Re: [dmarc-ietf] Response to a claim in draft-crocker-dmarc-author-00 security considerations

["Douglas E. Foster" <fosterd@bayviewphysicians.com>]

Your credit card scenario is one legitimate way of viewing the problem.   I have also been thinking about a credit card scenario, but coming to a different conclusion:

For many years, Bill Smith has been using the credit card of his sister-in-law, Tracy Jones.   This is an informal arrangement because Bill does not want a card of his own.    He faithfully pays Tracy for all of his charges.   No cashier has ever asked Bill for any ID other than his credit card.

Suddenly, the bank reissues all cards with photos, in an attempt to reduce card fraud.   Cashiers begin looking at the photos and will not let Bill use Tracy's credit car anymore.   Bill cries foul because he has the cardholder's permission.    Bill has the trust of Tracy, but he does not have the trust of the bank, and as a result, he does not have the trust of the retail clerk.

Should the bank remove those photos to accommodate Bill?

DF

----------------------------------------
From: Dave Crocker <dcrocker@gmail.com>
Sent: 7/21/20 3:45 PM
To: Dotzero <dotzero@gmail.com>
Cc: IETF DMARC WG <dmarc@ietf.org>
Subject: Re: [dmarc-ietf] Response to a claim in draft-crocker-dmarc-author-00 security considerations
On 7/21/2020 12:32 PM, Dotzero wrote:

On Tue, Jul 21, 2020 at 2:06 PM Dave Crocker <dcrocker@bbiw.net> wrote:
On 7/21/2020 10:58 AM, Dotzero wrote:
For this case, DMARC externalizes that internal personnel problem.

But it does not fit the definition of "spoofing".

Please note that I did noy use either the word "spoof" or "spoofing".  You wrote "MLM is authorized by the user". Someone without authority cannot authorize. In this case the user externalized the problem, not DMARC.

That's simple incorrect.

I give you my credit card, telling you to use it only for gasoline purchases while running errands for me.  You take the car on a cross-country joyride, running the cc charges for gasoline up.  The stations that  charged the gas to the card did nothing wrong.  The problem is internal, between you and me.

The MLM's did not do any spoofing.  They acted appropriately, as they have for 45 years.

If the domain owner has a problem with the user's behavior, that's internal, between the domain owner and the user. 

Using language that casts the MLM as doing something wrong is a fundamental misrepresentation of the situation.

> If that is the problem, why did you participate in the original DMARC
> effort? The issue was clear even back then.

The original DMARC effort was, in fact, to detect actual cases of
spoofing, namely unauthorized use of a domain name by outside actors.

Different problem.

Actually, part of the effort was to enable Sending domains to identify their own mail that was being sent without aligned DKIM signing or from places not authorized through SPF - in other words, not properly authorized but legitimate, hence feedback loops.

This was a point of significant confusing during the initial effort. 

It is not reasonable to impose a substantial and permanent cost on the external internet, for an organization's inability to monitor and regulate behavior within the organization.

Whereas it is entirely reasonable to have a standard that facilitates detecting externally-generated traffic that has unauthorized use of a domain name.

d/

--  Dave Crocker Brandenburg InternetWorking bbiw.net