IETF Logo Mail Archive

Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5.1.2 - cv=fail should sign greedily

Dave Crocker <dcrocker@gmail.com> Wed, 15 August 2018 20:13 UTC

Return-Path: <dcrocker@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDF4F131071 for <dmarc@ietfa.amsl.com>; Wed, 15 Aug 2018 13:13:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iklyICihZOQ6 for <dmarc@ietfa.amsl.com>; Wed, 15 Aug 2018 13:13:47 -0700 (PDT)
Received: from mail-pl0-x22b.google.com (mail-pl0-x22b.google.com [IPv6:2607:f8b0:400e:c01::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 52A56130DE3 for <dmarc@ietf.org>; Wed, 15 Aug 2018 13:13:47 -0700 (PDT)
Received: by mail-pl0-x22b.google.com with SMTP id g6-v6so924403plq.9 for <dmarc@ietf.org>; Wed, 15 Aug 2018 13:13:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=unQ6MY/r0HqAMHvKyIqHIYULCn+N2qkwcP1kr2SXt3A=; b=DQg7tyBzRjj713uxgc1ebpIndUw0T89svkxSVrI4PVQBpGJi3BDUzH0BnhQGNUvYHI AS93ZWPh9K+v+NooqDjZrJbnntU9U9jc20MIEzQ3sOehi+StUeJiQqDZ5FIFhQZVpQUf UNjLxy+WwsvNRCJdxzX7FES/pyZewXy1ghYrB4/N7W8z+n5MofRC2Qw0dsJcjFfDHVwU JV286DOa6OVXU8nl3MnnN7XQV96SO4lKs8Ipbsl98zVO1h+w6GgXoAULM0D1zJ5YSr6S hUE33o7j6fhOsgQrLYJrwI1gxTi9jLlQV0vRmal8yT3ZyzRgqA1hBdc+Esf04UqJKKos biyg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=unQ6MY/r0HqAMHvKyIqHIYULCn+N2qkwcP1kr2SXt3A=; b=c9XClZjVWyogAAntLqawLxsCRaoaVmNt8xZ09ojObC6dUla+VtipOFk3qJdIs5dQhq h7sgzgTpW+caoQB5vfM/l/O6/LenK+lFycRLKC5f27kLMDYoQ5vyPW+oVFe3U4Msv7Y3 gPFPc9suUNhVKsKPI+iHONZyZy0FjbaIdaZeVaESpUOtpB7tqXBQxb4q/lKodmIemO+2 F9ciho+ri2WaEaaxU/peskt2Hy5HlrZBptJ0+/sJ0aKQgHKiAioNhHCa7Sg5KcZjhH+v sg4KCklQ/ugjIdQ0mH0Z7mPwprMSPDpikQ7tjkQ1vJbHV5EmINQSpP+OC8yFPQ53NPYj 5x3g==
X-Gm-Message-State: AOUpUlEPCTfg1vdr1LDb+clyJsHMKG6f4LiULngt7r0tgBc25lf1eaG7 V91a0D+OrjtClyt+xVkDCo8s9vUd
X-Google-Smtp-Source: AA+uWPwsDxX5vmajbV0DurXuMG06ssuWAbNizSjv3RC9terAGUlfLnM6yMcCJeVj6k0tMy54sRNq6g==
X-Received: by 2002:a17:902:7446:: with SMTP id e6-v6mr26094411plt.161.1534364026435; Wed, 15 Aug 2018 13:13:46 -0700 (PDT)
Received: from [192.168.1.168] (76-218-8-128.lightspeed.sntcca.sbcglobal.net. [76.218.8.128]) by smtp.gmail.com with ESMTPSA id s73-v6sm35308801pfi.154.2018.08.15.13.13.44 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 15 Aug 2018 13:13:45 -0700 (PDT)
To: John R Levine <johnl@taugh.com>
Cc: dmarc@ietf.org
References: <20180815183022.09ED420038205D@ary.qy> <5a48a9af-1dc7-92dd-eaa8-c1df09ae26cf@gmail.com> <alpine.OSX.2.21.1808151449300.17305@ary.qy> <bd537a2a-5396-9d11-bef4-2363382d8954@gmail.com> <alpine.OSX.2.21.1808151550370.18082@ary.qy>
From: Dave Crocker <dcrocker@gmail.com>
Message-ID: <75b6e888-43fa-af1d-32ca-c16f54b35b7b@gmail.com>
Date: Wed, 15 Aug 2018 13:13:43 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <alpine.OSX.2.21.1808151550370.18082@ary.qy>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/G-5AIvL1I7zFofdC9auFRab_CHs>
Subject: Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5.1.2 - cv=fail should sign greedily
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Aug 2018 20:13:49 -0000

On 8/15/2018 12:54 PM, John R Levine wrote:
> Can you explain in words the damage that cv=fail signatures will cause, 
> and a rough idea of the cost to ARC signers and verifiers?  To me the 
> answers are none, and trivial.


You have the obligations reversed.  When adding things -- which adds 
overhead and makes the system more complicated and increase the 
likelihood of bugs -- the affirmative obligation is on folk advocating 
the addition.

As for the fact that there are other mechanisms of limited or unknown 
benefit that we've had, possibly for a long time, everything about ARC 
is significantly more complicated, including this failure add-on.

And the add-on is of especially unclear benefit.  It has intuitive 
appeal, which seems to get in the way of being able to clearly address 
actual need and benefit.

At any rate, I've expressed my concerns more than amply and don't feel 
the need of arguing my position further.

d/

-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net

v2.23.0 | Report a Bug | By Email