Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5.1.2 - cv=fail should sign greedily
Seth Blank <seth@sethblank.com> Sun, 29 July 2018 01:12 UTC
Return-Path: <seth@sethblank.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B8FF1131185 for <dmarc@ietfa.amsl.com>; Sat, 28 Jul 2018 18:12:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sethblank-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DEtoBm6Dyh2J for <dmarc@ietfa.amsl.com>; Sat, 28 Jul 2018 18:12:45 -0700 (PDT)
Received: from mail-oi0-x22f.google.com (mail-oi0-x22f.google.com [IPv6:2607:f8b0:4003:c06::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D8F60130EA7 for <dmarc@ietf.org>; Sat, 28 Jul 2018 18:12:44 -0700 (PDT)
Received: by mail-oi0-x22f.google.com with SMTP id k12-v6so15453136oiw.8 for <dmarc@ietf.org>; Sat, 28 Jul 2018 18:12:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sethblank-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=032SZd9s02ZQCUQf8tx8FABAsSIRv9YP0nKh9DIwGUE=; b=xBN3zsOiiaOsHXFmdMSDiABgpaQQ1PhcwHWc7ntqOy3wrEgjAqQA50P8BnyP3a2Ams uNzCxphTXjBdwbt4gW4rpq1nXDG8P2hBr/XA1p8ejmCoUzXDGsyk22GiLxy8fF+MPFMa U+9IK8n1atioTYMYLtyarB2173R5Ow33ZU30PaXcKMHhJOlH0frbUNrhodrQukjVeyPx Gn42ZVPESQhDkZM4JXhNAZsyzNoykG/QjWcg8hyyThk63ifKHsgkXh/bxlEPD16uHxBt w3TXATGiHRXz+7sF+g5rCSve3mkKbDYbcUZHIFBqsMVX8H6l71vEP0FEaZ5VRbXYbavl nXNw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=032SZd9s02ZQCUQf8tx8FABAsSIRv9YP0nKh9DIwGUE=; b=PeEZNN2xLb5ilFMSoatExNmOGhoO1OhzzbQGsinHLuu13XEVycAAUim9S835iB8CtJ R1AscLYSiPiSr40gHo39tcNluAb4afK5bz8ujV51cMAr9NjQMvBWTWK4u0eF/cCklsRn 4lCI/rYBDBSKJKLBZt+Zc4OsKoHZSakLH5je7fHmQ6Ea7Mbn6yTl6LTc5ciodavRtiUY qNi4QtmG9Rfuk1h7URejoZjo6IjyMV08g4RBwZmiqLa/AxN6fSJrqPzC2XGq7YIq6ZcF qV8IUW3VfaFFWg/vRbsK0hGbZj1PF1y/IF+eVd3RfLUYluw+KnNINak0CrvC0jitheQD elxQ==
X-Gm-Message-State: AOUpUlGGeMZIKsmrGLY7n72sM08TRpuA//SGR/vIQllE9lLEZTLGk1tk +2uhfuaGn+a+MkFptqfQDsAlrI0CTQMx5qsV7JsuDN5TXfM=
X-Google-Smtp-Source: AAOMgpeUfEVBvbkl3r0+JTBs5424274q4tCEBUj+TGWGKJ3vb7EzDJA47vT9QU7Uja68tyRlzVb+z2Ud2tGUDZ+mmCI=
X-Received: by 2002:aca:cf0e:: with SMTP id f14-v6mr13343266oig.356.1532826763683; Sat, 28 Jul 2018 18:12:43 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a9d:2646:0:0:0:0:0 with HTTP; Sat, 28 Jul 2018 18:12:23 -0700 (PDT)
In-Reply-To: <1532745551.208119.1455489824.75DFC005@webmail.messagingengine.com>
References: <CAD2i3WMMJPaZYonS-qcz8pwOKYmS2Xe+8WBZPuAqjiGoYePzSg@mail.gmail.com> <CAL0qLwapyX3U=0OqQWzx+dDELn3W0v=N_HyzDnSw49oWQ+SE5Q@mail.gmail.com> <CAD2i3WN90JSS8pzgRxrbokuKmhZaLUrimYRWqkZwzVDBxTczng@mail.gmail.com> <CAL0qLwZ_uPh5iPkS7MKzDp3x=dAgn-hmsEunccDc3Hj2bsphpQ@mail.gmail.com> <CAD2i3WM99Yy6Y=BQE4dC=Ffm7J32My160Xdm2oxXC50Au9tXoA@mail.gmail.com> <1532745551.208119.1455489824.75DFC005@webmail.messagingengine.com>
From: Seth Blank <seth@sethblank.com>
Date: Sat, 28 Jul 2018 18:12:23 -0700
Message-ID: <CAD2i3WOHjUwi3J=xsLca5_4DJL=S+jaReGRC1fBQH5wsfWxOVg@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c080610572190a6a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/Wey1yWTJOcvyh1f7Nmb51_0-qgc>
Subject: Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5.1.2 - cv=fail should sign greedily
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Jul 2018 01:12:48 -0000
On Fri, Jul 27, 2018 at 7:39 PM, Bron Gondwana <brong@fastmailteam.com> wrote: > The only thing your ARC Seal will validate is your own > ARC-Authentication-Results header - which isn't nothing (it could contain > the IP address that you received this message from) - but if SPF / DKIM and > ARC are all fails in your Authentication-Results, any earlier ARC and DKIM > headers have no provable causal relationship with the rest of the message > you received. > A structurally valid ARC Chain (all ARC Sets have one each of the ARC header fields, the ARC Sets instance numbers are 1..N inclusive, and each AS covers all ARC Set header fields on the message 1..its own instance number) where all AS's validate says a very specific thing about that ARC Chain: that no one has modified *THE ARC HEADER FIELDS* that are part of the Chain. This also means that from the first ARC Set at i=1 through the last passing ARC Set, you have a guaranteed list of all domains who have modified the message (yes, some may have Sealed without modifying) and the corresponding ARC-Authentication-Results each saw, which you know have not been modified by someone other than the ADMD which added them. This does not stop someone from taking an intact and passing ARC Chain and adding their own garbage on top. Fundamentally, this is how mail work; mail is spooled and replayed all the time by design. This is an issue with DKIM, and covered in 6376 sections 5.4.1 and 8.6. Since ARC inherits heavily from DKIM, it also inherits these specific replay issues. It was determined that fixing the replay issue was out of scope, except for providing guidance on how to contain impact. Sections 9.4 and 9.5 talk directly to these issues: https://tools.ietf.org/html/draft-ietf-dmarc-arc-protocol-16#section-9.4 https://tools.ietf.org/html/draft-ietf-dmarc-arc-protocol-16#section-9.5 Frankly, your concern speaks directly to the issue I raised initially. If cv=fail only signs itself, then there is absolutely no way to localize the issue and determine which Sealer decided to run amok with the Chain. If you see a cv=fail, you have to throw out all the data. At least when Sealing cv=fail, if you Seal greedily, there is in intact chain of Seals which can be used to make important determinations as to the veracity of the header field data and may be able to use that to determine where things may have fallen apart or been replayed.
- [dmarc-ietf] WGLC ARC-16 concern on Section 5.1.2… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Luis =?utf-8?q?Mu=C3=B1oz?=
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Murray S. Kucherawy
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Murray S. Kucherawy
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Murray S. Kucherawy
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Murray S. Kucherawy
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Bron Gondwana
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Bron Gondwana
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… John Levine
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… John R Levine
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Brandon Long
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… John R Levine
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Brandon Long
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Brandon Long
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Kurt Andersen (b)
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Murray S. Kucherawy
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Dave Crocker
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Kurt Andersen (b)
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Dotzero
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Dave Crocker
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… John Levine
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Dave Crocker
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… John R Levine
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Dave Crocker
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… John R Levine
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Dave Crocker
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Brotman, Alexander
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Kurt Andersen (b)
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… John R Levine
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Murray S. Kucherawy
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Hector Santos
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Kurt Andersen (b)
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… John Levine
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Kurt Andersen (b)
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… John R Levine