Re: [dmarc-ietf] Debugging and preventing DKIM failures- suggestion
Dotzero <dotzero@gmail.com> Fri, 31 May 2019 11:47 UTC
Return-Path: <dotzero@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C95F11200A1 for <dmarc@ietfa.amsl.com>; Fri, 31 May 2019 04:47:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eLEq5hrwdniU for <dmarc@ietfa.amsl.com>; Fri, 31 May 2019 04:47:29 -0700 (PDT)
Received: from mail-vs1-xe36.google.com (mail-vs1-xe36.google.com [IPv6:2607:f8b0:4864:20::e36]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D26A120044 for <dmarc@ietf.org>; Fri, 31 May 2019 04:47:29 -0700 (PDT)
Received: by mail-vs1-xe36.google.com with SMTP id n21so722804vsp.12 for <dmarc@ietf.org>; Fri, 31 May 2019 04:47:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=d/xVMBLfdJyzdgbRv+X3McyX+wjKpW3pGZ3d/kly0WA=; b=Lgif8hRzFY+YGgbDpzj56gunTpTF+JiCgdzKwqWwxYiZnpeKUkWfc1eFcXhMpb45NS 5PuOJYCNxllPzSHBZb3ArEiMLHEtYPiL1vFdbnbHVIU7LE8c9vf42HCl2wPSnM+hiAg3 kNsMauLPF1QZckeSPy/B1guCHvQa7t9wytAGyl5ljQ0MIuAdLVlW2lTWjGdpeocmsxsY srreYwhwxq7e/uuLvHeYbKjkxVTCDpxOKVibKZXSI15k3TQWZ59ZwBjQag8J6t2PYu+0 qCTTMlRqJncPMDaXr2Mp8us85Y49h6WFyZLaC2XJdwlD992lHJM/gklgkl2yT3C2ykT4 4sDA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=d/xVMBLfdJyzdgbRv+X3McyX+wjKpW3pGZ3d/kly0WA=; b=LpLTXECdfYBcwOf4rqm5gJG2cQQCN8cd5z7MNJuBFVZgDVe7lWPWe7ambo+TlQeURp i+Tq98IO3u0jXVELtsWjf5xPAe0pdofWkrJYZj081wOYil+BMldDPsMJn7LP4lqpRtU6 K1WbWoDjxnzuGc+L3/RZH8ifEOUAThKIizQk6CtDMjsaPAtu7tsKWfmfkd7qMruuc2if i7JoGNONf54vBTgeq2UrRjNuOvZWIaJjoIAyqQsk8EiOeRzu05ZNp7ER83UOuHd7kyUI 7NdYYzCv+OCcVnevTkqJyYZ4ARpKzP++iLVZXEO2Kk81zMi6WgTNhcNTVVEhx1v7C10k 1hzQ==
X-Gm-Message-State: APjAAAVreqdTqvH3V4WFT8Vc+6y/pZB/Hdg1a0GMXiznF2uIYew3CBkE W2zQXJTzXDdMGFGW1HRPnMxVYNFYt8zucXyMMuw=
X-Google-Smtp-Source: APXvYqwVxRVEvXhms+rymhL8nVE+2I4dkpKQd0YAkLdQ8KSQl8rn7sL7rjup5XtsWcTnGq6bDiqv4Jsq8oEic85PPl0=
X-Received: by 2002:a67:c508:: with SMTP id e8mr5022230vsk.18.1559303248530; Fri, 31 May 2019 04:47:28 -0700 (PDT)
MIME-Version: 1.0
References: <54FB29A0-517A-430E-AF5B-CB079CC3D7F6@aegee.org> <20190526144848.08A772014A0BF4@ary.qy> <CAL0qLwbxwLTpgYJN9qBTzi2oN1EMvAYuNoDbw5Rx5W46-WNyLA@mail.gmail.com> <alpine.OSX.2.21.9999.1905301712140.76792@ary.qy> <c559a331d90b49eba5b5f6e35ff4774a@bayviewphysicians.com> <1931a4e4-7112-56ae-24e6-b138466392b4@dcrocker.net> <f5106924930f41c5bd83a709e4307f8b@bayviewphysicians.com>
In-Reply-To: <f5106924930f41c5bd83a709e4307f8b@bayviewphysicians.com>
From: Dotzero <dotzero@gmail.com>
Date: Fri, 31 May 2019 07:47:15 -0400
Message-ID: <CAJ4XoYd5F6Fte_ibUwWG82vPhiixTWYezCuL3nzahFRc5SJSTg@mail.gmail.com>
To: fosterd@bayviewphysicians.com
Cc: Dave CROCKER <dcrocker@bbiw.net>, IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000039d086058a2d940f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/I32LrMuXX41dDh5yz1jpCDpkaCY>
Subject: Re: [dmarc-ietf] Debugging and preventing DKIM failures- suggestion
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 May 2019 11:47:32 -0000
On Fri, May 31, 2019 at 6:59 AM Douglas E. Foster < fosterd@bayviewphysicians.com> wrote: > I cannot speak to IETF consensus, since I am new to that process and I > seem to be an outlier already. > Perhaps the onus is on you to take the time to understand IETF and it's processes before demanding changes. Just a thought. > > Agency and signatures are well understood legal concepts. 3000 years > ago, people sealed their letters with a signet ring stamped in warm clay. > Signing technologies have changed in that time, but the principle has > not. A courier is responsible for keeping the signed and sealed part of a > message unaltered. Envelope marks are acceptable. > > Perhaps you should go back and read the history and purpose of DKIM. > A digital signature is supposed to provide non-repudiation. If I submit a > signed message to a list processor, and the list processor voids the > signature, it has given me verifiable repudiation, the opposite of what > either sender or receiver want. > Non-repudiation is not the purpose of DKIM signing. The purpose was (and is) to provide a mechanism for mailbox providers to evaluate whether an email message was authorized by a particular domain. > > A closed group on a single server can use whatever rules they choose to > implement in that community. For example, a web forum operates on the > rules of the forum operator. However, an open group using the email > infrastructure has to work within the infrastructure it uses. In the > email infrastructure, the recipient has to deal with fraud, and any > recipient accommodation to "harmless" fraud facilitates the people who are > doing "harmful" fraud to that recipient. > You are certainly entitled to your opinion. > > There are some obvious use-cases for MTA changes to a message, and we > would do well to document and address them. > Perhaps the you part of "we" should submit an Internet Draft undertaking the work you want done. > > The first that comes to mind is MTA comment fields. > - A list processor wants to add a comment indicating something about the > list that sent it. > - A spam filter wants to add a tag indicating that the message is > suspicious, but not sufficiently suspicious to be blocked. > > IETF would do well to specify a mechanism for MTAs to add information > which MUAs present to the user, while identifiying that that the > information came from the MTA rather than the original sender. > > Another use-case is related to body sections. IETF only forwards plain > text, while most email solutions send messages in HTML+Text. I assume > that IETF also drops attachments. DKIM cannot handle this because it > hashes the entire body. A signature system that signed each section > individually would allow sections to be dropped, with notification to the > user, without breaking the signatures on the other MIME types. > > DKIM was supposed to provide sender authentication when SPF was > invalidated by forwarding, so DMARC said that the two techniques should be > evaluated together. I am realizing that if SPF is invalidated, DKIM is > probably invalidated as well, so we have no usable sender authentication > technology. This may explain why so many products that I have examined > lack support for DMARC or lack good exception mechanisms for SPF, DKIM, and > DMARC. > Can you please show us the documentation that supports your assertion that " DKIM was supposed to provide sender authentication when SPF was invalidated by forwarding"? When I read the DKIM RFC I find nothing to support your assertion. DKIM was the result of the merging of Internet Identified Mail (IIM) and Domain Keys (DK) proposals. Quite a few of us were around at the time it happened. These things happened in parallel to SPF and not as a "fix" to SPF. Thank you for your creative attempt to rewrite history. > > It seems that email needs something like "DNS Flag Day", where major > players announce a date after which certain behaviors that will no longer > be tolerated. But as others have said, IETF is not that organization, and > the organization may not exist. > > Thank you for your proposal. To channel a long time participant, I invoke King Canute. If you believe major players should take a particular action in unison then perhaps you should be reaching out to those major players. (Side note to major players, no need to thank me for pointing this out) > More discouraged than ever, > Hope springs eternal. Michael Hammer >
- [dmarc-ietf] Debugging and preventing DKIM failur… Douglas E. Foster
- Re: [dmarc-ietf] Debugging and preventing DKIM fa… Дилян Палаузов
- Re: [dmarc-ietf] Debugging and preventing DKIM fa… John Levine
- Re: [dmarc-ietf] Debugging and preventing DKIM fa… John Levine
- Re: [dmarc-ietf] Debugging and preventing DKIM fa… Murray S. Kucherawy
- Re: [dmarc-ietf] Debugging and preventing DKIM fa… John R Levine
- Re: [dmarc-ietf] Debugging and preventing DKIM fa… Douglas E. Foster
- Re: [dmarc-ietf] Debugging and preventing DKIM fa… Dave Crocker
- Re: [dmarc-ietf] Debugging and preventing DKIM fa… Douglas E. Foster
- Re: [dmarc-ietf] Debugging and preventing DKIM fa… Dotzero
- Re: [dmarc-ietf] Debugging and preventing DKIM fa… Doug Foster
- Re: [dmarc-ietf] Debugging and preventing DKIM fa… John R Levine
- Re: [dmarc-ietf] Debugging and preventing DKIM fa… Dave Crocker
- Re: [dmarc-ietf] Debugging and preventing DKIM fa… Dave Crocker
- Re: [dmarc-ietf] Debugging and preventing DKIM fa… Dave Crocker
- Re: [dmarc-ietf] Debugging and preventing DKIM fa… John Levine
- Re: [dmarc-ietf] Debugging and preventing DKIM fa… Hector Santos
- Re: [dmarc-ietf] Debugging and preventing DKIM fa… Hector Santos
- Re: [dmarc-ietf] Debugging and preventing DKIM fa… Elizabeth Zwicky
- Re: [dmarc-ietf] Debugging and preventing DKIM fa… Hector Santos
- Re: [dmarc-ietf] Debugging and preventing DKIM fa… Stan Kalisch