Re: [dmarc-ietf] Response to a claim in draft-crocker-dmarc-author-00 security considerations
Dave Crocker <dcrocker@gmail.com> Tue, 21 July 2020 19:45 UTC
Return-Path: <dcrocker@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F5F43A08AA for <dmarc@ietfa.amsl.com>; Tue, 21 Jul 2020 12:45:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tsDe3ba1f4G2 for <dmarc@ietfa.amsl.com>; Tue, 21 Jul 2020 12:45:15 -0700 (PDT)
Received: from mail-ot1-x32f.google.com (mail-ot1-x32f.google.com [IPv6:2607:f8b0:4864:20::32f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A443F3A08A9 for <dmarc@ietf.org>; Tue, 21 Jul 2020 12:45:15 -0700 (PDT)
Received: by mail-ot1-x32f.google.com with SMTP id h1so24113otq.12 for <dmarc@ietf.org>; Tue, 21 Jul 2020 12:45:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:cc:message-id:date:user-agent :mime-version:in-reply-to:content-language; bh=3zDKn3GDieUPhCHTZo4j4BT78zHuaFXEuCcMSpGpib8=; b=egy/J+VIpRu7jQVA2ZLxNZJZTpsNvi3TovhRueJiVNA/EFaP0bn2mU6gKrKW/M5qrI Jf5n3IDDVgWXVtBLmklDwixan8k/3y5U1vwMJSleAOzH9bXHk/ocu1NJpJu5a2eGNrTk x0tfa29AdfNDhPF5740JfByEntm0u1jzVoAx/6yIid2rkOknsUrUw+V7Rq7smIlX+bHQ pFVaKnK3xiySdFN6KDb6/eU2tySuL1QOrjpm/6oWr4QQvYnFeuqcFRwR5IOWT/Zt2BKw 3PpsWgrsMQ1kSiv+Oln2ZTO1IbEP/eJTh6VYR8uF7pdG/I7noF5deJvpsWeKO48jUJI4 l0qQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:cc:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=3zDKn3GDieUPhCHTZo4j4BT78zHuaFXEuCcMSpGpib8=; b=Uia9dXWCAAUnnSpYx62m/H120b1VrrWMqVm4tCpaYxl8Gdum5ZQg7ELoIDw8mLsz5w 8z6KkKZ1/nmTnilXPqHCWeC8vMYe/8UwjdLkPVzj6e0yirbfodqS3r4xtTAYMSJEA/NO v2Ma0gPVWQZkvWtETs3N2FBzAWvdRkt6t2I9IJUt4SFqIOdFNL6FAKOxRi62EBAFWJAm TiPo6yzP0itYdi6eSU3F9FY8tha1Arf48mjafRH4B9kj2ZN3bkDMnLeC9nRLZMtAsa0X c9QjMjMEBrZt69c66p5sARXXe9pTrfZnQrzLQhW9sGuwt0Lfc21hTIktYJDD/1eP6BKJ GAIw==
X-Gm-Message-State: AOAM532sz7QTifR7HQdHSI/Fle07jjkFOJNxMFwlMbIbhesFUTKHtf9g 3rvKwV+c17ru7z9oeyuw/2JbTfB4oOo=
X-Google-Smtp-Source: ABdhPJxvUSgARBuXLoRG99NSJHHmcTwfKxbPHRlWfssbG5YWhKwks1q2QIUgduFDzJYRVTrqIP4zHg==
X-Received: by 2002:a9d:27e6:: with SMTP id c93mr26604327otb.157.1595360714737; Tue, 21 Jul 2020 12:45:14 -0700 (PDT)
Received: from ?IPv6:2600:1700:a3a0:4c80:e05e:30a7:6377:adad? ([2600:1700:a3a0:4c80:e05e:30a7:6377:adad]) by smtp.gmail.com with ESMTPSA id z2sm4831721oix.3.2020.07.21.12.45.13 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 21 Jul 2020 12:45:14 -0700 (PDT)
To: Dotzero <dotzero@gmail.com>
References: <bf5b68c74a3c487ca8a07a0a27061e47@com> <87zh7ur069.fsf@orion.amorsen.dk> <3829fac4748a48d0b752403450843bd5@bayviewphysicians.com> <c9353a06-ab31-c397-449e-7d36afbf655d@wisc.edu> <c2ad22cd-8b35-733f-bc4c-839e2c4b3e98@dcrocker.net> <CAJ4XoYf23gu4m7Zru2iq9SV-hYNCx6KFg4J7oTDpLpTcXFk7Rg@mail.gmail.com> <f2cd4931-9f61-2031-00bc-af9c460c15a3@bbiw.net> <CAJ4XoYf=XhaHKZpUjwoBJnLMwq_0LajTBWjJ01qjCaP7365E=w@mail.gmail.com>
From: Dave Crocker <dcrocker@gmail.com>
Cc: IETF DMARC WG <dmarc@ietf.org>
Message-ID: <2f231818-5c25-eca3-9db6-3af0fba7d5c8@gmail.com>
Date: Tue, 21 Jul 2020 12:45:12 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <CAJ4XoYf=XhaHKZpUjwoBJnLMwq_0LajTBWjJ01qjCaP7365E=w@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------41EE15DA757E339C92755F68"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/KWi3cq0K6v6r5mT5a6kbYrcc7bA>
Subject: Re: [dmarc-ietf] Response to a claim in draft-crocker-dmarc-author-00 security considerations
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jul 2020 19:45:17 -0000
On 7/21/2020 12:32 PM, Dotzero wrote: > > > On Tue, Jul 21, 2020 at 2:06 PM Dave Crocker <dcrocker@bbiw.net > <mailto:dcrocker@bbiw.net>> wrote: > > On 7/21/2020 10:58 AM, Dotzero wrote: > For this case, DMARC externalizes that internal personnel problem. > > But it does not fit the definition of "spoofing". > > Please note that I did noy use either the word "spoof" or "spoofing". > You wrote "MLM is authorized by the user". Someone without authority > cannot authorize. In this case the user externalized the problem, not > DMARC. That's simple incorrect. I give you my credit card, telling you to use it only for gasoline purchases while running errands for me. You take the car on a cross-country joyride, running the cc charges for gasoline up. The stations that charged the gas to the card did nothing wrong. The problem is internal, between you and me. The MLM's did not do any spoofing. They acted appropriately, as they have for 45 years. If the domain owner has a problem with the user's behavior, that's internal, between the domain owner and the user. Using language that casts the MLM as doing something wrong is a fundamental misrepresentation of the situation. > > If that is the problem, why did you participate in the original > DMARC > > effort? The issue was clear even back then. > > > The original DMARC effort was, in fact, to detect actual cases of > spoofing, namely unauthorized use of a domain name by outside actors. > > Different problem. > > > Actually, part of the effort was to enable Sending domains to identify > their own mail that was being sent without aligned DKIM signing or > from places not authorized through SPF - in other words, not properly > authorized but legitimate, hence feedback loops. > This was a point of significant confusing during the initial effort. It is not reasonable to impose a substantial and permanent cost on the external internet, for an organization's inability to monitor and regulate behavior within the organization. Whereas it is entirely reasonable to have a standard that facilitates detecting externally-generated traffic that has unauthorized use of a domain name. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- [dmarc-ietf] Response to a claim in draft-crocker… Kurt Andersen (IETF)
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker on behalf of Kurt Andersen
- Re: [dmarc-ietf] Response to a claim in draft-cro… Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Alessandro Vesely
- Re: [dmarc-ietf] Response to a claim in draft-cro… Jim Fenton
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Murray S. Kucherawy
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Murray S. Kucherawy
- Re: [dmarc-ietf] Response to a claim in draft-cro… Alessandro Vesely
- Re: [dmarc-ietf] Response to a claim in draft-cro… Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… John Levine
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] no from addresses nowhere, Respo… John Levine
- Re: [dmarc-ietf] Response to a claim in draft-cro… Murray S. Kucherawy
- Re: [dmarc-ietf] Response to a claim in draft-cro… Murray S. Kucherawy
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Murray S. Kucherawy
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Alessandro Vesely
- Re: [dmarc-ietf] Response to a claim in draft-cro… Laura Atkins
- Re: [dmarc-ietf] Response to a claim in draft-cro… Benny Lyne Amorsen
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dotzero
- Re: [dmarc-ietf] Response to a claim in draft-cro… Benny Lyne Amorsen
- Re: [dmarc-ietf] Response to a claim in draft-cro… Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Jesse Thompson
- Re: [dmarc-ietf] Response to a claim in draft-cro… Brandon Long
- Re: [dmarc-ietf] Response to a claim in draft-cro… Brandon Long
- Re: [dmarc-ietf] Response to a claim in draft-cro… Brandon Long
- Re: [dmarc-ietf] Response to a claim in draft-cro… Murray S. Kucherawy
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… John Levine
- Re: [dmarc-ietf] Response to a claim in draft-cro… Laura Atkins
- Re: [dmarc-ietf] Response to a claim in draft-cro… Laura Atkins
- Re: [dmarc-ietf] Response to a claim in draft-cro… Laura Atkins
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Jesse Thompson
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Brandon Long
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dotzero
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Hector Santos
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Joseph Brennan
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dotzero
- Re: [dmarc-ietf] Response to a claim in draft-cro… Joseph Brennan
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Brandon Long
- Re: [dmarc-ietf] Response to a claim in draft-cro… Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Jesse Thompson
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Doug Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… John Levine
- Re: [dmarc-ietf] Response to a claim in draft-cro… Jesse Thompson
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dotzero
- [dmarc-ietf] DMARC marketing Jim Fenton
- Re: [dmarc-ietf] Response to a claim in draft-cro… Joseph Brennan
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Joseph Brennan
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Benny Pedersen
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Joseph Brennan
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Benny Pedersen
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Hector Santos
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Jim Fenton
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Hector Santos
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Hector Santos
- Re: [dmarc-ietf] Response to a claim in draft-cro… Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dotzero
- Re: [dmarc-ietf] DMARC marketing Jesse Thompson
- Re: [dmarc-ietf] Response to a claim in draft-cro… Jesse Thompson
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker