Re: [dmarc-ietf] ARC-Seal is meaningless security theatre
Bron Gondwana <brong@fastmailteam.com> Sat, 12 August 2017 00:27 UTC
Return-Path: <brong@fastmailteam.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0DBE113240D for <dmarc@ietfa.amsl.com>; Fri, 11 Aug 2017 17:27:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmailteam.com header.b=oY/dr/BW; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=X9BMrQyg
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BRL7dV9uotWH for <dmarc@ietfa.amsl.com>; Fri, 11 Aug 2017 17:27:24 -0700 (PDT)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9EAB71275FD for <dmarc@ietf.org>; Fri, 11 Aug 2017 17:27:24 -0700 (PDT)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 8968F20EA9 for <dmarc@ietf.org>; Fri, 11 Aug 2017 20:27:21 -0400 (EDT)
Received: from web4 ([10.202.2.214]) by compute6.internal (MEProxy); Fri, 11 Aug 2017 20:27:21 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= fastmailteam.com; h=content-transfer-encoding:content-type:date :from:in-reply-to:message-id:mime-version:references:subject:to :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=UY1s3WHbmrYbJKqge 198Rpysj1H4si7UmO8oZxY9juM=; b=oY/dr/BWPf1x3dbalZY3DfI8aSn7B1Jtf M9M+NznBVmS+uvRVVPbkyEVoHOHqbklulg+2vB+i8pbfiPWg8BB8V7mJvekvDLo1 OZx2quCOdXrsTuY9Ue4k/gC+Q3mazt+owFal1Hrk/O1tb6YsaSpJ+tLCiyOcuAzy RGQsq5UDVgBOlXDqwdIIOyMDUmhpqcss7m2vmAeOFKasDn7sOBCVz2TcGgNpfrn2 cbsYwPlvYCGyiIhPF4nlTcyFT/uspPoPriEGavzYFOEUcfDquadaBnGeQ7GzJa89 mvE6CXseQ/oLTco9Km+F/pvMWd5XjulL2X/RIdSLwIWzAKBdu8X4A==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=UY1s3W HbmrYbJKqge198Rpysj1H4si7UmO8oZxY9juM=; b=X9BMrQygshSdKtssJvfCAk BENH0Av+b7pmpjR36OB/D9+pzAG5cydinlBgAGdUso3kWUb9dAy6sWspfQN2xHv5 vjNCU8vVjGMKrX/T8ssKjfvtDZEWHfBZ7h6SwruDIO2qxhEsSUhoReC8n8ZZNEEY AohOgIznH7gZgPRp3SB3WkfKlMnBzMny9NRiPibe5FlDtGLFwr8u/BqwSBjHlH60 F8Z3w1iLk/0qLS9S/rWNJR1mQxE9ePVwxCEmMLl6D1Rl3orSb3t0bAklVG16HPE8 RtB0AxdOcuyt04VautkXEB1ItaKqFvYIw/IW7/9/L8j6dedFZhYnSf8Z/pcvNGQA ==
X-ME-Sender: <xms:aUuOWZmZNKcLYnre4V81OC6jyYxgPPZkzQlv1T3R90rEYh2HT77V2w>
Received: by mailuser.nyi.internal (Postfix, from userid 99) id 64E84BAB71; Fri, 11 Aug 2017 20:27:21 -0400 (EDT)
Message-Id: <1502497641.4105093.1070922904.7A15BD5D@webmail.messagingengine.com>
From: Bron Gondwana <brong@fastmailteam.com>
To: dmarc@ietf.org
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: multipart/alternative; boundary="_----------=_150249764141050930"
X-Mailer: MessagingEngine.com Webmail Interface - ajax-33d44821
References: <1502083287.2191248.1065195288.7CDC7FF3@webmail.messagingengine.com> <CABuGu1oTMbuLd4yTwecu5sKFnsmH+HiwT1FG=JpySYHzpMTx_w@mail.gmail.com> <1502200759.3946686.1066841264.607B4D0B@webmail.messagingengine.com> <2720431.u3G7bbkkxK@kitterma-e6430> <1502317564.1935379.1068588344.040173AF@webmail.messagingengine.com> <a08c7590-ded3-1642-4ffc-07848b3c6cd2@gmail.com> <e14f2130-6f00-4ef1-485b-850a4cc1c48c@gmail.com> <1502495646.4099176.1070896040.2B09B1F8@webmail.messagingengine.com> <CABuGu1qK6w4XwdG1krsn69kbX-fE=e26KpHRK3wXjsLgf6H8=g@mail.gmail.com>
In-Reply-To: <CABuGu1qK6w4XwdG1krsn69kbX-fE=e26KpHRK3wXjsLgf6H8=g@mail.gmail.com>
Date: Sat, 12 Aug 2017 10:27:21 +1000
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/LgZhgJpEeaKCa9dH57iFkLCVpDw>
Subject: Re: [dmarc-ietf] ARC-Seal is meaningless security theatre
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Aug 2017 00:27:27 -0000
On Sat, 12 Aug 2017, at 10:16, Kurt Andersen (b) wrote: > On Fri, Aug 11, 2017 at 4:54 PM, Bron Gondwana > <brong@fastmailteam.com> wrote:>> __ >> . . . it's a bad idea to sign if you're not modifying, because then >> everybody has to trust you or their chain breaks, even though you >> didn't do anything which required signing.> > <elided> I would like to address this point, but maybe we should have a separate thread for it? I would strongly argue that sites not changing the message SHOULD NOT add ARC headers. I spelled out the reasons in my initial posting on this thread. >> In state #1, you don't need a chain of ARC Seal. You just need each >> site to sign their own AAR and each AAR to include "arc=pass" for the >> previous AMS. You trust the sites, so you trust them to verify the >> ARC status on ingress.> > In the current layout, "signing [the] AAR" is done via the AS. We > wanted to keep the AAR as close to the A-R header as we could to > maximize leverage of previous definitions rather than inventing an > entirely new one. Initially, we had intended the AMS to sign over the > AAR, but people objected to signing the AAR within both the AMS and > AS scopes. I can understand that. I would fix it by not having AS scopes rather than removing AAR from AMS. > <elided> >> And this is the crux of our disagreement. Seth thinks it's necessary >> to do more than signing a statement that you believed the message was >> authenticated when you got it, in a way that the next hop can verify >> your signature over your own Authentication Results plus the content >> of the message. I disagree.> > One could replace the AMS with an "egress DKIM" signature, but then > you would still have to decide what to do about alignment on this new > DKIM signature. That's why we built the AMS - to avoid the question > of alignment and have the ARCset as a self-contained "package". Yes - calling it something different from DKIM-Signature is good, so that nobody tries to check alignment with the "From:" domain. But I don't see any reason to replace AMS - it does what's needed (apart from not signing the AAR). It's AS that bothers me. > I see the point that you are driving at regarding the claim of > "forgery", but I don't consider that any more or less of a forgery > than what the IETF mailman will do to this message en route to the > recipients. Mailman changes the headers (Subject) and body. Seems like > that's about what you've done in the sample message...but at least you > took responsibility for doing so with ARCset[7] (or someone with the > private key for brong.net ;-) ). It's true, anybody at FastMail could have done that. At least anybody with production access to our DKIM keys database :) The point with forgery is that "a chain of unbroken ARC-Seals" is meaningless, because they're not protecting anything. Bron. -- Bron Gondwana, CEO, FastMail Pty Ltd brong@fastmailteam.com
- [dmarc-ietf] ARC-Seal is meaningless security the… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Tim Draegen
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… John Levine
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Scott Kitterman
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen (b)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… MH Michael Hammer (5304)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen (b)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen (b)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen (b)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… mhammer@americangreetings.com
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos