[dmarc-ietf] indeterminisim of ARC-Seal b= value
Gene Shuman <gene@valimail.com> Fri, 24 March 2017 18:17 UTC
Return-Path: <gene@valimail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 86AB0129889 for <dmarc@ietfa.amsl.com>; Fri, 24 Mar 2017 11:17:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id irFlaVZMbDiq for <dmarc@ietfa.amsl.com>; Fri, 24 Mar 2017 11:17:43 -0700 (PDT)
Received: from mail-wr0-x230.google.com (mail-wr0-x230.google.com [IPv6:2a00:1450:400c:c0c::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3760D12987B for <dmarc@ietf.org>; Fri, 24 Mar 2017 11:17:43 -0700 (PDT)
Received: by mail-wr0-x230.google.com with SMTP id l43so6891897wre.1 for <dmarc@ietf.org>; Fri, 24 Mar 2017 11:17:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; h=mime-version:from:date:message-id:subject:to; bh=JtcarRNtmkmwg1BO5XbZRKI3xoewcZRVXjT2bBZxwOc=; b=WozDxHuR7vgMDEu86QwBFKJ+E563azPvXYprIuBssR1blwsiojGbjYElXhdLUX6kjE w0HyJxBw04O/t5QQ0YDwIQ61mZWUBfQkR15f5QUSofz4EqrCpI+bR6Z3s6tKOGLUxzDD SjNon4BLtXbUC6ueAS7rPnOD8R2v+1v8X4Z3oI/1gYnCtTt+S67JNklWVaI2lX6Nh0eZ xOH3V+UARXVq4djG2GPkG99rwAKSptNi6pncslDi1FM3WYJz1B+y4YRp+tLoMSXFurud tbYWTGGVkVAZujKo9n1md2jsv+CEJo+e9zoLRUiYjIwBS/Jxyw5Qn0VtstEhov31bsmG BAlQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=JtcarRNtmkmwg1BO5XbZRKI3xoewcZRVXjT2bBZxwOc=; b=igXGHpN0Yx1zSjWeDdlbWhqpo2bUtuu3Cyx8kYqXuffzFfxGwr2NNC7TlwaAir2RUV T+WQT8UkpleuKLdx+1AIWzStNh+4NoFCEZIEdOI/C4ozDJgtyM0J7gXNtPAQ6u8RIpDb LX3ijrndHXqV5fqndCodIoFzPZw2CFahAKaZVr3p4HtApx5kcp40EcJ7/TY8qcnwZh3u 9cqfdzbhUvB4bX4s2daqNwxnkHVfohMmA5ewsWEkWltpLZrK+Ax3XwOObc/Rm52onKFt GhjlfUp1jYmVHMSstaGa109iMKK6EMHF5P304xm1XRQtZAXjpa353+1vv0jxVRS/vG/H XRyg==
X-Gm-Message-State: AFeK/H05X8H/Dra99qGf6vcWYjrCdgPkdNpFhSsPskJj8AZmYldbmn3ndz1w30QkZgc/OUv5YZ/IjK+hokv+CA==
X-Received: by 10.223.164.83 with SMTP id e19mr9012135wra.201.1490379461244; Fri, 24 Mar 2017 11:17:41 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.223.142.130 with HTTP; Fri, 24 Mar 2017 11:17:40 -0700 (PDT)
From: Gene Shuman <gene@valimail.com>
Date: Fri, 24 Mar 2017 11:17:40 -0700
Message-ID: <CANtLugO_D1Mz_v_341pc5O1mZ7RhOTrFA3+Ob5-onp72+5uRfA@mail.gmail.com>
To: dmarc@ietf.org
Content-Type: multipart/alternative; boundary="f403045f1f985e6008054b7e023e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/HZpJpAknzzXXLIMprN9CTxOoOJE>
Subject: [dmarc-ietf] indeterminisim of ARC-Seal b= value
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Mar 2017 18:17:51 -0000
Hi All, Based on a conversation I had with Murray the other day, I'd like to revive a conversation I'd started on the ARC discuss forum a few months back. Basically there is a subtle issue present in the current ARC draft that doesn't exist with DKIM that I don't think most people are aware of that gives implementor a large degree of control over ARC-Seal b= values The issue is that its possible for two separate arc implementations, given the exact same message inputs, keys, timestamps, etc to be generating two different, but equally valid ARC seal hashes. Basically, the ARC-seal b= tag *is not deterministic* based on the incoming message. This hash value is *implementation dependent.* I think that we want to think about this, as this state of affairs does not exist in DKIM. In DKIM(for a given set of headers to sign, etc), there are only one valid b= & bh= hashes. Here are some details. Message 1 comes in with no arc signature. The implementation creates an ARC-Message-Signature tag, which is basically just a DKIM signature. Given, timestamps, header list, selector, domain, etc, there is exactly one way to compute both the b= & bh= tags. However, *the *implementation* is free to vary the text representation of this signature*. There is no sort of canonicalization happening here. The implementation is free to order tags arbitrarily, and things like add additional tags & whitespace. The reason this matters is because the textual representation of this signature is used in the ARC-Seal's b= computation, making this value *arbitrarily implementation dependent. *The implementation has a very large degree of control over the actual value of the ARC-Seal b= hash, and this seems like a non-trivial security risk. The obvious solution I see here is to canonicalize the headers going into the the AS computation. There are some pretty sensible ways to do this.
- [dmarc-ietf] indeterminisim of ARC-Seal b= value Gene Shuman
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… John Levine
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Gene Shuman
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… John R Levine
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Peter Goldstein
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Brandon Long
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Peter Goldstein
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Brandon Long
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Peter Goldstein
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… John R Levine
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Peter Goldstein
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Scott Kitterman
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Peter Goldstein
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Scott Kitterman
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Peter Goldstein
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Murray S. Kucherawy
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Murray S. Kucherawy
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Murray S. Kucherawy
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Murray S. Kucherawy
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… ned+dmarc
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Peter Goldstein
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Peter Goldstein
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… ned+dmarc
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Seth Blank
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Brandon Long
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Dave Crocker
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Seth Blank
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… HANSEN, TONY L
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Seth Blank
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Dave Crocker
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… John Levine
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Seth Blank
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Dave Crocker
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Seth Blank
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Murray S. Kucherawy
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… ned+dmarc