Re: [dmarc-ietf] ARC-Seal is meaningless security theatre
"Kurt Andersen (b)" <kboth@drkurt.com> Sat, 12 August 2017 00:16 UTC
Return-Path: <kurta@drkurt.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2AB71324A2 for <dmarc@ietfa.amsl.com>; Fri, 11 Aug 2017 17:16:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=drkurt.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6LRwuRHR_Pr7 for <dmarc@ietfa.amsl.com>; Fri, 11 Aug 2017 17:16:27 -0700 (PDT)
Received: from mail-wm0-x22d.google.com (mail-wm0-x22d.google.com [IPv6:2a00:1450:400c:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 12EE91324A7 for <dmarc@ietf.org>; Fri, 11 Aug 2017 17:16:27 -0700 (PDT)
Received: by mail-wm0-x22d.google.com with SMTP id m85so2749406wma.0 for <dmarc@ietf.org>; Fri, 11 Aug 2017 17:16:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=drkurt.com; s=20130612; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=6lhE17tElZ4vjUzweXnCID5W7f3Q7THlUpoEZ4J/bYM=; b=c9cTr80T4fMhnjyoA/te4jwls5gQXREEbqKCrPzqPtGHhKD1vS70eQfgVyknEuTadp +Ij4g4y0cQcGq1Osbv3RJ27QkammeJ0YBy9aZgKVjVkhWpAtIgaNIQ7kPtJNuV3iV88b HkOx051WNH76EHaNlX2gVS2n0nvNVch9ZIIQg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=6lhE17tElZ4vjUzweXnCID5W7f3Q7THlUpoEZ4J/bYM=; b=Cx0sci9BUrkzs9w0B5C9+5lzA2zKVI+CxoBABVDyX/+a8m+WJess82p1rW5wzzlOSF LeB+kG24wBLTme6/BoxmeVSzvfVLa1Cm0iYlzHbs+zrCoSKJFvu23HzLooeXjwhSe2Ob TrhpwuC/HiSwHywEtWJSHhqq+7PmrcT+V3X11xKcEuXk4FTXziqHmpeYJt+O5DyUZISe b0v47DyxNhUwSZKe4YQiiy+TOB1uZo3dAYiM6TDt/XHGRJtxpLFSybx5jIv2sJdiSbVU lWg2qYxYS9P1sNAW28yZJjgGzLiz1XuOiXofHJpnFJNdhXDY7zRZCHk+zf0dNnAyMUZa 7Cvw==
X-Gm-Message-State: AHYfb5jiINiH2gDhZG7iZea5SClFIHUTETArUCikQgjc6UDNW8mkBVgW NgplmCA8dDTCJWnhIhz5tLoiAn+Z5ZHmc7ALGQ==
X-Received: by 10.80.166.133 with SMTP id e5mr17046481edc.71.1502496985523; Fri, 11 Aug 2017 17:16:25 -0700 (PDT)
MIME-Version: 1.0
Sender: kurta@drkurt.com
Received: by 10.80.178.229 with HTTP; Fri, 11 Aug 2017 17:16:24 -0700 (PDT)
In-Reply-To: <1502495646.4099176.1070896040.2B09B1F8@webmail.messagingengine.com>
References: <1502083287.2191248.1065195288.7CDC7FF3@webmail.messagingengine.com> <CABuGu1oTMbuLd4yTwecu5sKFnsmH+HiwT1FG=JpySYHzpMTx_w@mail.gmail.com> <1502200759.3946686.1066841264.607B4D0B@webmail.messagingengine.com> <2720431.u3G7bbkkxK@kitterma-e6430> <1502317564.1935379.1068588344.040173AF@webmail.messagingengine.com> <a08c7590-ded3-1642-4ffc-07848b3c6cd2@gmail.com> <e14f2130-6f00-4ef1-485b-850a4cc1c48c@gmail.com> <1502495646.4099176.1070896040.2B09B1F8@webmail.messagingengine.com>
From: "Kurt Andersen (b)" <kboth@drkurt.com>
Date: Fri, 11 Aug 2017 17:16:24 -0700
X-Google-Sender-Auth: 5kApih6ovpD4CUJpA9ohh792FGc
Message-ID: <CABuGu1qK6w4XwdG1krsn69kbX-fE=e26KpHRK3wXjsLgf6H8=g@mail.gmail.com>
To: Bron Gondwana <brong@fastmailteam.com>
Cc: "dmarc@ietf.org" <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c0dd11e193afd05568357ea"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/O-7bJ2IwFCtpddwfunVc3ZNQi-U>
Subject: Re: [dmarc-ietf] ARC-Seal is meaningless security theatre
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Aug 2017 00:16:29 -0000
On Fri, Aug 11, 2017 at 4:54 PM, Bron Gondwana <brong@fastmailteam.com> wrote: > . . . it's a bad idea to sign if you're not modifying, because then > everybody has to trust you or their chain breaks, even though you didn't do > anything which required signing. > <elided> > > In state #1, you don't need a chain of ARC Seal. You just need each site > to sign their own AAR and each AAR to include "arc=pass" for the previous > AMS. You trust the sites, so you trust them to verify the ARC status on > ingress. > In the current layout, "signing [the] AAR" is done via the AS. We wanted to keep the AAR as close to the A-R header as we could to maximize leverage of previous definitions rather than inventing an entirely new one. Initially, we had intended the AMS to sign over the AAR, but people objected to signing the AAR within both the AMS and AS scopes. <elided> > > And this is the crux of our disagreement. Seth thinks it's necessary to > do more than signing a statement that you believed the message was > authenticated when you got it, in a way that the next hop can verify your > signature over your own Authentication Results plus the content of the > message. I disagree. > One could replace the AMS with an "egress DKIM" signature, but then you would still have to decide what to do about alignment on this new DKIM signature. That's why we built the AMS - to avoid the question of alignment and have the ARCset as a self-contained "package". I see the point that you are driving at regarding the claim of "forgery", but I don't consider that any more or less of a forgery than what the IETF mailman will do to this message en route to the recipients. Mailman changes the headers (Subject) and body. Seems like that's about what you've done in the sample message...but at least you took responsibility for doing so with ARCset[7] (or someone with the private key for brong.net ;-) ). --Kurt
- [dmarc-ietf] ARC-Seal is meaningless security the… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Tim Draegen
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… John Levine
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Scott Kitterman
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen (b)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… MH Michael Hammer (5304)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen (b)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen (b)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen (b)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… mhammer@americangreetings.com
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos