IETF Logo Mail Archive

Re: [dmarc-ietf] UNCOL and Reversing modifications from mailing lists

Baptiste Carvello <devel@baptiste-carvello.net> Wed, 24 November 2021 20:54 UTC

Return-Path: <devel@baptiste-carvello.net>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F8253A0C1C for <dmarc@ietfa.amsl.com>; Wed, 24 Nov 2021 12:54:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.75
X-Spam-Level:
X-Spam-Status: No, score=-3.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-1.852, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A5g2AdU9Rau2 for <dmarc@ietfa.amsl.com>; Wed, 24 Nov 2021 12:54:51 -0800 (PST)
Received: from www210.your-server.de (www210.your-server.de [78.46.0.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D16183A0C1B for <dmarc@ietf.org>; Wed, 24 Nov 2021 12:54:49 -0800 (PST)
Received: from sslproxy02.your-server.de ([78.47.166.47]) by www210.your-server.de with esmtpsa (TLSv1.3:TLS_AES_256_GCM_SHA384:256) (Exim 4.92.3) (envelope-from <devel@baptiste-carvello.net>) id 1mpzHt-0006cV-UV for dmarc@ietf.org; Wed, 24 Nov 2021 21:54:41 +0100
Received: from [2001:41d0:fe87:7000:494b:3fe:9ab5:6cf2] by sslproxy02.your-server.de with esmtpsa (TLSv1.3:TLS_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <devel@baptiste-carvello.net>) id 1mpzHt-0003Jd-Q4 for dmarc@ietf.org; Wed, 24 Nov 2021 21:54:41 +0100
To: dmarc@ietf.org
References: <20211123203406.73152307DA83@ary.qy> <cb57d32d-038d-61f6-528c-d86d529fac10@tana.it>
From: Baptiste Carvello <devel@baptiste-carvello.net>
Message-ID: <0328a88e-7dcc-f7c6-9cfb-8c4f90a9afd0@baptiste-carvello.net>
Date: Wed, 24 Nov 2021 21:54:41 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0
MIME-Version: 1.0
In-Reply-To: <cb57d32d-038d-61f6-528c-d86d529fac10@tana.it>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Authenticated-Sender: webmaster@baptiste-carvello.net
X-Virus-Scanned: Clear (ClamAV 0.103.3/26363/Wed Nov 24 10:19:30 2021)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/GZjJI9PeT6KpBIn5yzQ_18DMxcY>
Subject: Re: [dmarc-ietf] UNCOL and Reversing modifications from mailing lists
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Nov 2021 20:54:55 -0000

Hi,

Le 24/11/2021 à 12:00, Alessandro Vesely a écrit :
> 
> ARC implies a reliable global reputation system, which only giant 
> providers can afford.

Not necessarily. It only imply that the evaluator has some reason to 
consider acceptable that this particular message be handled by this 
particular forwarder.

If, for example, the evaluator can know for sure that the author 
designated in the From field really sent a message to the forwarder 
immediately before the forwarded message came in, the probability that 
the message is genuine is much higher [1].

Beginning of this month, I proposed an idea to achieve just that.

Cheers,
Baptiste


note [1]:
indeed, the attack model then changes from "send a message with a faked 
 From header" (easy) to "somehow have your target send you a genuine 
message so you can modify and forward it" (possible, but much harder, 
needs a targeted attack). Only high profile targets need to care about 
the second type of attack.

v2.23.0 | Report a Bug | By Email