Re: [dmarc-ietf] ARC-Seal is meaningless security theatre
"Murray S. Kucherawy" <superuser@gmail.com> Thu, 17 August 2017 19:12 UTC
Return-Path: <superuser@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0432C13261F for <dmarc@ietfa.amsl.com>; Thu, 17 Aug 2017 12:12:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0cg7OxCVx16Y for <dmarc@ietfa.amsl.com>; Thu, 17 Aug 2017 12:12:47 -0700 (PDT)
Received: from mail-qk0-x22d.google.com (mail-qk0-x22d.google.com [IPv6:2607:f8b0:400d:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C712413214D for <dmarc@ietf.org>; Thu, 17 Aug 2017 12:12:46 -0700 (PDT)
Received: by mail-qk0-x22d.google.com with SMTP id o124so33605174qke.3 for <dmarc@ietf.org>; Thu, 17 Aug 2017 12:12:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=MoCeG7K/RRv3rJQcNpnvf36EjKQCwn3GxbXc1u1FT7M=; b=ZGiP2nCIoHHA8DmD2icqB0P5ecKKOb5Oz9vbDJxmTLcDm4RwimrPgnxoIdjny+xL/7 tnMP50gHCESAgEAgOQ4BCQvXWdm8FYDgSJ9UQV5EAROYuuiIdzDmjjQZ56v516+8Ggzp jTgNAIGgqjjDxRhEI8B0uk760FML1q8HIOqaMKDKkLUvF1vJjazZKozQDCicQPF7XWw+ 7KzEHowl6B3pnf7NLLt9xAtmbEHBnRzNONr3Zyfk1bFt/GNdVACEzlDfaNDZ59wwc8p7 3PYidNm3fw0VDWEgIgPdnXbXrrtnc0oSf2WTVlXbX7uJVKdeOVdeuEbuMbEVVogm6vdg Cyuw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=MoCeG7K/RRv3rJQcNpnvf36EjKQCwn3GxbXc1u1FT7M=; b=bFJJM9rXfGnou2jLD2FbXBznmB4R1FHP0M1fJ1AoGHC2PilR3TE5yGEnA6QrTH+Ji6 w+XstfgN5szP1WBhgXCmLje6Fv3OlTwMp9B4E2Lf++BNlnKrzoagPqHVhvde8YZkcHh/ uhB++LTljxCg3wx59gFFJkXr9ZBn2c5nEgMggnjyCo9vwm5XPk0dHZLXEaxeTGQOZh8N FoCB/VIvb2EkL3cARK99+rpxepMbTiGIz1B6jVccAPCvFC4X+Ld5vHyl2EMfvvhbMkSR 7bt/3yeTSqrC/oN2vRuQ/3/92zDKVuADOo7ZHovhAM7wNaPUqDIhEb4X1me0n36ZtG9k j0/w==
X-Gm-Message-State: AHYfb5jIklgfOXB8tCM4m4ENVeQ/6wGc6AGG7v6jKoX2Ocp/s4nfaRm1 zSmZKy1C7jfHFEcEOPVb+tUueNpTHDIG
X-Received: by 10.55.121.6 with SMTP id u6mr8923722qkc.111.1502997165863; Thu, 17 Aug 2017 12:12:45 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.237.57.34 with HTTP; Thu, 17 Aug 2017 12:12:45 -0700 (PDT)
In-Reply-To: <CAD2i3WMDsY3-_o6cETtnN4B456dwycyikMVN-cgSKB16F6ynaQ@mail.gmail.com>
References: <1502957343.3548792.1076152832.1FEB1A8C@webmail.messagingengine.com> <CAD2i3WMDsY3-_o6cETtnN4B456dwycyikMVN-cgSKB16F6ynaQ@mail.gmail.com>
From: "Murray S. Kucherawy" <superuser@gmail.com>
Date: Thu, 17 Aug 2017 12:12:45 -0700
Message-ID: <CAL0qLwbLT=tn=pjXTW7p8RyM_R7u_hh=OYde5u7GU3BCK2cHiw@mail.gmail.com>
To: Seth Blank <seth@sethblank.com>
Cc: "dmarc@ietf.org" <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c06275e2b78e50556f7cc36"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/TW6qrPACrTOG_gAld6EgnNo8-XU>
Subject: Re: [dmarc-ietf] ARC-Seal is meaningless security theatre
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Aug 2017 19:12:49 -0000
On Thu, Aug 17, 2017 at 11:48 AM, Seth Blank <seth@sethblank.com> wrote: > On Thu, Aug 17, 2017 at 1:09 AM, Bron Gondwana <brong@fastmailteam.com> > wrote: >> >> I laugh as well, but it's more than p=reject isn't enough in the ARC >> world, because it doesn't distinguish between: >> a) I'm OK with email from my domain being sent via mailing lists; and >> b) no, this domain is only ever used for direct messages, it should never >> appear in ARC chains that don't also pass DKIM. >> > > The DMARC WG charter directly addresses this: > https://datatracker.ietf.org/wg/dmarc/charter/ > > Our stated goal is to fix indirect mail flows so that they do not break > under DMARC. To me, that's an explicit requirement of a), with b) being out > of scope. > +1. My understanding is that altering DMARC is off the table right now. We have to try to move forward. I'm particularly opposed to adding a new "p=" value without a great deal of thought put into it, lest the set of values there become hopelessly polluted with things representing every conceivable combination of authentication results and header field values, many of which will end up being ephemeral. -MSK
- [dmarc-ietf] ARC-Seal is meaningless security the… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Tim Draegen
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… John Levine
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Scott Kitterman
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen (b)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… MH Michael Hammer (5304)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen (b)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen (b)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen (b)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… mhammer@americangreetings.com
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos