Re: [dmarc-ietf] ARC-Seal is meaningless security theatre
Bron Gondwana <brong@fastmailteam.com> Mon, 07 August 2017 23:15 UTC
Return-Path: <brong@fastmailteam.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BEB27129B25 for <dmarc@ietfa.amsl.com>; Mon, 7 Aug 2017 16:15:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.72
X-Spam-Level:
X-Spam-Status: No, score=-2.72 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmailteam.com header.b=ZptgZzxd; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=WxHYYyn2
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GaLH1gBiOt29 for <dmarc@ietfa.amsl.com>; Mon, 7 Aug 2017 16:15:04 -0700 (PDT)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F3A45128C9C for <dmarc@ietf.org>; Mon, 7 Aug 2017 16:15:03 -0700 (PDT)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 612CC20B36 for <dmarc@ietf.org>; Mon, 7 Aug 2017 19:15:03 -0400 (EDT)
Received: from web4 ([10.202.2.214]) by compute6.internal (MEProxy); Mon, 07 Aug 2017 19:15:03 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= fastmailteam.com; h=content-transfer-encoding:content-type:date :from:message-id:mime-version:subject:to:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=ZXb4MsCnC5XQmtyTzznxZWBkAVr3dt9YbkDnkcZpz bI=; b=ZptgZzxdH+XFSYFNhuQ9RdII1b7JlKgjHZUt7sPzY1JJIWCAPfo6rvqmL vFZ9jrTwfRtODcg1KPwsyKCz8XAWNjb6dkAcbHDKmzWPseayux8BW3oU9T7LPAGL sISqX1z4KjchI7XJHbkxTBVfmK6xTeohVfpLYsnmYHsj0TqzsmqSNSQbyLIVuVbf xUaTqP3ZqMmjAQfPj7njXtYxE+Kr9AYK2eP1cVDcYM+wA+kO6o8QUbQS3o+5/UIS RuRbuZALLR/MRX8LIheMd1gEQbiw3KSVIporB/49KnyD1XerSAoLdiNJeKpTQ0Ws xV121I+P2FL2zDxO1XIsm+u7pmskA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:message-id:mime-version:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=ZXb4MsCnC5XQmtyTzznxZWBkAVr3d t9YbkDnkcZpzbI=; b=WxHYYyn2NkRVrG09jCAsnekHa0J1QEQ/Wk6O85LhJ/1sG 5YfoO7AVSLjzqSd7d0Rv47VUPYogyl3tZer38cIH4vj/eVggzFujV+1IEcctAlmA Pej6r7L+zB9PTaK8EV47Rs1bhVv9z7fPj2RBQztgaEeICFZTROZBvd3zWfXZu9ZV oJJCPXIWP4YSYpbbS1cL6JF6iJU+0t96HUthcJG8Tp0lXW4iHL6CaheDoNXBwdKu rNmlaqwNniF8EgU2MTe3HbEBkG+PAxuIW4lxvE8sjroCQsTVJHU6R8OLI/JiOfvy Muhp42qQupdblNEtQa01rlzhIVCGkHFHTWRJy9trA==
X-ME-Sender: <xms:d_SIWWn5POaCAEL9tExyRKqzEjbcM2kSwSsna9y_nilfpupfR4emMw>
Received: by mailuser.nyi.internal (Postfix, from userid 99) id 3C6DFBAB72; Mon, 7 Aug 2017 19:15:03 -0400 (EDT)
Message-Id: <1502147703.2912496.1066193024.16846450@webmail.messagingengine.com>
From: Bron Gondwana <brong@fastmailteam.com>
To: dmarc@ietf.org
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: multipart/alternative; boundary="_----------=_150214770329124961"
X-Mailer: MessagingEngine.com Webmail Interface - ajax-7b2cde4a
Date: Tue, 08 Aug 2017 09:15:03 +1000
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/K6Vw5MTd5_tTiPje1DEw2IX_aC4>
Subject: Re: [dmarc-ietf] ARC-Seal is meaningless security theatre
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Aug 2017 23:15:06 -0000
On Tue, 8 Aug 2017, at 00:50, Tim Draegen wrote: >> On Aug 7, 2017, at 1:21 AM, Bron Gondwana >> <brong@fastmailteam.com> wrote:>> >> A more cheap and nasty fix, assuming it's too late/complex to change >> the protocol more, would be to keep AS, but change the validation to >> only require checking the most recent AS, since validating the rest >> is meaningless.> > Bron, thanks for sharing your insight. I don't think it's too > late/complex to incorporate direct real world experience into the > specification.> > I tried to express my own attitude in the Prague meeting: the email > space is special because it is huge. It doesn't make sense to pretend > that it isn't. Instead, let's build tech to solve real problems, test > it against the install base, and make the tech better based on what is > learned.> > AFAICT, ARC is at the very beginning of the "test it against the > install base" phase. Thanks Tim, We'll set ARC up at FastMail and experiment with it for sure. The code is pretty much ready to slot into place, and while nobody is filtering on it, it's easy enough to play with. It's not like ARC is worse than nothing (apart from maybe the increased DNS load). Regardless of our opinion of how good it is, we'll certainly implement anything which helps our users' mail be delivered! But it would be nice to help make it even better if we get a chance to influence the technology choices :) Bron. -- Bron Gondwana, CEO, FastMail Pty Ltd brong@fastmailteam.com
- [dmarc-ietf] ARC-Seal is meaningless security the… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Tim Draegen
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… John Levine
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Scott Kitterman
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen (b)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… MH Michael Hammer (5304)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen (b)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen (b)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen (b)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… mhammer@americangreetings.com
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos