Re: [dmarc-ietf] Updated mandatory tag/conditional signature draft
"Murray S. Kucherawy" <superuser@gmail.com> Mon, 13 April 2015 18:21 UTC
Return-Path: <superuser@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A93FC1AD0AE for <dmarc@ietfa.amsl.com>; Mon, 13 Apr 2015 11:21:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.701
X-Spam-Level:
X-Spam-Status: No, score=0.701 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MVaBqrPgNGjH for <dmarc@ietfa.amsl.com>; Mon, 13 Apr 2015 11:21:25 -0700 (PDT)
Received: from mail-wi0-x232.google.com (mail-wi0-x232.google.com [IPv6:2a00:1450:400c:c05::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9E7821A1A0F for <dmarc@ietf.org>; Mon, 13 Apr 2015 11:21:24 -0700 (PDT)
Received: by wiun10 with SMTP id n10so77038713wiu.1 for <dmarc@ietf.org>; Mon, 13 Apr 2015 11:21:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=K6Vdi2PpBUMaphu0PGnn5jpbEIhmf/n1WxH436WG0Nc=; b=w7RKRXmwY+WHmEDcWLRsg2rhDbE18Ag3jL94vuLFtMUbpDUWG00ndd4bejC/kGq3fZ ByPbvlPLuuwtUsl9rzAuWTJZQD27mwm/TYtQvdgBRX2Y3ZX1BabuNS2rHUV0akhV/rfp mkNyxtPi3FSaLcwv0tXFTd+59kcqaT6dtdnfc0HS+6CfNPjzUoz1d24UkoQoHdG59Wc7 S4y/XEeuImbzOwpzGTlJgn+w5ZDndVRlmXjZ7Um0MQg/iwk2T1/bN15MDwqxgYWEf6h7 kI1inanEBLHPjvfXivrhqoaZbkMp23IOiC4186j0wVleQEROXC2V6NBK3YmnB7jAXOsq oWJw==
MIME-Version: 1.0
X-Received: by 10.180.80.105 with SMTP id q9mr4922535wix.52.1428949283309; Mon, 13 Apr 2015 11:21:23 -0700 (PDT)
Received: by 10.27.92.17 with HTTP; Mon, 13 Apr 2015 11:21:23 -0700 (PDT)
In-Reply-To: <878udwcvda.fsf@uwakimon.sk.tsukuba.ac.jp>
References: <20150410170856.730.qmail@ary.lan> <1646939.LNu9R6Ga10@kitterma-e6430> <87d238d92k.fsf@uwakimon.sk.tsukuba.ac.jp> <552B5060.3000808@gmail.com> <878udwcvda.fsf@uwakimon.sk.tsukuba.ac.jp>
Date: Mon, 13 Apr 2015 11:21:23 -0700
Message-ID: <CAL0qLwbv_wucVx_xq8M=CxxKHFA7UjmKVaaznaoqkYs8jDYKrg@mail.gmail.com>
From: "Murray S. Kucherawy" <superuser@gmail.com>
To: "Stephen J. Turnbull" <turnbull@sk.tsukuba.ac.jp>
Content-Type: multipart/alternative; boundary="f46d04428e3e6f0c4d05139f2e0e"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dmarc/Ez5cY8vSaT64Njlni6jFMV1USjs>
Cc: "dmarc@ietf.org" <dmarc@ietf.org>, Douglas Otis <doug.mtview@gmail.com>
Subject: Re: [dmarc-ietf] Updated mandatory tag/conditional signature draft
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Apr 2015 18:21:26 -0000
On Mon, Apr 13, 2015 at 12:58 AM, Stephen J. Turnbull < turnbull@sk.tsukuba.ac.jp> wrote: > Douglas Otis writes: > > > If the DMARC domain fails to step up, then a reasonable fallback > > could require the display of the Sender header offering the needed > > alignment. > > I don't understand this. We already see that most professional > spammers exhibit From alignment on much of their traffic. Sender > alignment is just as easy to implement, even if we could expect MUAs > to conform to the "required display of Sender field". Users do not > understand the Sender field as far as I can tell. > To the extent comprehensible, TPA is meant to allow author A to tell receiver B that mail that has C in (for example) the List-ID field should be treated as though it came from A. However, I concur that it means an impostor can simply do what the TPA record says and thereby succeed; few of the properties TPA identifies are authenticated in any way. It might be helpful to get alignment working through paths that invalidate SPF or DKIM, but compared to the fact that it basically advertises how to get a "pass" in an invisible way, it's more scary to me than not. Now, if that isn't the case, then I suggest the document falls short of explaining how this is not an attack vector. Also, Doug insists that this is not registration, but I don't know how he can claim this since it requires a DNS entry for every {A, C} pair that exists which must then be queried by every B that might receive mail from C. Unless I'm not understanding use of the term, that's exactly how I believe we've been using "registration" lately, and the argument on the table is that any registration scheme is basically a non-starter for operators for which the cardinality of AxC is or could be large. As I've pointed out before, ATPS, DSAP, and all other earlier proposals that required a registration step have also been non-starters. I'm not picking on TPA here; I'm saying this entire family of solutions is probably not the best use of our time, and I suggest there's empirical evidence to support that claim. -MSK
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Murray S. Kucherawy
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Hector Santos
- [dmarc-ietf] Updated mandatory tag/conditional si… John Levine
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Anne Bennett
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Murray S. Kucherawy
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Hector Santos
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Rolf E. Sonneveld
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Rolf E. Sonneveld
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… MH Michael Hammer (5304)
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Douglas Otis
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Hector Santos
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Hector Santos
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… John Levine
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… John Levine
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… John Levine
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Hector Santos
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Hector Santos
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Murray S. Kucherawy
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… John R Levine
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Murray S. Kucherawy
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Scott Kitterman
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Brandon Long
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Douglas Otis
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Stephen J. Turnbull
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Stephen J. Turnbull
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Rolf E. Sonneveld
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… John Levine
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Stephen J. Turnbull
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Murray S. Kucherawy
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Scott Kitterman
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Stephen J. Turnbull
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Douglas Otis
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Stephen J. Turnbull
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Murray S. Kucherawy
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Rolf E. Sonneveld
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Scott Kitterman
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Stephen J. Turnbull
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Murray S. Kucherawy
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Douglas Otis
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Douglas Otis
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Stephen J. Turnbull
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Scott Kitterman
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Stephen J. Turnbull
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Scott Kitterman
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Stephen J. Turnbull
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Hector Santos
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Scott Kitterman
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Scott Kitterman
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Stephen J. Turnbull
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Scott Kitterman
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Douglas Otis
- [dmarc-ietf] Publishing and Registration Concerns Hector Santos
- Re: [dmarc-ietf] Publishing and Registration Conc… Terry Zink
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Hector Santos
- Re: [dmarc-ietf] Publishing and Registration Conc… Murray S. Kucherawy
- Re: [dmarc-ietf] Publishing and Registration Conc… Douglas Otis
- Re: [dmarc-ietf] Publishing and Registration Conc… Hector Santos
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Murray S. Kucherawy
- Re: [dmarc-ietf] Publishing and Registration Conc… Douglas Otis
- Re: [dmarc-ietf] Publishing and Registration Conc… Terry Zink
- Re: [dmarc-ietf] Publishing and Registration Conc… Hector Santos
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Murray S. Kucherawy
- Re: [dmarc-ietf] Publishing and Registration Conc… Murray S. Kucherawy
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Rolf E. Sonneveld
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… MH Michael Hammer (5304)
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Murray S. Kucherawy
- Re: [dmarc-ietf] Publishing and Registration Conc… Scott Kitterman
- Re: [dmarc-ietf] Publishing and Registration Conc… Hector Santos
- Re: [dmarc-ietf] Updated mandatory tag/conditiona… Hector Santos
- Re: [dmarc-ietf] Publishing and Registration Conc… Terry Zink
- Re: [dmarc-ietf] Publishing and Registration Conc… Hector Santos
- Re: [dmarc-ietf] Publishing and Registration Conc… Douglas Otis
- Re: [dmarc-ietf] Publishing and Registration Conc… Scott Kitterman
- Re: [dmarc-ietf] Publishing and Registration Conc… Hector Santos
- Re: [dmarc-ietf] Publishing and Registration Conc… Murray S. Kucherawy
- Re: [dmarc-ietf] Publishing and Registration Conc… Hector Santos
- Re: [dmarc-ietf] Publishing and Registration Conc… Terry Zink
- Re: [dmarc-ietf] Publishing and Registration Conc… Scott Kitterman
- Re: [dmarc-ietf] Publishing and Registration Conc… Terry Zink
- Re: [dmarc-ietf] Publishing and Registration Conc… Murray S. Kucherawy
- Re: [dmarc-ietf] Publishing and Registration Conc… Steve Atkins
- Re: [dmarc-ietf] Publishing and Registration Conc… Hector Santos
- Re: [dmarc-ietf] Publishing and Registration Conc… Hector Santos
- Re: [dmarc-ietf] Publishing and Registration Conc… Terry Zink
- Re: [dmarc-ietf] Publishing and Registration Conc… Hector Santos
- Re: [dmarc-ietf] Publishing and Registration Conc… Douglas Otis