Re: [dmarc-ietf] Response to a claim in draft-crocker-dmarc-author-00 security considerations
"Douglas E. Foster" <fosterd@bayviewphysicians.com> Sun, 26 July 2020 17:57 UTC
Return-Path: <btv1==4767764ba5e==fosterd@bayviewphysicians.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 065E13A1206 for <dmarc@ietfa.amsl.com>; Sun, 26 Jul 2020 10:57:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTML_TAG_BALANCE_BODY=0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bayviewphysicians.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8lCync3CuWFA for <dmarc@ietfa.amsl.com>; Sun, 26 Jul 2020 10:57:44 -0700 (PDT)
Received: from mail.bayviewphysicians.com (mail.bayviewphysicians.com [216.54.111.133]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7079D3A1205 for <dmarc@ietf.org>; Sun, 26 Jul 2020 10:57:44 -0700 (PDT)
X-ASG-Debug-ID: 1595786261-11fa3118c71cb10001-K2EkT1
Received: from webmail.bayviewphysicians.com (webmail.bayviewphysicians.com [192.168.1.49]) by mail.bayviewphysicians.com with ESMTP id L3qECevG7Za0JOhs (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NO) for <dmarc@ietf.org>; Sun, 26 Jul 2020 13:57:41 -0400 (EDT)
X-Barracuda-Envelope-From: fosterd@bayviewphysicians.com
X-Barracuda-RBL-Trusted-Forwarder: 192.168.1.49
X-SmarterMail-Authenticated-As: fosterd@bayviewphysicians.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bayviewphysicians.com; s=s1025; h=from:message-id:subject:to; bh=9FRYc11sa7cG2PYtTXigMuoqVxtawnxWyao3IgkXYTU=; b=fXMfom9DCc/Dde2CzbaYWrjns4TKjdPVv9T8wY1y5Ub/TbRWwwl+VPzL0MTNhyVgx ULUEAtKUpbOZCXghC8Tqg+eTFYYg+1TOahGAU9AOGcfUSvRK/LlvUYGBL7Njzy4/3 XsvQ4GnBs6JJAkUzAeQ4gAzSED5WEjjsl4wvz4Qfg=
Received: by webmail.bayviewphysicians.com via HTTP; Sun, 26 Jul 2020 13:57:32 -0400
To: IETF DMARC WG <dmarc@ietf.org>
Date: Sun, 26 Jul 2020 13:57:31 -0400
X-ASG-Orig-Subj: Re: [dmarc-ietf] Response to a claim in draft-crocker-dmarc-author-00 security considerations
Message-ID: <5715fe55f18147dc88e153d18999b56b@com>
MIME-Version: 1.0
Content-Type: multipart/multipart; boundary="4530ca5c2e524bada00d5e2223f9b49b"
Importance: normal
From: "Douglas E. Foster" <fosterd@bayviewphysicians.com>
X-Exim-Id: 5715fe55f18147dc88e153d18999b56b
X-Barracuda-Connect: webmail.bayviewphysicians.com[192.168.1.49]
X-Barracuda-Start-Time: 1595786261
X-Barracuda-Encrypted: ECDHE-RSA-AES256-SHA384
X-Barracuda-URL: https://mail.bayviewphysicians.com:443/cgi-mod/mark.cgi
X-Virus-Scanned: by bsmtpd at bayviewphysicians.com
X-Barracuda-Scan-Msg-Size: 4428
X-Barracuda-BRTS-Status: 1
X-Barracuda-Spam-Score: 0.81
X-Barracuda-Spam-Status: No, SCORE=0.81 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=9.0 tests=HTML_MESSAGE, HTML_TAG_BALANCE_BODY
X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.83479 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- 0.81 HTML_TAG_BALANCE_BODY BODY: HTML has unbalanced "body" tags 0.00 HTML_MESSAGE BODY: HTML included in message
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/UcqouIYjFIfW6tIHyo2ZD8cbH2k>
Subject: Re: [dmarc-ietf] Response to a claim in draft-crocker-dmarc-author-00 security considerations
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Jul 2020 17:57:46 -0000
Recipient domains determine what messages they will accept or reject.Fairness and precedence are not necessarily applicable.I suggest that the DMARC standards track be placed on hold for at least a year. It is not clear to me, from this group's membership, that DMARC implementers feel an urgent need for standard status, so a delay should be tolerable to them.A Mailing List Protection WG should be formed to develop his ideas into an informational or experimental RFC. Then that RFC can be promoted to see if it wins over any current users of DMARC Sent from my Verizon, Samsung Galaxy smartphone<div> </div><div> </div><!-- originalMessage --><div>-------- Original message --------</div><div>From: Dave Crocker <dhc@dcrocker.net> </div><div>Date: 7/26/20 9:50 AM (GMT-05:00) </div><div>To: Brandon Long <blong@google.com> </div><div>Cc: IETF DMARC WG <dmarc@ietf.org>, Dotzero <dotzero@gmail.com> </div><div>Subject: Re: [dmarc-ietf] Response to a claim in draft-crocker-dmarc-author-00 security considerations </div><div> </div>On 7/21/2020 1:42 PM, Brandon Long wrote: > Stricter validation is not an uncommon addition to protocols over the > last 45 years. If there are examples of adding stricter validation in a way that essentially requires changing the semantics of the payload, in order for the payload to survive, I can't think of any. Not TLS, not DNSSec, not S/MIME or PGP. DMARC essentially enforces a semantic on the From: field as a handling identifier, rather than an author identifier. When activity that has a long history of semantic validity and a continued desire for operation is forced to break the denotational source of authoring information, in order to get the mail delivered, then we are in new territory. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- [dmarc-ietf] Response to a claim in draft-crocker… Kurt Andersen (IETF)
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker on behalf of Kurt Andersen
- Re: [dmarc-ietf] Response to a claim in draft-cro… Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Alessandro Vesely
- Re: [dmarc-ietf] Response to a claim in draft-cro… Jim Fenton
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Murray S. Kucherawy
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Murray S. Kucherawy
- Re: [dmarc-ietf] Response to a claim in draft-cro… Alessandro Vesely
- Re: [dmarc-ietf] Response to a claim in draft-cro… Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… John Levine
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] no from addresses nowhere, Respo… John Levine
- Re: [dmarc-ietf] Response to a claim in draft-cro… Murray S. Kucherawy
- Re: [dmarc-ietf] Response to a claim in draft-cro… Murray S. Kucherawy
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Murray S. Kucherawy
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Alessandro Vesely
- Re: [dmarc-ietf] Response to a claim in draft-cro… Laura Atkins
- Re: [dmarc-ietf] Response to a claim in draft-cro… Benny Lyne Amorsen
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dotzero
- Re: [dmarc-ietf] Response to a claim in draft-cro… Benny Lyne Amorsen
- Re: [dmarc-ietf] Response to a claim in draft-cro… Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Jesse Thompson
- Re: [dmarc-ietf] Response to a claim in draft-cro… Brandon Long
- Re: [dmarc-ietf] Response to a claim in draft-cro… Brandon Long
- Re: [dmarc-ietf] Response to a claim in draft-cro… Brandon Long
- Re: [dmarc-ietf] Response to a claim in draft-cro… Murray S. Kucherawy
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… John Levine
- Re: [dmarc-ietf] Response to a claim in draft-cro… Laura Atkins
- Re: [dmarc-ietf] Response to a claim in draft-cro… Laura Atkins
- Re: [dmarc-ietf] Response to a claim in draft-cro… Laura Atkins
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Jesse Thompson
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Brandon Long
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dotzero
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Hector Santos
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Joseph Brennan
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dotzero
- Re: [dmarc-ietf] Response to a claim in draft-cro… Joseph Brennan
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Brandon Long
- Re: [dmarc-ietf] Response to a claim in draft-cro… Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Jesse Thompson
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Doug Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… John Levine
- Re: [dmarc-ietf] Response to a claim in draft-cro… Jesse Thompson
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dotzero
- [dmarc-ietf] DMARC marketing Jim Fenton
- Re: [dmarc-ietf] Response to a claim in draft-cro… Joseph Brennan
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Joseph Brennan
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Benny Pedersen
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Joseph Brennan
- Re: [dmarc-ietf] Why are MUAs hiding or removing … Benny Pedersen
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Hector Santos
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Jim Fenton
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Hector Santos
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker
- Re: [dmarc-ietf] Response to a claim in draft-cro… Hector Santos
- Re: [dmarc-ietf] Response to a claim in draft-cro… Douglas E. Foster
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dotzero
- Re: [dmarc-ietf] DMARC marketing Jesse Thompson
- Re: [dmarc-ietf] Response to a claim in draft-cro… Jesse Thompson
- Re: [dmarc-ietf] Response to a claim in draft-cro… Dave Crocker