[dmarc-ietf] ARC Multi Proposal
Scott Kitterman <sklist@kitterman.com> Thu, 01 November 2018 06:06 UTC
Return-Path: <sklist@kitterman.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94930130DCD for <dmarc@ietfa.amsl.com>; Wed, 31 Oct 2018 23:06:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b=mfdr4bbq; dkim=pass (2048-bit key) header.d=kitterman.com header.b=UGr8xlgz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lU3Q6lQry0ZM for <dmarc@ietfa.amsl.com>; Wed, 31 Oct 2018 23:06:18 -0700 (PDT)
Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [IPv6:2607:f0d0:3001:aa::2]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 95613130DFD for <dmarc@ietf.org>; Wed, 31 Oct 2018 23:06:18 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201803e; t=1541052375; h=from : to : subject : date : message-id : mime-version : content-transfer-encoding : content-type : from : subject : date; bh=i2Kjgm/SpBQGES4Um5hdtkOXrhk+57psRD9F5OfqiDU=; b=mfdr4bbquxGpGoMHxBEUrEvC8v2V6be2v+SqnDz6HTwVOoyfuzhZS5kq FNh3JiFZFDDKMGSPxqYNhLJJfrd9DQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201803r; t=1541052375; h=from : to : subject : date : message-id : mime-version : content-transfer-encoding : content-type : from : subject : date; bh=i2Kjgm/SpBQGES4Um5hdtkOXrhk+57psRD9F5OfqiDU=; b=UGr8xlgzIi22LAaxZJNSChpSBITC5Fp7m6S3vqbxM5kPsV8VDHXfZsyM wuGMsF/Yizeu5iohrUp4qn/Qu/j8wX1KzRwdAlRTnEqUtDvc7P/IvDzMxT co7I9K9e3hhOFnupV+vX7ey5EsBpVSJ1gnacx6KDETutCawj0xw2h+eRx7 1MNr7NekqS7exu2E4TYg9uURhnVgloFEKRVDI9RlTvkWrOsACLkelgbBmA t9gqQ3j5+ZxVA8l+dZXCSlOWhgvYQATGT43V227hWNPyFwf9OHvWBsHEdq 6Gewz5MpoRrsBVOhBUpr21F5yK5NEOC+La83VDeZ0n3q64/CM8qLqw==
Received: from kitterma-e6430.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id 08F50C40230 for <dmarc@ietf.org>; Thu, 1 Nov 2018 01:06:15 -0500 (CDT)
From: Scott Kitterman <sklist@kitterman.com>
To: dmarc@ietf.org
Date: Thu, 01 Nov 2018 02:06:08 -0400
Message-ID: <9957335.dUWMaE32Bo@kitterma-e6430>
User-Agent: KMail/4.13.3 (Linux/3.13.0-158-generic; KDE/4.13.3; x86_64; ; )
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/Tvyn1edtHuXFQJcmzjo_NbHYLWo>
Subject: [dmarc-ietf] ARC Multi Proposal
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Nov 2018 06:06:21 -0000
Originally, draft-ietf-dmarc-arc-protocol-00, ARC could use any signing
algorithm supported by DKIM (which at the time were rsa-sha1 and rsa-sha256).
This was later reduced to rsa-sha256.
In the mean-time, DKIM dropped rsa-sha1 (RFC 8301) and ed25519-sha256 was
added (RFC 8463). In DKIM, the status of the algorithm requirements is:
Signers MUST implement and SHOULD sign using rsa-sha256. Verifiers
MUST implement rsa-sha256. (RFC 6376 as updated by RFC 8301)
Signers SHOULD implement and verifiers MUST implement the
Ed25519-SHA256 algorithm. (RFC 8463
DKIM also says:
3.3.4. Other Algorithms
Other algorithms MAY be defined in the future. Verifiers MUST ignore
any signatures using algorithms that they do not implement.
DKIM RFCs don't give any more advice than that. It's left to operators to
decide which algorithm to use (in the world where all RFCs are instantly
implemented and deployed, it would be appropriate to sign only ed25519-sha256,
but in reality we all know not to do that).
My personal experience with ed25519-sha256 signing indicates that DKIM
implementers reliably considered the implications of 3.3.4 and it's safe to
assume adding a new signature algorithm is unlikely to have backward
compatibility implications.
ARC places some potential constraints on multi-algorithm support:
4.2. ARC Set
An "ARC Set" is a single collection of three ARC header fields (AAR,
AMS, and AS). ARC header fields of an ARC Set share the same
"instance" value.
This requirement is the core of the problem that ARC multi needs to address.
I think we can define our way out of this relatively easily:
State that ARC uses all the algorithms used by DKIM (RFC 6376 as updated) -
Section 3.3.
Add an expansion of the definition of an ARC set:
If there are two AMS and AS signatures with the same instance (ARC i=)
values that have different a= (algorithm), s= (selector), and b= (header
hash) values, but are otherwise the same, then that is a single ARC set.
I believe that's it.
It's backward compatible with existing implementations since all existing ARC
implementations should be ignoring rsa-sha1 and ed25519-sha256 for ARC
purposes.
When ARC implementations are updated to support ARC multi, they can use the
expanded definition for identifying an ARC set with no changes needed to the
underlying ARC processing.
It supports algorithm transition the same way DKIM does, no special rules
needed. It's up to the receiver (as always) to decide what input they trust
and can use.
It avoids all the timing/flag day complexity that's in the current draft (and
we know can never work).
Does it have to be any harder than that?
Scott K
- [dmarc-ietf] ARC Multi Proposal Scott Kitterman
- Re: [dmarc-ietf] ARC Multi Proposal John Levine
- Re: [dmarc-ietf] ARC Multi Proposal Scott Kitterman
- Re: [dmarc-ietf] ARC Multi Proposal Kurt Andersen (b)
- Re: [dmarc-ietf] ARC Multi Proposal John R Levine
- Re: [dmarc-ietf] ARC Multi Proposal Kurt Andersen (b)
- Re: [dmarc-ietf] ARC Multi Proposal John R Levine
- Re: [dmarc-ietf] ARC Multi Proposal John R Levine
- Re: [dmarc-ietf] ARC Multi Proposal Kurt Andersen (b)
- Re: [dmarc-ietf] ARC Multi Proposal Brandon Long
- Re: [dmarc-ietf] ARC Multi Proposal Scott Kitterman
- Re: [dmarc-ietf] ARC Multi Proposal John R Levine