IETF Logo Mail Archive

Re: [dmarc-ietf] indeterminisim of ARC-Seal b= value

Seth Blank <seth@valimail.com> Fri, 31 March 2017 03:41 UTC

Return-Path: <seth@valimail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 943A512762F for <dmarc@ietfa.amsl.com>; Thu, 30 Mar 2017 20:41:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5DhEmooIV1w6 for <dmarc@ietfa.amsl.com>; Thu, 30 Mar 2017 20:41:52 -0700 (PDT)
Received: from mail-qk0-x22d.google.com (mail-qk0-x22d.google.com [IPv6:2607:f8b0:400d:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7EA5412970F for <dmarc@ietf.org>; Thu, 30 Mar 2017 20:41:52 -0700 (PDT)
Received: by mail-qk0-x22d.google.com with SMTP id r142so57304042qke.2 for <dmarc@ietf.org>; Thu, 30 Mar 2017 20:41:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=tCJUyoKHfsjs4CnfaEahfqfOkJhi2S2ZHvguYIkNXzE=; b=FDqGZxinH/UDvHjVS+gObjWaoF1zxo0J4r0YHNlXQPEko4EmRPYt6vrvlmENofqOc+ qKeELlVILWfFYa0BbNOYWpDzwRjIDFvL8MBjk8yowy5R9U9Yt5ZXuJ8/bujUBfsDc1Yj jurIbkRIOO9N7kYXrEUx97DBG/IOeSKUMVvLFnNE/hKT155lTjB+UgkXOLRf9331NsN7 7Sy1bwHLNrfXsE65u4d6kw1ZcaTGWhoY0MRg7Mg00jmJqitcxkGeP5kqM2nsbM52qS2D PKHoCFbzGqFr8tl5IkHnBLprjg9Vvp7p5l86tb3ULfm+UqzuJx2ej1xTfynHB71H4OvT KjIg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=tCJUyoKHfsjs4CnfaEahfqfOkJhi2S2ZHvguYIkNXzE=; b=VY4KypId3U78u07b/Lh4izBYZtcBICi1NOhp/cAV5OC6CYxKOnGWYWF16eGwHo2Iwc /qig9B7kWvduxCImpvpzq6HunaEV4KKVZtT3VUdrsfrSBdP4EelTPSDMI50EXfu+blDr /NfrnABJkj9O/tUxWtI1rjy0NEGw6ITZ2BRkeQNQu3Rz1lVCBYPTAbEyQT4PuRiD6GZA 3MsnPnPwOuh6eRau57/c+VxcU3ypkxA0qH75lqBWO8C9sggifvuIr/PUuXn6IlgDL956 11FIWCboqokWhgG4fXU9t6eLQhA74X7/wMNs/1N6Tk3xkwr6lpMKkamC2bRZ5DRkkTBa aDYQ==
X-Gm-Message-State: AFeK/H07hI2JlwX1mktJO7+3ByX7yOpHDIluoc2Qz9x0S61i+tHc5a6Xak1VQ3afmxlWmxZwqkIbDwigMG/CeQ==
X-Received: by 10.55.125.68 with SMTP id y65mr710067qkc.83.1490931711453; Thu, 30 Mar 2017 20:41:51 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.200.42.166 with HTTP; Thu, 30 Mar 2017 20:41:30 -0700 (PDT)
In-Reply-To: <2f516997-7c5e-2fad-1aeb-51590383f9c7@bbiw.net>
References: <CANtLugO_D1Mz_v_341pc5O1mZ7RhOTrFA3+Ob5-onp72+5uRfA@mail.gmail.com> <alpine.OSX.2.20.1703272118210.2533@ary.local> <CAOj=BA0YKHYrkseR=wwgZn0_GNBKfdL7jmHehgBRzxqGKV6C1g@mail.gmail.com> <2978391.eJVbVTHBlo@kitterma-e6430> <CAL0qLwbP4c+09=TNSOsDqKwcp6iw++aGW8jDhARoVwvsghSLvA@mail.gmail.com> <01QCKR5S5OXK0003XB@mauve.mrochek.com> <CAOj=BA3p-XQT=AeR4PHC-udWsn7rOmtR+UQHV0vbVofDKYOH_Q@mail.gmail.com> <01QCKXW9MZ4Q0003XB@mauve.mrochek.com> <1cf7325b-6f77-7cda-e330-025b7ddb0b92@dcrocker.net> <CAOZAAfM_fKf+egqmYQorobPB07kQpi5rP4rcb4Kj3fsLvcoRVw@mail.gmail.com> <2f516997-7c5e-2fad-1aeb-51590383f9c7@bbiw.net>
From: Seth Blank <seth@valimail.com>
Date: Thu, 30 Mar 2017 20:41:30 -0700
Message-ID: <CAOZAAfMasvt8+_sFW=vvq-S-UHNVQ_H=1+sbkOojasm5GgNLRw@mail.gmail.com>
To: Dave Crocker <dcrocker@bbiw.net>
Cc: "Murray S. Kucherawy" <superuser@gmail.com>, "dmarc@ietf.org" <dmarc@ietf.org>, Scott Kitterman <sklist@kitterman.com>, Peter Goldstein <peter@valimail.com>, ned+dmarc@mrochek.com
Content-Type: multipart/alternative; boundary="94eb2c05ae500c00c5054bfe97af"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/HjXK-ZIsfQO2qpSCI2g4Eo1TH5Q>
Subject: Re: [dmarc-ietf] indeterminisim of ARC-Seal b= value
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Mar 2017 03:41:56 -0000

On Thu, Mar 30, 2017 at 7:35 PM, Dave Crocker <dcrocker@bbiw.net> wrote:
>
> So to the extent that you are sure things really are that fragile, the
> answer is not going to be a test suite or excessively demanding algorithms,
> but a re-thinking of the details, to make the implementation and deployment
> issues simpler.


Exactly; we are in agreement. Where some discussion after the last interop
panned out was that deterministic behavior in the new headers would remove
this fragility. That's why the conversation was raised to this list instead
of happening off to the side.

If the consensus here is that the matter is not worth pursuing further,
that is fine - I just want to make sure we're all talking about the same
thing.

Seth


On Thu, Mar 30, 2017 at 7:35 PM, Dave Crocker <dcrocker@bbiw.net> wrote:

> On 3/30/2017 7:10 PM, Seth Blank wrote:
>
>> Dave, If we were only talking about ARC Signing messages, I'd generally
>> agree with the comments on this list.
>>
>> However, ARC is fundamentally different. It is about a chain of messages
>>
>
>
> Either you are correct, in which case ARC has been made far too fragile to
> be able to work with any serious degree of reliability at scale,
>
> or you are wrong, in which case the fact of there being a sequence of
> DKIM-ish signatures has the same requirements as for individual signatures.
>
> What you have been getting told by a range of folk with quite a lengthy
> history of DKIM and email deployment experience is in line with the latter.
>
> So to the extent that you are sure things really are that fragile, the
> answer is not going to be a test suite or excessively demanding algorithms,
> but a re-thinking of the details, to make the implementation and deployment
> issues simpler.
>
>
>
> d/
>
> --
> Dave Crocker
> Brandenburg InternetWorking
> bbiw.net
>
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>



-- 

[image: logo for sig file.png]

Bringing Trust to Email

Seth Blank | Head of Product for Open Source and Protocols
seth@valimail.com
+1-415-894-2724 <415-894-2724>

v2.23.0 | Report a Bug | By Email