Re: [dmarc-ietf] Third party signatures
John Levine <johnl@taugh.com> Tue, 02 May 2023 17:06 UTC
Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51604C137384 for <dmarc@ietfa.amsl.com>; Tue, 2 May 2023 10:06:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.847
X-Spam-Level:
X-Spam-Status: No, score=-6.847 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b="OFst01GN"; dkim=pass (2048-bit key) header.d=taugh.com header.b="ja2W0k6M"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4x9fvegvo2es for <dmarc@ietfa.amsl.com>; Tue, 2 May 2023 10:06:45 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 688B9C1527A6 for <dmarc@ietf.org>; Tue, 2 May 2023 10:06:45 -0700 (PDT)
Received: (qmail 48568 invoked from network); 2 May 2023 17:06:41 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=bdb6.64514321.k2305; bh=roUkPURGdVJyfsSvVx8OLDbw/6LzjM9xL1Mz4C7RbhI=; b=OFst01GNZ/7AhxmuqGn27GTrkl/HxkvTCUQuBW1UZFRpyVH8nvZ0qVVJXJ3b9yWQfAYt77s/gYMfMADFeq+hixRZrIijjKZeP+LslNRxPPTfVDsVb2TAZMXzvUBTxKBVFuTMAf91M+ZpSLjKvlaonJ0tV1UGmEGFMYn8lTa45rAZi253SiLp4CDBdtUE22HiLjjHHcChK5r9gx7sxmpWrdlDRaLGR/K4e8yeutdxTKDETgAAIKVAq/vDRXwmV+5l9wKoEWCjyWSrNbdJ9Hrdmse35AiP/5L/RxSvHJ4142UW/IrZ30mZM7p3ZeV5SOG93rNXheKmExGHuQIGCjC9RQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=bdb6.64514321.k2305; bh=roUkPURGdVJyfsSvVx8OLDbw/6LzjM9xL1Mz4C7RbhI=; b=ja2W0k6McF6Du+zCi9XLwZJb+TZTNaEi3flzpP4jO8TAHC8mJBHZmURjk3vE5zmf9HK9IpUXWQOm6XBXo/5y5UkpuT01lxEnp2qMEWq75UCvqtNu81lItVGwGpETMF88SPL75Wdt1imN3MnKwvwFzg3yTT6KBjTHoRqHaLD0FmQ3UcxRD2j9n+NH8ZMNWqKwSZyLvzofv//Abs26syI37l6fsUpwC2Ga0otBQOft1AWZsPq/t4iRm2+oEb92vxxBfD5+PQIRCs1CCRKe8ibZ3oEYcOFEqHk665gbhF8qt5t/UGBWII2ckeOdR8DmMuu97ubNJf5RFKVo0bEU/l9IBg==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.3 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 02 May 2023 17:06:41 -0000
Received: by ary.qy (Postfix, from userid 501) id E2095CAA204B; Tue, 2 May 2023 13:06:40 -0400 (EDT)
Date: Tue, 02 May 2023 13:06:40 -0400
Message-Id: <20230502170640.E2095CAA204B@ary.qy>
From: John Levine <johnl@taugh.com>
To: dmarc@ietf.org
Cc: superuser@gmail.com
In-Reply-To: <CAL0qLwa9DoTCVCOOgrB1NySd2-aE-5wVSGsLNh=8k7xwDLgrTw@mail.gmail.com>
Organization: Taughannock Networks
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/RV0-qqsos7ZTw-wT-voDA1TWtnQ>
Subject: Re: [dmarc-ietf] Third party signatures
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 May 2023 17:06:50 -0000
It appears that Murray S. Kucherawy <superuser@gmail.com> said: >And I think the conditional signatures ideas suffer from the same two >issues I identified above. It's not quite as bad because with conditional signatures you can decide for each message if any third party signatures are OK. That mostly solves the security problem, since you're only saying that the third party can sign messages that look more or less like this one, but I agree the scale problem is roughly the same. It'd be a signficant amount of work to adjust outgoing mail servers to decide if and when to apply conditional signatures. No large provider has ever expressed any interest in either so I cannot see any reason to spend more time on either one. R's, John
- [dmarc-ietf] Third party signatures Murray S. Kucherawy
- Re: [dmarc-ietf] Third party signatures Wei Chuang
- Re: [dmarc-ietf] Third party signatures John Levine
- Re: [dmarc-ietf] Third party signatures Murray S. Kucherawy
- Re: [dmarc-ietf] Third party signatures Alessandro Vesely
- Re: [dmarc-ietf] Third party signatures Wei Chuang
- Re: [dmarc-ietf] Third party signatures John R Levine
- Re: [dmarc-ietf] Third party signatures Wei Chuang
- Re: [dmarc-ietf] Third party signatures Hector Santos
- Re: [dmarc-ietf] Third party signatures Alessandro Vesely
- Re: [dmarc-ietf] Third party signatures Douglas Foster