Re: [dmarc-ietf] ARC-Seal is meaningless security theatre
Seth Blank <seth@sethblank.com> Thu, 17 August 2017 18:49 UTC
Return-Path: <seth@sethblank.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE4231325EE for <dmarc@ietfa.amsl.com>; Thu, 17 Aug 2017 11:49:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sethblank-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A8QQM4JV-jrr for <dmarc@ietfa.amsl.com>; Thu, 17 Aug 2017 11:49:20 -0700 (PDT)
Received: from mail-vk0-x235.google.com (mail-vk0-x235.google.com [IPv6:2607:f8b0:400c:c05::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0B1A413236D for <dmarc@ietf.org>; Thu, 17 Aug 2017 11:49:20 -0700 (PDT)
Received: by mail-vk0-x235.google.com with SMTP id d124so25420538vkf.2 for <dmarc@ietf.org>; Thu, 17 Aug 2017 11:49:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sethblank-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=PYwOqViLy9N2dr6KWlrxWJmLWM1WEaxMbYWV9NeeU14=; b=XiUFPuWlCWr/fukdGRzSAOD4taLEJYGS9geZgQ86HlF8ecsFvRitOMZDmzsjj37nYq ThOjo9vzViUK/3mNKRfzLnLfWbahKnB8PX1tV/zSIqBJ3ZSavxiAz08D/OXhV8ho3lqG 3L91e6dE1tSCQPxZbYpEKJDDPldRXWlhpwRLdpRdOY7XevOFdh2fM13xYnDxU6x4oo61 i2FWSOPEUhcMDkr3YIuuPqJmM1LTZrJzMluat1EFp0yydQQgh98tVSqU1VUNaDP0UIBP Kr+qH3YaMZon88u46OfkymqCogV3ZVxz1oPVCojOtH4bfly0LzM4nc5IBGGSYzwEiORT Di+A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=PYwOqViLy9N2dr6KWlrxWJmLWM1WEaxMbYWV9NeeU14=; b=Ff5Xm49v96Dm9DEnJR7gma3Fz1dbVLbfg0Fs0Zz588tObnVJmZvHEK2aZAHovmp6zT Xz/tk7o/2CEhEn48BgktiWVRcLuf6jAsW5ywJg/1UJKu9OHwfgbX1g6pB7P/kQWBDFEs 5mwjO11iTUdBPtq6kwQNNCmBYBoJDvB+KpglcBVKB/j+n75BgRMeEITMMO18d+GvhHuz vA5C7Ne7vX+JQTLwzD1Ps8VkwtBBB/+vBG+PmAGBg76MCHeJoJTAiIl88OuP3oGlnajE HbFbLK5SQKAoYILN3CcRIFKqJAgarqd30jhYALTaW8DzkhORIm6+TdOSraPjUa8HIN51 Z3fw==
X-Gm-Message-State: AHYfb5h4wqrmA7s0I7jVRvzy5noDZdOL0qhK3CV5RD/4bSxjvINn3vOn 5QgZ33/X64Yyw8305aXGhL9t819AwZw6L02eWA==
X-Received: by 10.31.87.132 with SMTP id l126mr3866343vkb.81.1502995758765; Thu, 17 Aug 2017 11:49:18 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.103.89.22 with HTTP; Thu, 17 Aug 2017 11:48:58 -0700 (PDT)
In-Reply-To: <1502957343.3548792.1076152832.1FEB1A8C@webmail.messagingengine.com>
References: <1502957343.3548792.1076152832.1FEB1A8C@webmail.messagingengine.com>
From: Seth Blank <seth@sethblank.com>
Date: Thu, 17 Aug 2017 11:48:58 -0700
Message-ID: <CAD2i3WMDsY3-_o6cETtnN4B456dwycyikMVN-cgSKB16F6ynaQ@mail.gmail.com>
To: dmarc@ietf.org
Content-Type: multipart/alternative; boundary="001a114e59f44cf70e0556f778d5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/Ut3iQqrye4luSYGVKxvomWEZvbE>
Subject: Re: [dmarc-ietf] ARC-Seal is meaningless security theatre
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Aug 2017 18:49:22 -0000
On Thu, Aug 17, 2017 at 1:09 AM, Bron Gondwana <brong@fastmailteam.com> wrote: > > I laugh as well, but it's more than p=reject isn't enough in the ARC > world, because it doesn't distinguish between: > a) I'm OK with email from my domain being sent via mailing lists; and > b) no, this domain is only ever used for direct messages, it should never > appear in ARC chains that don't also pass DKIM. > The DMARC WG charter directly addresses this: https://datatracker.ietf.org/wg/dmarc/charter/ Our stated goal is to fix indirect mail flows so that they do not break under DMARC. To me, that's an explicit requirement of a), with b) being out of scope. Seth
- [dmarc-ietf] ARC-Seal is meaningless security the… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Tim Draegen
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… John Levine
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Scott Kitterman
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen (b)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… MH Michael Hammer (5304)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen (b)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen (b)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen (b)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… mhammer@americangreetings.com
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos