Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5.1.2 - cv=fail should sign greedily
Seth Blank <seth@sethblank.com> Mon, 30 July 2018 18:16 UTC
Return-Path: <seth@sethblank.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 36AAD1311EB for <dmarc@ietfa.amsl.com>; Mon, 30 Jul 2018 11:16:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sethblank-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y4LMAhyut2bN for <dmarc@ietfa.amsl.com>; Mon, 30 Jul 2018 11:15:57 -0700 (PDT)
Received: from mail-oi0-x22b.google.com (mail-oi0-x22b.google.com [IPv6:2607:f8b0:4003:c06::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 52358130E96 for <dmarc@ietf.org>; Mon, 30 Jul 2018 11:10:36 -0700 (PDT)
Received: by mail-oi0-x22b.google.com with SMTP id d189-v6so22955516oib.6 for <dmarc@ietf.org>; Mon, 30 Jul 2018 11:10:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sethblank-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=ryefvDV0qrmn6UE3NeYL0cVl4vNxckpxkNb0BpN7/XQ=; b=SSCTznwpARoGcKnjpCW9FzHzHB3o09HZm5jUX9xD/Knie0PaAEtXLEqku/Cx9Ju7wB 1O+qo8GqdZrJNLhH2V8HxnJCGWBlfPWyHLLa18sWXfTPw2LgAVN76iWMNlw2y3Mwtei3 2zqopZTgJwTpwhGKa9mwOjvZWty+3oCtFywLCSQU+//85CoOJInJ6/uzdHtR37pwZ1yO SQ+XbNGLh5pMQepxu5zSZtgrlBKd3u+35N2iz+pJDhk8S7WFInyjiWHBgv1fzhfDOKLh Et9ALxiW6DeI36Vz369CdduKF3fD46QKR9gs0tuMmQNLMrMlWMJTCmNwBTIuObpbf/C0 b0Ow==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=ryefvDV0qrmn6UE3NeYL0cVl4vNxckpxkNb0BpN7/XQ=; b=VJ5plVQfu0k0fuITKDcqdrTGoxM9k7aeuEDMWoogBmeKRImcdcSb9dY9bmH+ssjWCr Nj596Ryewc7HodWRaYEcLQz2NDtGmGTtUwU73xzCGlFHvy4LhuzX1ymkfrfgVSksBtxk f2Hfage9iJ0YxT/45h/4SKhq5+zYMSxB2f404ObKp4SQ+Hi5AzLUG35jODUW5h2S1plQ j7RskNa+lyuJsfBz5H29sfwHDW1wcWnljREs0w5B7CwCJFGl/VfbsIv2fMQFDCsu7lVD XMmAHVaBYLwKZx/ATe9CkDp44WFKma/F2av6s++d4Y1uObUeaaNCe88hiGAj2JAsScx0 HHyg==
X-Gm-Message-State: AOUpUlFfBfIlTeIGGQ9F35NDYdIdxtqrO/t29WKW+cEGQaLbghxcnCWw GISbtAKZCeOmvX8femLbjZ6TB0Ci1nqqx+dFMHHoFSc6v/A=
X-Google-Smtp-Source: AAOMgpdL94cKkZbRMSnS+m+gJcrpfK1xxpDq65GnyhHYteQPu9i2j0Cx0gfURDBPtB81br+mQQBoGNq5oJaC8uaNRY0=
X-Received: by 2002:aca:cdc2:: with SMTP id d185-v6mr5595011oig.350.1532974235232; Mon, 30 Jul 2018 11:10:35 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a9d:2646:0:0:0:0:0 with HTTP; Mon, 30 Jul 2018 11:10:14 -0700 (PDT)
In-Reply-To: <1532905189.2879805.1456751232.5F2CDCE4@webmail.messagingengine.com>
References: <CAD2i3WMMJPaZYonS-qcz8pwOKYmS2Xe+8WBZPuAqjiGoYePzSg@mail.gmail.com> <CAL0qLwapyX3U=0OqQWzx+dDELn3W0v=N_HyzDnSw49oWQ+SE5Q@mail.gmail.com> <CAD2i3WN90JSS8pzgRxrbokuKmhZaLUrimYRWqkZwzVDBxTczng@mail.gmail.com> <CAL0qLwZ_uPh5iPkS7MKzDp3x=dAgn-hmsEunccDc3Hj2bsphpQ@mail.gmail.com> <CAD2i3WM99Yy6Y=BQE4dC=Ffm7J32My160Xdm2oxXC50Au9tXoA@mail.gmail.com> <1532745551.208119.1455489824.75DFC005@webmail.messagingengine.com> <CAD2i3WOHjUwi3J=xsLca5_4DJL=S+jaReGRC1fBQH5wsfWxOVg@mail.gmail.com> <1532905189.2879805.1456751232.5F2CDCE4@webmail.messagingengine.com>
From: Seth Blank <seth@sethblank.com>
Date: Mon, 30 Jul 2018 11:10:14 -0700
Message-ID: <CAD2i3WNBdq9sC+2yRFUh=9ZpQH66kOdLfp8DjGcMjpKrWxF1Uw@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000bdc35a05723b60be"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/Eb_Ueu24wdubnZxnmjyDRINYGUs>
Subject: Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5.1.2 - cv=fail should sign greedily
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Jul 2018 18:16:09 -0000
On Sun, Jul 29, 2018 at 3:59 PM, Bron Gondwana <brong@fastmailteam.com> wrote: > > I'm not sure what you mean by "the veracity of the header field data". > Can you give an example of a cv=fail where there's useful information still > trustworthy in the message, because I don't see it. To use the "chain of > custody" analogy, if you have a bag of evidence and it's been unsupervised > in the hands of an unknown party, the contents have no evidentiary value > any more. > > There's two types of fail - fail on AMS, which could just be a > modification by somebody, and a fail on an AS, which means there's > definitely either buggy software or somebody screwing with the chain. > > But even a single AMS fail means that an unknown intermediary could have > changed every single header that's covered by the AMS. There's no way to > know what they changed. Ditto the body. It could be a totally different > message and there's no way to know because the chain of evidence is broken. > > So again - all that you can know when you see a broken AMS is that > somebody got their hands on a message which had followed the existing chain. > There are two premises to keep in mind: 1) For the first chunk of ARC's life, there will be a significant amount of ARC breakage due to intermediaries who do not properly or yet implement ARC. Some of the data ARC collects may in isolating these intermediaries and helping them properly adopt ARC. 2) we don't know what data is valuable yet, and would rather collect extra data than throw out potentially useful data (Section 11.3.3) Given these, it is worthwhile to capture the chain information even in failing states (i.e. cv=fail should sign greedily), especially when you consider the three major failure scenarios: 1) A good actor improperly Sealing ALL the data in the Chain is valuable, including the breakage, because it isolates the issue and allows that improper Sealer to get feedback and fix their systems. Realistically, there will be a lot of work done here, as intermediaries deploying ARC for the first time may get it wrong. 2) A good actor not Sealing Again, ALL the data in the Chain is valuable, as it would isolate where the breaking intermediary is and allow outreach. This will probably be the most prevalent ARC failure we see in the wild in the near term - mailing lists that do not yet Seal. 3) A bad actor modifying the chain Sure, the Chain is garbage. But if all the AS's validate, then the bad actor's been forced down two paths: either a) they are forced to extend or replay a valid chain, or b) they must create a garbage chain using only domains they have DNS control over. If the AS's don't need to validate, then there are numerous malicious paths an attacker can take to modify the chain in subtle ways.
- [dmarc-ietf] WGLC ARC-16 concern on Section 5.1.2… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Luis =?utf-8?q?Mu=C3=B1oz?=
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Murray S. Kucherawy
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Murray S. Kucherawy
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Murray S. Kucherawy
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Murray S. Kucherawy
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Bron Gondwana
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Bron Gondwana
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… John Levine
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… John R Levine
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Brandon Long
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… John R Levine
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Brandon Long
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Brandon Long
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Kurt Andersen (b)
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Murray S. Kucherawy
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Dave Crocker
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Kurt Andersen (b)
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Dotzero
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Dave Crocker
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… John Levine
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Dave Crocker
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… John R Levine
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Dave Crocker
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… John R Levine
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Dave Crocker
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Brotman, Alexander
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Kurt Andersen (b)
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… John R Levine
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Murray S. Kucherawy
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Hector Santos
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Kurt Andersen (b)
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… John Levine
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Kurt Andersen (b)
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… John R Levine