IETF Logo Mail Archive

Re: [dmarc-ietf] Alternative draft text for draft-ietf-dmarc-arc-protocol

"Murray S. Kucherawy" <superuser@gmail.com> Wed, 31 May 2017 22:40 UTC

Return-Path: <superuser@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28B0C1267BB for <dmarc@ietfa.amsl.com>; Wed, 31 May 2017 15:40:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0OBOLtwYis-Q for <dmarc@ietfa.amsl.com>; Wed, 31 May 2017 15:40:36 -0700 (PDT)
Received: from mail-ua0-x235.google.com (mail-ua0-x235.google.com [IPv6:2607:f8b0:400c:c08::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 014E7124D37 for <dmarc@ietf.org>; Wed, 31 May 2017 15:40:35 -0700 (PDT)
Received: by mail-ua0-x235.google.com with SMTP id u10so18061356uaf.1 for <dmarc@ietf.org>; Wed, 31 May 2017 15:40:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=0i1aQ/c2zzT2tgGH/mYrDL7mN8wzS0WkVuKjq9sO/j4=; b=sx7OEgCk4DUFG3m6jbwEOBDZ8x10lHVRArE/zJRQjOz017RMxw01mab4PATFGafw94 ydk7z2vZB2YZ80MaLNSApLKoC4j2K1Y+iIh9Cuvrh9mHHxK5m7fJZx26H99Az3wCcyJe ZIZaFbBthyJ4HqQz5k3sHGwWPvJcgbZaXckY7peYW+PwEQ4ikUw6D3HyP3Us9YTbsRjB TqWKERbAqKsmPWx9/jTyOOoMwMKm7wS4/zV+yYBTIIrKpB6yFG+TRBP6SZnBGCP4V5eR V1OxRnpmdcMEdMeA6IliVZ/PZbsmWFiq1sBCdGKDwR5Dp/h4wF3spDEAJY7DciufM67Q YCJA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=0i1aQ/c2zzT2tgGH/mYrDL7mN8wzS0WkVuKjq9sO/j4=; b=YMxmOOhzYOgfKvLVCE21dDeJ55saW30/rJy0RQhyWQl8B6PpTQsZufanee8RhzDfD9 icD3a/Xh0xcVeMmZlKJCCwXBzrW6tgVx3S/bdqDIrHsz5N9PonfLCOzkm1xRNFHQ4+q7 3MmS7Wm0cX3usuYmCRTJNAnHzuiRhM3IF6L6DqfE/C1PPbBT5QA3I65ilhlefPnc5qRR oywtNGXylW07rVAqG3240xHv00OtjCvl9/0Jel7b7dhgh9dACUDmmXqBMzTm1QgVdO2b KSBWck3XG+KLe81cMSRnuFRKhl4LPeHzoiIzQSyyUPs2ZBc6dNnrnTNRdEiVymhuKYFW 3F9w==
X-Gm-Message-State: AODbwcAEU+QIJrDStH+LKZWk2FL48CqnOhOzY+Xk7bAF9u5i2NHdCKpL HNMKTyNV94OoC7e5XOhzsvkAdD1Iow==
X-Received: by 10.176.81.4 with SMTP id e4mr5241086uaa.33.1496270435086; Wed, 31 May 2017 15:40:35 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.103.25.69 with HTTP; Wed, 31 May 2017 15:40:34 -0700 (PDT)
In-Reply-To: <CABa8R6vL720q879ks7ELPBH6aXjigntmHQ65hy86T-MQvLJ6+g@mail.gmail.com>
References: <CAL0qLwZEeL8ksPK3AwXjty1+RRUgAH=kL1MUOwERGiGxOGd5NQ@mail.gmail.com> <CABa8R6vL720q879ks7ELPBH6aXjigntmHQ65hy86T-MQvLJ6+g@mail.gmail.com>
From: "Murray S. Kucherawy" <superuser@gmail.com>
Date: Wed, 31 May 2017 15:40:34 -0700
Message-ID: <CAL0qLwbVeR3uEF_eOxF7x=7=5vbBco5RfrEX3LjXie9mvf29UQ@mail.gmail.com>
To: Brandon Long <blong@google.com>
Cc: "dmarc@ietf.org" <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c191490c574b80550d99b51"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/Xs3TpzqNxHDMqEtgLhEKw3ILsRs>
Subject: Re: [dmarc-ietf] Alternative draft text for draft-ietf-dmarc-arc-protocol
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 May 2017 22:40:38 -0000

On Tue, May 9, 2017 at 2:04 PM, Brandon Long <blong@google.com> wrote:

> In 5.1 defining the AMS, you say that it should cover DKIM-Signature and
> AuthRes headers.  In particular, AuthRes headers are expected to be removed
> by ADMDs, especially if the message transits the same ADMD multiple times.
> Also, the information in the AuthRes header is superseded by the ArcAuthRes
> header.  Including it means an arbitrary AMS breakage for something pretty
> minor, so I would recommend to not include it.
>

Section 5.1.2.1.1.... of the current draft says the same thing.  I just
copied it.


> You also talk about "responsibility".  I'm not sure that's how I would
> describe it.  An ARC hop is documenting that a message passed through it,
> and that it evaluated the authentication of the message.  The only
> responsibility of a hop is to correctly validate the SPF/DKIM/ARC
> information, there is no ownership implied over the message itself.
>

That's well-vetted language that's used to describe a valid DKIM signature
and its relationship (or more specifically, the relationship of the signer)
to the message content.  Indeed, if you affix an ARC seal to a message,
aren't you at least somewhat responsibility for its continued presence in
the ecosystem?  The language deliberately says "some responsibility"
because we don't want to make any specific judgements about culpability,
but the value of that metric is clearly not zero.


> With AMS, you can answer the question: which ADMD is the last ADMD to have
> modified the message.  I guess in that sense, the last modifier is
> "responsible" for the current state of the message... but that kind of
> means that the AMS of previous hops allows them to disown responsibility
> for the current state of the message...
>

Sure; in this sense ARC is different from DKIM in that you can make some
statements about various parts of the chain, rather than just the bits
whose signatures still validate.


> 5.2 - should we point out that there should be only one of these per hop?
> The openspf/dkim/dmarc implementations tend to add separate AuthRes headers
> for each evaluation, but ARC requires those to be a single instance.
>

Yes, there should be text about collapsing multiple values if they're
available when the seal is generated.  I think this was discussed elsewhere.


> 5.3.1 - none as defined as "arrives at an MTA from an MSA", perhaps my
> understanding of those terms is slightly odd, but I would think that an MSA
> usually uses an MTA to actually send the message, and it isn't that
> "sending" MTA that's the first hop, it should be the first "receiving"
> MTA.  I mean, that's usually the point at which the DKIM signature is
> applied, and the SPF would be "from" there, not based on the location of
> the MUA.
>

I'm using the definitions from RFC5598.  In many cases, a single component
serves as both the MTA and MSA.  But sure, clarifying text can't hurt.


> There are some missing pieces here, corresponding to the current draft
> sections 5.4 (alternate signing algorithms),
>

Sure, that could be added, though I think we should discuss why the time
ranges stated there are appropriate.  (This seems to me to be something
that might already have been addressed elsewhere in some other document
from the Security Area.)  If not (or even if so), this is perhaps work best
handled by DCRUP.


> 6.4.3 (arc email authentication method for AuthRes)
>

There should be text connecting this to the IANA Considerations, sure.


> 6.4.5 for dmarc xml.  I see that the arc is included in your IANA section,
> not sure if the call out outside of the definition is necessary or not.
>

What's the "call outside of the definition"?

-MSK

v2.23.0 | Report a Bug | By Email