IETF Logo Mail Archive

Re: [dmarc-ietf] indeterminisim of ARC-Seal b= value

"Murray S. Kucherawy" <superuser@gmail.com> Thu, 30 March 2017 08:52 UTC

Return-Path: <superuser@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01BEC12922E for <dmarc@ietfa.amsl.com>; Thu, 30 Mar 2017 01:52:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 27QYRCD7FDXR for <dmarc@ietfa.amsl.com>; Thu, 30 Mar 2017 01:52:28 -0700 (PDT)
Received: from mail-vk0-x22c.google.com (mail-vk0-x22c.google.com [IPv6:2607:f8b0:400c:c05::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 83A60128B4E for <dmarc@ietf.org>; Thu, 30 Mar 2017 01:52:28 -0700 (PDT)
Received: by mail-vk0-x22c.google.com with SMTP id z204so46519986vkd.1 for <dmarc@ietf.org>; Thu, 30 Mar 2017 01:52:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=/ohxSUpV1zv2mjxZbxoHKfKDU61xUmNI/mUm8eJp4j4=; b=dbsbFPqZYRyVT8MTVnPawb1FobQU2vuR4eW75q3zpZLl+ovDfqlWj/t6WRfNDYBhC6 pIThYymcALpSOlS0q8JmDmjyMS9g+CagkkEWd33XZqXGozjbKZLOgNbukXgehC21EeEB jCEHbAnK94gncy+pWHCr2As9C0LI2du2vpb1IsOtp7f9a5BJOqgC1mbz3iNDB042gzTd fSAb7EfSwqy0F092OQCmKJTUjlTvcUEGw9Mf9ANHbTbLZELohtDgmObuwhtpiD/fY9aC tfcY/RsDqWms3TCDc/DYnERcGds0VnVJDcACb3aile/DzNHi24M1S1dFhwGoTuVtDCz9 rH2w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=/ohxSUpV1zv2mjxZbxoHKfKDU61xUmNI/mUm8eJp4j4=; b=N2jimuPsXG6piqaoi24UJJzYj3g7v/hgqULvD8aK3iOfl+1kuHX4+WOdfYh6jaVtq+ CAO6ZmOXWe/cRCRboiiu81vAHuCzUhnPs/vuYfVfQVxRhDVxZCVwOq2dBzZwTl+HrZow XxMTJnwBOvyTKCOtidCDuM3mjFrG9UiUuyf5I8TYj8BGnd36ejbXki4lAY/iI8IjVyHd gOtv/mFzslGz3pmf1osJ77UktpTPuhkGHXnoIk294KzlDvIfP13gTW8VPFFxGPyh9tuO uY4SDh/KhGL9XCS8uOAAezuuZ/tdml614l2DDL5AfE+FDVr1qkA6QMCpKqc09jq7WeDy E+bA==
X-Gm-Message-State: AFeK/H3Ds2I+3iydAVGM2SdH1Umt4GTMrniblthdroXZ0PuEVTke3LruKV/ub0Y26k/ICUF5BpbjOwUkmqLjYw==
X-Received: by 10.31.73.6 with SMTP id w6mr2290519vka.137.1490863947467; Thu, 30 Mar 2017 01:52:27 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.103.130.70 with HTTP; Thu, 30 Mar 2017 01:52:26 -0700 (PDT)
In-Reply-To: <CAOj=BA1ruma6dp1CQht8sgYQ-xqGGE2a=R7=+DkXmaft8td2hw@mail.gmail.com>
References: <CANtLugO_D1Mz_v_341pc5O1mZ7RhOTrFA3+Ob5-onp72+5uRfA@mail.gmail.com> <20170324212304.85346.qmail@ary.lan> <CANtLugOK4tXqA3ztYwchYsc8+t6KhyNj6mvgEu2wzvwKm_rK7A@mail.gmail.com> <alpine.OSX.2.20.1703262130330.4114@ary.local> <CAOj=BA1ruma6dp1CQht8sgYQ-xqGGE2a=R7=+DkXmaft8td2hw@mail.gmail.com>
From: "Murray S. Kucherawy" <superuser@gmail.com>
Date: Thu, 30 Mar 2017 03:52:26 -0500
Message-ID: <CAL0qLwb8ccRB6207Yifc6NOzZZZn8iBop-7A+9FinKLm=f9toQ@mail.gmail.com>
To: Peter Goldstein <peter@valimail.com>
Cc: John R Levine <johnl@taugh.com>, dmarc <dmarc@ietf.org>, Gene Shuman <gene@valimail.com>
Content-Type: multipart/alternative; boundary="001a114db10aff50e2054beecf5b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/DuBDwABIJsIlQpMl2GnFwIizYC0>
Subject: Re: [dmarc-ietf] indeterminisim of ARC-Seal b= value
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Mar 2017 08:52:31 -0000

On Sun, Mar 26, 2017 at 11:25 PM, Peter Goldstein <peter@valimail.com>
wrote:

> Second, the premise that "it's not hard to write test code..." is simply
> not true.  What would be required to actually write such code would be
> either a) pick a preferred ordering/formatting for these tags, and only
> have the tests pass for that ordering or b) include a complete ARC
> verifying system in the test code.  The first is what OpenDKIM did for its
> specs (see below).  The latter is possible, but seems ill-advised for a
> test suite.
>

OpenDKIM does both.  At some point when it was still "dkim-milter", when it
came time to write tests (because at one point there were none), I mainly
wanted to assure that commits made didn't cause any regressions;
correctness could be affirmed in other ways like at interop events or
through other implementers' auto-responders.  So I picked a tag ordering I
liked, generated a bunch of signatures with it, and then wrote tests that
did two things with them:

1) Confirmed that the signing code produces those specific signatures given
fixed inputs (timestamp, key, selector, domain, canonicalization, etc.).
This was inherently a tautology at the time I generated them of course, but
my goal was just to ensure no regressions were introduced.  I didn't know
for sure that the output was right, but I knew it would be consistent.

2) Since OpenDKIM conveniently includes a verifying capability, there are
some tests that instantiate the library to produce a signature, then
re-instantiate the library to verify it.  Obviously this doesn't prove that
its signatures are correct, but they do prove that its code is consistent
with itself, and again that changes made later don't break verifying.

None of this was done with an eye toward making my test suite applicable to
other implementations.  It's only for my own.  What we're talking about
here is different: coming up with tests that could be applied to any
implementation, not to a specific one, so long as they agree on fixed
syntax and inputs.

To see that this is the case, it's useful to look at two earlier email
> standards and their corresponding test suites.  SPF has a language-agnostic
> test suite (http://www.openspf.org/Test_Suite) that makes it easy to test
> implementations in any language.  I've done it myself, and it requires
> minimal effort - https://github.com/ValiMail/
> coppertone/tree/master/spec/open_spf.  I can tell you from personal
> experience that the test suite was really helpful in ensuring the
> implementation was correct in all cases.
>

An inherent difference between SPF and DKIM is that the order of the tokens
in SPF is significant.  In DKIM, reordering tags changes nothing about the
meaning of the header field, though obviously it alters the resulting
header hash.  In contrast, the order of tags in SPF is necessarily
specified.

-MSK

v2.23.0 | Report a Bug | By Email