipient's contact list, or if 
> the recipient had replied to that address previously, or something 
> like that.  In those cases, the RFC5322.From address was trusted, and 
> so the display name was shown.  Is there logic like that still in place?


If end users do not reliably make trust decisions based on /any/ of the 
information in the rfc5322.From field, then how is this question 
important.  It seems to be seeking precise data about something that 
isn't even secondary.

The persistence of thinking that end users are influenced by trust 
indicators is pernicious.

d/

-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net

_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc