IETF Logo Mail Archive

Re: [dmarc-ietf] Response to a claim in draft-crocker-dmarc-author-00 security considerations

Dave Crocker <dcrocker@gmail.com> Tue, 21 July 2020 19:45 UTC

Return-Path: <dcrocker@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F5F43A08AA for <dmarc@ietfa.amsl.com>; Tue, 21 Jul 2020 12:45:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tsDe3ba1f4G2 for <dmarc@ietfa.amsl.com>; Tue, 21 Jul 2020 12:45:15 -0700 (PDT)
Received: from mail-ot1-x32f.google.com (mail-ot1-x32f.google.com [IPv6:2607:f8b0:4864:20::32f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A443F3A08A9 for <dmarc@ietf.org>; Tue, 21 Jul 2020 12:45:15 -0700 (PDT)
Received: by mail-ot1-x32f.google.com with SMTP id h1so24113otq.12 for <dmarc@ietf.org>; Tue, 21 Jul 2020 12:45:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:cc:message-id:date:user-agent :mime-version:in-reply-to:content-language; bh=3zDKn3GDieUPhCHTZo4j4BT78zHuaFXEuCcMSpGpib8=; b=egy/J+VIpRu7jQVA2ZLxNZJZTpsNvi3TovhRueJiVNA/EFaP0bn2mU6gKrKW/M5qrI Jf5n3IDDVgWXVtBLmklDwixan8k/3y5U1vwMJSleAOzH9bXHk/ocu1NJpJu5a2eGNrTk x0tfa29AdfNDhPF5740JfByEntm0u1jzVoAx/6yIid2rkOknsUrUw+V7Rq7smIlX+bHQ pFVaKnK3xiySdFN6KDb6/eU2tySuL1QOrjpm/6oWr4QQvYnFeuqcFRwR5IOWT/Zt2BKw 3PpsWgrsMQ1kSiv+Oln2ZTO1IbEP/eJTh6VYR8uF7pdG/I7noF5deJvpsWeKO48jUJI4 l0qQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:cc:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=3zDKn3GDieUPhCHTZo4j4BT78zHuaFXEuCcMSpGpib8=; b=Uia9dXWCAAUnnSpYx62m/H120b1VrrWMqVm4tCpaYxl8Gdum5ZQg7ELoIDw8mLsz5w 8z6KkKZ1/nmTnilXPqHCWeC8vMYe/8UwjdLkPVzj6e0yirbfodqS3r4xtTAYMSJEA/NO v2Ma0gPVWQZkvWtETs3N2FBzAWvdRkt6t2I9IJUt4SFqIOdFNL6FAKOxRi62EBAFWJAm TiPo6yzP0itYdi6eSU3F9FY8tha1Arf48mjafRH4B9kj2ZN3bkDMnLeC9nRLZMtAsa0X c9QjMjMEBrZt69c66p5sARXXe9pTrfZnQrzLQhW9sGuwt0Lfc21hTIktYJDD/1eP6BKJ GAIw==
X-Gm-Message-State: AOAM532sz7QTifR7HQdHSI/Fle07jjkFOJNxMFwlMbIbhesFUTKHtf9g 3rvKwV+c17ru7z9oeyuw/2JbTfB4oOo=
X-Google-Smtp-Source: ABdhPJxvUSgARBuXLoRG99NSJHHmcTwfKxbPHRlWfssbG5YWhKwks1q2QIUgduFDzJYRVTrqIP4zHg==
X-Received: by 2002:a9d:27e6:: with SMTP id c93mr26604327otb.157.1595360714737; Tue, 21 Jul 2020 12:45:14 -0700 (PDT)
Received: from ?IPv6:2600:1700:a3a0:4c80:e05e:30a7:6377:adad? ([2600:1700:a3a0:4c80:e05e:30a7:6377:adad]) by smtp.gmail.com with ESMTPSA id z2sm4831721oix.3.2020.07.21.12.45.13 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 21 Jul 2020 12:45:14 -0700 (PDT)
To: Dotzero <dotzero@gmail.com>
References: <bf5b68c74a3c487ca8a07a0a27061e47@com> <87zh7ur069.fsf@orion.amorsen.dk> <3829fac4748a48d0b752403450843bd5@bayviewphysicians.com> <c9353a06-ab31-c397-449e-7d36afbf655d@wisc.edu> <c2ad22cd-8b35-733f-bc4c-839e2c4b3e98@dcrocker.net> <CAJ4XoYf23gu4m7Zru2iq9SV-hYNCx6KFg4J7oTDpLpTcXFk7Rg@mail.gmail.com> <f2cd4931-9f61-2031-00bc-af9c460c15a3@bbiw.net> <CAJ4XoYf=XhaHKZpUjwoBJnLMwq_0LajTBWjJ01qjCaP7365E=w@mail.gmail.com>
From: Dave Crocker <dcrocker@gmail.com>
Cc: IETF DMARC WG <dmarc@ietf.org>
Message-ID: <2f231818-5c25-eca3-9db6-3af0fba7d5c8@gmail.com>
Date: Tue, 21 Jul 2020 12:45:12 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <CAJ4XoYf=XhaHKZpUjwoBJnLMwq_0LajTBWjJ01qjCaP7365E=w@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------41EE15DA757E339C92755F68"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/KWi3cq0K6v6r5mT5a6kbYrcc7bA>
Subject: Re: [dmarc-ietf] Response to a claim in draft-crocker-dmarc-author-00 security considerations
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jul 2020 19:45:17 -0000

On 7/21/2020 12:32 PM, Dotzero wrote:
>
>
> On Tue, Jul 21, 2020 at 2:06 PM Dave Crocker <dcrocker@bbiw.net 
> <mailto:dcrocker@bbiw.net>> wrote:
>
>     On 7/21/2020 10:58 AM, Dotzero wrote:
>     For this case, DMARC externalizes that internal personnel problem.
>
>     But it does not fit the definition of "spoofing".
>
> Please note that I did noy use either the word "spoof" or "spoofing".  
> You wrote "MLM is authorized by the user". Someone without authority 
> cannot authorize. In this case the user externalized the problem, not 
> DMARC.

That's simple incorrect.

I give you my credit card, telling you to use it only for gasoline 
purchases while running errands for me.  You take the car on a 
cross-country joyride, running the cc charges for gasoline up.  The 
stations that  charged the gas to the card did nothing wrong.  The 
problem is internal, between you and me.

The MLM's did not do any spoofing.  They acted appropriately, as they 
have for 45 years.

If the domain owner has a problem with the user's behavior, that's 
internal, between the domain owner and the user.

Using language that casts the MLM as doing something wrong is a 
fundamental misrepresentation of the situation.


>     > If that is the problem, why did you participate in the original
>     DMARC
>     > effort? The issue was clear even back then.
>
>
>     The original DMARC effort was, in fact, to detect actual cases of
>     spoofing, namely unauthorized use of a domain name by outside actors.
>
>     Different problem.
>
>
> Actually, part of the effort was to enable Sending domains to identify 
> their own mail that was being sent without aligned DKIM signing or 
> from places not authorized through SPF - in other words, not properly 
> authorized but legitimate, hence feedback loops.
>
This was a point of significant confusing during the initial effort.

It is not reasonable to impose a substantial and permanent cost on the 
external internet, for an organization's inability to monitor and 
regulate behavior within the organization.

Whereas it is entirely reasonable to have a standard that facilitates 
detecting externally-generated traffic that has unauthorized use of a 
domain name.

d/


-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net

v2.23.0 | Report a Bug | By Email