Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5.1.2 - cv=fail should sign greedily
Seth Blank <seth@sethblank.com> Wed, 15 August 2018 14:30 UTC
Return-Path: <seth@sethblank.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CBC3130F7C for <dmarc@ietfa.amsl.com>; Wed, 15 Aug 2018 07:30:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sethblank-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nmsTV-4NGaq5 for <dmarc@ietfa.amsl.com>; Wed, 15 Aug 2018 07:30:02 -0700 (PDT)
Received: from mail-oi0-x229.google.com (mail-oi0-x229.google.com [IPv6:2607:f8b0:4003:c06::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B9181277D2 for <dmarc@ietf.org>; Wed, 15 Aug 2018 07:30:02 -0700 (PDT)
Received: by mail-oi0-x229.google.com with SMTP id s198-v6so2208123oih.11 for <dmarc@ietf.org>; Wed, 15 Aug 2018 07:30:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sethblank-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=R8JziYCYhYFvkUY98SyI1FkwKED2+KMybAmZJlwldw8=; b=iAlAJ4CMGicSe0dWwXVDe8HT7sDWlC+Hzg9ZML2OagRMQqcMjowk5MYtnQ5MQDZmPj G+sfl2ktQDvs/dFKBy/LX2dPqeam5XV2bhbO3ClmJaVLcXX/X/eSCXJw+R53NrCoNAed EyyqMHLcrWPUIEdYFUN9WC1bMJ/J1RJn+SO6957S4c0om3FkL6eTg0kewVodl/SnZE42 7Q9ECFnqo0ykaQkm0EN/fnwGQ7V48PGNdWtiFP5XDQl7eNoUKmrIC0gaJW2sJ+vPjiwg 4COaJ68J/0jwaydcmqVRMODiffLiHFsu3JdmxEenZatx6cqwVmFcFjTEequpYLT3SRkj AJZQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=R8JziYCYhYFvkUY98SyI1FkwKED2+KMybAmZJlwldw8=; b=SrYDksPzXBgi8JF2BdPNHjOaUQHsFoYw42s0EAH4BPaLjEpBZS3S2mwLe61HcmnekM 3Tj1c2vPDSfeXflNk+JYybR+R2p4eUGoMEOdaJuMgORsdd0Vi38VEgTTZ2O2KTJmhKOu BtnT5FnswNth7o3qZ7Zk/RtjRIZ8tamoPFh5kdqTOhq2Kt65SfYS9l+Ytjj2Ky+jTc+B bakO6wSEBrmPPkkfUVjKTvC/8dYta5D/uzs/bU8npYL6sCW435JwFtdlpyCGQEX/oWzZ OUtyFu7/r87VcoQU3IhxbgK95drLecPWYNouD5avvTwQyma4Xk2RQvTi+pCRjdTlUgzt nQFQ==
X-Gm-Message-State: AOUpUlGHoYDzV49/aoTeL9kVLDAEl77SA0ffgqi979pZFUNfY4EUkvTN LDnsFUjRi1yGFQ1/N7KCiA0akzh9YpGDuEvho2270KoGm7RUgg==
X-Google-Smtp-Source: AA+uWPyhGtGMoCPac9Ct9LgCs4p9X38h+rTUAdjcVdL3qSsQ/WKeKW8PMAEPfRsRqX7xEeZC4162s6rhXBEsGGQiiUY=
X-Received: by 2002:aca:d088:: with SMTP id j8-v6mr27592372oiy.276.1534343401190; Wed, 15 Aug 2018 07:30:01 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a9d:2646:0:0:0:0:0 with HTTP; Wed, 15 Aug 2018 07:29:40 -0700 (PDT)
In-Reply-To: <799c2b18-97fe-6e22-f2cf-49245ae9c65e@gmail.com>
References: <CAD2i3WNSe+of7U8fdTnmUeU3sthUbpEVgdYHT9J6BgLxoeOL3w@mail.gmail.com> <20180730221726.713CE200316625@ary.qy> <CAD2i3WMvCugRm4KZeLx3PFb6f_pKR3rs4mnH2FZO4_X7ZA7GHA@mail.gmail.com> <alpine.OSX.2.21.1807302025420.60501@ary.qy> <CABa8R6sWSu9Q+mozxzaVGab3PE2zxqVmt4L6FERSLC1oDTh1oA@mail.gmail.com> <alpine.OSX.2.21.1808031352460.29088@ary.qy> <CABa8R6u_09D9BNiq3fXDXjPVfFeZxHtRa0NyLamKyj033xO72A@mail.gmail.com> <CAD2i3WNJdQ95drzue17UdKEb_6qkN7DuB7WdMbORTSjWGgwJZA@mail.gmail.com> <CABa8R6sgtcAHGt10GQ85PvhYvEZfv1K1SqiFLe7ozWeZ5+Y30A@mail.gmail.com> <CABuGu1rmxMWhUQvzf=uyNVYSb1zGCgWtiak5+yPKaXGWPV4XUg@mail.gmail.com> <CAL0qLwbjpMH30hD8xKnAgT6kJ9wmN9hm3gwnRGmiqTOxKLiHDw@mail.gmail.com> <a6eb3ab9-0e0f-f3e5-9dd0-8d9e992595a0@gmail.com> <CABuGu1oVG-=5TtfdQffENQkf5+vQ9Fp44L42nsGY1QgUjzYyHA@mail.gmail.com> <799c2b18-97fe-6e22-f2cf-49245ae9c65e@gmail.com>
From: Seth Blank <seth@sethblank.com>
Date: Wed, 15 Aug 2018 07:29:40 -0700
Message-ID: <CAD2i3WO_pzCRfROzkWrJSBdrVjkoSOQMxy7dDD6Q10PZ-w2W4g@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000064591d05737a29e6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/X37npK0Ns6Hhku67y6xnX5nhkr0>
Subject: Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5.1.2 - cv=fail should sign greedily
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Aug 2018 14:30:09 -0000
On Wed, Aug 15, 2018 at 6:33 AM, Dave Crocker <dcrocker@gmail.com> wrote: > > This doesn't sound like compelling benefit, which is why I suggest > removing it. Absent compelling benefit, simpler specifications is to be > preferred, IMO. Absolutely agreed on simplifying the spec, but the above conversation misses the points in the email I sent an hour or two earlier. In particular, there was a design decision made at the genesis of ARC to store excess trace information that receivers could use to further analyze the Chains on the receipt. This is well documented in 11.3.3, as part of the experiment is looking into what trace information is actually valuable. As I've mentioned previously several times in this thread, without the Seal that affixes cv=fail to the message including all the ARC header fields in its scope, this trace information is no longer authenticatable and therefore cannot be trusted. This is a violation of the explicit design decision this protocol was built up from. But to also reiterate: what is Sealed when cv=fail is attested to (itself, the entire chain, or nothing at all) DOES NOT AFFECT INTEROPERABILITY. What it does effect are preserving trace information and preventing forged data from being reportable. This seems deeply valuable to me.
- [dmarc-ietf] WGLC ARC-16 concern on Section 5.1.2… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Luis =?utf-8?q?Mu=C3=B1oz?=
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Murray S. Kucherawy
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Murray S. Kucherawy
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Murray S. Kucherawy
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Murray S. Kucherawy
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Bron Gondwana
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Bron Gondwana
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… John Levine
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… John R Levine
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Brandon Long
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… John R Levine
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Brandon Long
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Brandon Long
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Kurt Andersen (b)
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Murray S. Kucherawy
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Dave Crocker
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Kurt Andersen (b)
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Dotzero
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Dave Crocker
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… John Levine
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Seth Blank
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Dave Crocker
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… John R Levine
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Dave Crocker
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… John R Levine
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Dave Crocker
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Brotman, Alexander
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Kurt Andersen (b)
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… John R Levine
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Murray S. Kucherawy
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Hector Santos
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Kurt Andersen (b)
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… John Levine
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… Kurt Andersen (b)
- Re: [dmarc-ietf] WGLC ARC-16 concern on Section 5… John R Levine