Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5.1.2 - cv=fail should sign greedily
"Kurt Andersen (b)" <kboth@drkurt.com> Wed, 15 August 2018 05:28 UTC
Return-Path: <kurta@drkurt.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA884130E43 for <dmarc@ietfa.amsl.com>; Tue, 14 Aug 2018 22:28:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=drkurt.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WsZl0GyBCSQx for <dmarc@ietfa.amsl.com>; Tue, 14 Aug 2018 22:28:40 -0700 (PDT)
Received: from mail-lj1-x232.google.com (mail-lj1-x232.google.com [IPv6:2a00:1450:4864:20::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2D6B8130DDD for <dmarc@ietf.org>; Tue, 14 Aug 2018 22:28:40 -0700 (PDT)
Received: by mail-lj1-x232.google.com with SMTP id p10-v6so103000ljg.2 for <dmarc@ietf.org>; Tue, 14 Aug 2018 22:28:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=drkurt.com; s=20130612; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=iqs+kiVOc+1u9peDadC4pfMC+SkJnfVPRC2KTsoT5SI=; b=b1xBS24P33XkSZs7Ib34hQL2JwCrHqDPrVy4F0WfAZBETfoOokwRwIfGYUVfhEmwOt ju69a5HTytM6JjQJCvkhzR76yA4Ni0s2rsfp348OjGkQ+87oM51Bl7pmHQrkhNXeeZnY +fvRR6GGUV9UX4UPkFjtBEeDe7GZDrF2tgSAA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=iqs+kiVOc+1u9peDadC4pfMC+SkJnfVPRC2KTsoT5SI=; b=splrkV2wC7b4V7CrS0vU7ENav0tjs6o6NbU2fUx1+Oo3+4fVXeNzmr/94EBwPxqwKz w1TWwiPIFw9o8vARK0rHmWaJ1wbtgKgqLRD9VgRE2V7OIHuu2HP33MyYj4W/9dwkPq5A dXbu6n++JTLeR2Dhh/ehr58+3TxzYl5JzvyfEh+KYSmOW7o5fORDwsIemJym/Eic+mqy e5XBS9OEfueC7a9csbi9pI68Axy+nHNV12lfJFSBCtslQZrjNxd83pq99LQEBr6GJ3oL LttBEuGDvIqhdup4C4SYW6m4pRZM4akZPi3j+FhpswqFw93GirzwleO+HHwlDnUUOxSj q38w==
X-Gm-Message-State: AOUpUlFBBFZ6FH30snvYQcjB6T5bRGdm+Lr/8ugz76zc0SGM2yEM0peU d+awLmmRoFVVzN1+7on3v+LJYJSw2nyZhoBLmW/Q6Q==
X-Google-Smtp-Source: AA+uWPzIIBWu8IDbR7NMw9OaZBDQg4/3E9fvSL6nwy0tDuXGb1VHsEG9X8B4xVLUhGN3ryZi1CJ5v0/yDXpkeUo0K5o=
X-Received: by 2002:a2e:9c0f:: with SMTP id s15-v6mr808398lji.97.1534310918108; Tue, 14 Aug 2018 22:28:38 -0700 (PDT)
MIME-Version: 1.0
Sender: kurta@drkurt.com
Received: by 2002:a19:5943:0:0:0:0:0 with HTTP; Tue, 14 Aug 2018 22:28:36 -0700 (PDT)
In-Reply-To: <a6eb3ab9-0e0f-f3e5-9dd0-8d9e992595a0@gmail.com>
References: <CAD2i3WNSe+of7U8fdTnmUeU3sthUbpEVgdYHT9J6BgLxoeOL3w@mail.gmail.com> <20180730221726.713CE200316625@ary.qy> <CAD2i3WMvCugRm4KZeLx3PFb6f_pKR3rs4mnH2FZO4_X7ZA7GHA@mail.gmail.com> <alpine.OSX.2.21.1807302025420.60501@ary.qy> <CABa8R6sWSu9Q+mozxzaVGab3PE2zxqVmt4L6FERSLC1oDTh1oA@mail.gmail.com> <alpine.OSX.2.21.1808031352460.29088@ary.qy> <CABa8R6u_09D9BNiq3fXDXjPVfFeZxHtRa0NyLamKyj033xO72A@mail.gmail.com> <CAD2i3WNJdQ95drzue17UdKEb_6qkN7DuB7WdMbORTSjWGgwJZA@mail.gmail.com> <CABa8R6sgtcAHGt10GQ85PvhYvEZfv1K1SqiFLe7ozWeZ5+Y30A@mail.gmail.com> <CABuGu1rmxMWhUQvzf=uyNVYSb1zGCgWtiak5+yPKaXGWPV4XUg@mail.gmail.com> <CAL0qLwbjpMH30hD8xKnAgT6kJ9wmN9hm3gwnRGmiqTOxKLiHDw@mail.gmail.com> <a6eb3ab9-0e0f-f3e5-9dd0-8d9e992595a0@gmail.com>
From: "Kurt Andersen (b)" <kboth@drkurt.com>
Date: Tue, 14 Aug 2018 22:28:36 -0700
X-Google-Sender-Auth: Dw4ReH7htdnzHxW4KSh8Lu0XMUM
Message-ID: <CABuGu1oVG-=5TtfdQffENQkf5+vQ9Fp44L42nsGY1QgUjzYyHA@mail.gmail.com>
To: Dave Crocker <dcrocker@gmail.com>
Cc: "Murray S. Kucherawy" <superuser@gmail.com>, IETF DMARC WG <dmarc@ietf.org>, Brandon Long <blong=40google.com@dmarc.ietf.org>, Seth Blank <seth@sethblank.com>
Content-Type: multipart/alternative; boundary="0000000000003fc6f40573729947"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/HNhNxyun0v2kA2Gy9bomm5kcbCM>
Subject: Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5.1.2 - cv=fail should sign greedily
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Aug 2018 05:28:43 -0000
On Sat, Aug 11, 2018 at 2:31 PM, Dave Crocker <dcrocker@gmail.com> wrote: > On 8/11/2018 2:20 PM, Murray S. Kucherawy wrote: > >> Sign one" (I think you mean "seal one") remains ambiguous to me, because >> as Seth said, once I see "cv=fail", I don't care about anything else. Now >> I have a seal nobody cares about, which means the sealer shouldn't be >> bothered with generating it, irrespective of what gets fed to the hash. >> >> > +1*10**inf. > > There has been a persistent desire to find a way to continue to process an > ARC sequence that is broken, as if that will somehow make it unbroken or, > at least, /less/ broken. > > It won't. > > As soon as a broken ARC chain is detected, ARC is -- or at least should be > -- finished. ARC-aware not should stop processing ARC for that message. > Completely stop. > > If there is a clear and compelling counter-argument of clear benefit that > can be achieved, will be achieved, and is desired by receivers, what is it? Looking at how ARC chains can fail through the lens of the the validation protocol ( https://tools.ietf.org/html/draft-ietf-dmarc-arc-protocol-15#section-5.2): 1. steps 1-3 are all pre-crypto structural checks. Most of the discussion and concern has been in regard to these sorts of structural failures being introduced by broken implementations or mis-behaving MTAs in the intermediary stages. Up through version 4, we designated such structural failures with a "cv=invalid" flag and A-R(arc)=unknown so that no one would waste further time or resources looking at them; 2. step 4 validates the most recent AMS. If it is broken, then we know nothing about the content being conveyed so "cv=fail" + A-R(arc)=fail makes sense or we could get more specific with A-R(arc-ams)=fail (not currently a defined designation); 3. step 8 (should be 6 if the sub-items had been properly indented) validates the sequence of AS header values. If those do not validate, then the integrity of the chain itself is unfounded. We currently also designate this with "cv=fail" and A-R(arc)=fail but we could distinguish it from failure mode 2 with A-R(arc-as)=fail instead. The only reason to affix a seal with "cv=fail" on the end of an ARC chain is to spare all subsequent handlers from having to venture past step 2 in the validation process. Without that, every intermediary and the final receiver (at least those which validate ARC) will have to repeat the entire sequence of validation up to whatever point in the process a failure is determined. If we want (for some reason that I still don't understand) to have a broken chain "preserved" for hypothetical forensics, we can't do it under conditions of malformation because we have no deterministic list of ARC header fields *to* seal. We could do something defined for failure cases 2 and 3 and some structural violations, but not for all structural violations. That's why I remain convinced that what is currently called for in the spec is the only workable approach. --Kurt
- [dmarc-ietf] WGLC ARC-16 concern on Section 5.1.2… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Luis =?utf-8?q?Mu=C3=B1oz?=
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Murray S. Kucherawy
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Murray S. Kucherawy
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Murray S. Kucherawy
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Murray S. Kucherawy
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Bron Gondwana
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Bron Gondwana
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… John Levine
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… John R Levine
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Brandon Long
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… John R Levine
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Brandon Long
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Brandon Long
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Kurt Andersen (b)
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Murray S. Kucherawy
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Dave Crocker
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Kurt Andersen (b)
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Dotzero
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Dave Crocker
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… John Levine
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Dave Crocker
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… John R Levine
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Dave Crocker
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… John R Levine
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Dave Crocker
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Brotman, Alexander
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Kurt Andersen (b)
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… John R Levine
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Murray S. Kucherawy
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Hector Santos
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Kurt Andersen (b)
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… John Levine
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Kurt Andersen (b)
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… John R Levine