IETF Logo Mail Archive

Re: [dmarc-ietf] indeterminisim of ARC-Seal b= value

Brandon Long <blong@google.com> Mon, 27 March 2017 18:06 UTC

Return-Path: <blong@google.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22B16129445 for <dmarc@ietfa.amsl.com>; Mon, 27 Mar 2017 11:06:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.019
X-Spam-Level:
X-Spam-Status: No, score=-1.019 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_FONT_FACE_BAD=0.981, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bjmt2CBHwYUF for <dmarc@ietfa.amsl.com>; Mon, 27 Mar 2017 11:06:26 -0700 (PDT)
Received: from mail-yw0-x229.google.com (mail-yw0-x229.google.com [IPv6:2607:f8b0:4002:c05::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C175A12949F for <dmarc@ietf.org>; Mon, 27 Mar 2017 11:06:23 -0700 (PDT)
Received: by mail-yw0-x229.google.com with SMTP id d191so37361857ywe.2 for <dmarc@ietf.org>; Mon, 27 Mar 2017 11:06:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=28SFU7uVe2pquufdRMls/5kTPnBO//1FBDHq7eEPBdY=; b=rSeAgJ2Jlp4rXD2+T2zXhPlO4RLBh5nw9tgwhB2rjCPVLSM+AJjzTVY4Sk+dCmdQ8k SHLWGKWhl+EuNtWk1NvcJbnKH0ydTp5AEVwJPed1qTKZ/AHOrpoYmmpaYLhF8mCpXTiH q7NZhrBHgls6hRhVOZY3+9mq/+3amOapKBa6bLuhMrqiFgaIgA83/OU9PGJ0LYoQ2nD5 oCRjvJO7tGArpDS9bxHRNLp+VIoixieKm8m47tODJJG8/HVYwhsZF+OsxBd6tRLQPJXv g35aXjafO6pZes7pwLqAS+IitMq1FHMgUvVQZELLkRil4JfOqhDUtZbk8OyZBx86F0OU 8Axg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=28SFU7uVe2pquufdRMls/5kTPnBO//1FBDHq7eEPBdY=; b=YZ9O1eR+0o2sehOmmrZQEGZ/cSlSvwNJHEz3hC1fMViFJl1j6H2oFu8epCAl47rLyF N9DMpsjS001iVcD5vFjQUVWeHmKqvZE4Meq8ioi5I1SzWyBUYQJZQ027mfU8ONUMVkAK uTVSVh9sZZ3v/FQ7jSZEfL5ebTg7bC+f8W6Jhd9KKFO4lGC2FeIRGNaUNaehgtZ9y4uC ENHuVkcjuNkGALZAFdB1yGDD0/5NSAeOWHrFr1nNm5icrDv4ct97PQxdvcQ/ciXlGXHN n8ZVnCIOE8lt3UdhrzwOBjVl+kz3+Jg4UzltxfN+1rJdIs1ayAxZU6gyu34F91OcmHGk B8HA==
X-Gm-Message-State: AFeK/H2cZiMSZwrG4qcapzErsrPR/r9hkd/LTCXAb67eETxoFxZkFwhKBQHgDlalJoFRV6+ttLsqdijZCPLsnAWn
X-Received: by 10.37.39.130 with SMTP id n124mr16764065ybn.127.1490637982546; Mon, 27 Mar 2017 11:06:22 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.37.220.11 with HTTP; Mon, 27 Mar 2017 11:06:20 -0700 (PDT)
Received: by 10.37.220.11 with HTTP; Mon, 27 Mar 2017 11:06:20 -0700 (PDT)
In-Reply-To: <CAOj=BA1ruma6dp1CQht8sgYQ-xqGGE2a=R7=+DkXmaft8td2hw@mail.gmail.com>
References: <CANtLugO_D1Mz_v_341pc5O1mZ7RhOTrFA3+Ob5-onp72+5uRfA@mail.gmail.com> <20170324212304.85346.qmail@ary.lan> <CANtLugOK4tXqA3ztYwchYsc8+t6KhyNj6mvgEu2wzvwKm_rK7A@mail.gmail.com> <alpine.OSX.2.20.1703262130330.4114@ary.local> <CAOj=BA1ruma6dp1CQht8sgYQ-xqGGE2a=R7=+DkXmaft8td2hw@mail.gmail.com>
From: Brandon Long <blong@google.com>
Date: Mon, 27 Mar 2017 11:06:20 -0700
Message-ID: <CABa8R6v5pcA2jXbt0mO2Ej553UmgwCbVANx9HT-rqi27Pmq_TQ@mail.gmail.com>
To: Peter Goldstein <peter@valimail.com>
Cc: dmarc@ietf.org, Gene Shuman <gene@valimail.com>, John R Levine <johnl@taugh.com>
Content-Type: multipart/alternative; boundary="94eb2c134fd470c445054bba337a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/L8_2K86CdJFEw1WY0iN2wGfdGj0>
Subject: Re: [dmarc-ietf] indeterminisim of ARC-Seal b= value
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Mar 2017 18:06:29 -0000

What does validating the exact signature generated benefit us over just
verifying that the signature verifies?

I haven't looked at what the tests are for signing, though given the
descriptions  for the verifying tests, I'm not sure it would be obvious.
Can you summarize them?

Brandon

On Mar 26, 2017 9:26 PM, "Peter Goldstein" <peter@valimail.com> wrote:

> John,
>
>
>> I have to say I don't find that very persuasive.  It's not hard to write
>> test code that checks for the hashes and fields in a signature header
>> without regard to what order they're in.  I would rather write better test
>> code than add fragile extra cruft to every ARC implementation.
>
>
> I honestly find this response a little unpersuasive  :).  There are two
> points I'd like to raise.
>
> First, the idea that locking down the format of the signature adds
> 'fragile extra cruft' seems off to me.  On the contrary, the suggestions in
> this thread reduce fragility - by requiring that the set of signed fields
> (ARC Message Signatures, ARC Seals) meet a well-defined, strict, and
> trivially verifiable format.  This is fairly standard practice in video,
> security, etc. protocols - every field has a place, and large scale
> re-ordering/re-formatting is not permitted unless there's a compelling
> technical reason.
>
> I'm not sure why there's a perceived value in accommodating ambiguity here
> - this is a brand new standard with a limited number of actual
> implementers.  There's no random person not on this list implementing ARC
> (especially given the standard isn't finalized).  And if there is, the
> whole idea of providing a globally usable automated test suite is to ensure
> that person can easily validate that their implementation will interoperate.
>
> Second, the premise that "it's not hard to write test code..." is simply
> not true.  What would be required to actually write such code would be
> either a) pick a preferred ordering/formatting for these tags, and only
> have the tests pass for that ordering or b) include a complete ARC
> verifying system in the test code.  The first is what OpenDKIM did for its
> specs (see below).  The latter is possible, but seems ill-advised for a
> test suite.
>
> To see that this is the case, it's useful to look at two earlier email
> standards and their corresponding test suites.  SPF has a language-agnostic
> test suite (http://www.openspf.org/Test_Suite) that makes it easy to test
> implementations in any language.  I've done it myself, and it requires
> minimal effort - https://github.com/ValiMail/
> coppertone/tree/master/spec/open_spf.  I can tell you from personal
> experience that the test suite was really helpful in ensuring the
> implementation was correct in all cases.
>
> There is no corresponding test suite for DKIM, and the ambiguity in
> tag/value ordering is the fundamental reason why.  The closest we come are
> the tests for OpenDKIM.  If you examine the signing tests for OpenDKIM,
> it's clear that they fail your "not hard" requirement.  I can write a
> perfectly valid, legal DKIM signing implementation that will fail all of
> OpenDKIM's signing tests, because OpenDKIM has a preferred ordering and
> formatting for tags.
>
> The OpenDKIM signing tests all check that OpenDKIM produces a signature
> header matching a constant string that embodies this preferred ordering.
> Any implementation that uses a different ordering/formatting will obviously
> fail.  Changing the tag ordering/formatting changes the hashed value in the
> header, so it's not just a matter of parsing some tag/value pairs.  And so
> short of a full DKIM verification implementation it's impossible to make a
> generic test suite that accepts all legal implementations.
>
> Frankly, this is somewhat unfortunate.  But DKIM is a relatively simple
> protocol.  ARC is more complicated, with multiple levels of signatures and
> more complex state.  Given the substantially more complicated nature of
> ARC, it's desirable to have a test suite that will pass any legal
> implementation.  Interops are great, but I'd take a bulletproof test suite
> over an interop any day of the week.
>
> I won't be at the IETF meeting this week, but I'd be happy to dive into
> this in more detail over email or phone if it's helpful.
>
> Best,
>
> Peter
>
> On Sun, Mar 26, 2017 at 7:32 PM, John R Levine <johnl@taugh.com> wrote:
>
>> It's even more important than it was with DKIM to have a test suite that
>>> can verify signing behavior.  If we don't agree on any sort of standard,
>>> a
>>> test suite will need to select a preferred format for the ARC headers &
>>> will fail all implementations that don't meet this form.  We've discussed
>>> this with Murray, and he agrees with this conclusion.
>>>
>>
>> I have to say I don't find that very persuasive.  It's not hard to write
>> test code that checks for the hashes and fields in a signature header
>> without regard to what order they're in.  I would rather write better test
>> code than add fragile extra cruft to every ARC implementation.
>>
>> As it happens, the IETF is meeting this week in Chicago, and I expect
>> I'll see Murray in the next day or two so I can talk to him directly.
>>
>>
>> R's,
>> John
>>
>> _______________________________________________
>> dmarc mailing list
>> dmarc@ietf.org
>> https://www.ietf.org/mailman/listinfo/dmarc
>>
>
>
>
> --
>
>
> [image: logo for sig file.png]
>
> Bringing Trust to Email
>
> Peter Goldstein | CTO & Co-Founder
>
> peter@valimail.com
> +1.415.793.5783 <(415)%20793-5783>
>
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>
>

v2.23.0 | Report a Bug | By Email