IETF Logo Mail Archive

Re: [dmarc-ietf] Response to a claim in draft-crocker-dmarc-author-00 security considerations

Hector Santos <hsantos@isdg.net> Sun, 26 July 2020 19:07 UTC

Return-Path: <hsantos@isdg.net>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0E893A13C3 for <dmarc@ietfa.amsl.com>; Sun, 26 Jul 2020 12:07:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b=O2XLlfNM; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b=Fynyplm4
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lVBnQa9FqM8K for <dmarc@ietfa.amsl.com>; Sun, 26 Jul 2020 12:07:22 -0700 (PDT)
Received: from mail.winserver.com (mail.santronics.com [76.245.57.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 885503A13EC for <dmarc@ietf.org>; Sun, 26 Jul 2020 12:07:22 -0700 (PDT)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=1826; t=1595790440; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=jqmEEtyekpN/PUzvhOfCnz2NcTA=; b=O2XLlfNMncxL+uGQDwsXO+tduj11obA9wjRWddXZ2JG1sa/vfQPYUjIv25jxK6 F+KGttV6AgGAyXqHG7gi88AsA5EmMFQjzTHSR/phOOjfq9CgVjkWZ3LbcK+piaDU pecPFC4uECOdl7nXDg4I/DjMBGvCBFNuCXR3SIQS/mQ0A=
Received: by mail.winserver.com (Wildcat! SMTP Router v8.0.454.10) for dmarc@ietf.org; Sun, 26 Jul 2020 15:07:20 -0400
Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; dmarc=pass policy=reject author.d=isdg.net signer.d=beta.winserver.com (atps signer);
Received: from beta.winserver.com ([76.245.57.74]) by mail.winserver.com (Wildcat! SMTP v8.0.454.10) with ESMTP id 2222735643.1.1116; Sun, 26 Jul 2020 15:07:20 -0400
DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=1826; t=1595790331; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=qfoe0P0 dOIkz3htNUbRYxRxWEkrvtsMn0xMJZZvzwNE=; b=Fynyplm4e3mJZEXbtfzdOuP hPFAJ8SWjamVnK8A3jmWEB4iwxv5CGWjuLaWWI55g09axqGkLqk2KvfrDtGeYWEJ bM28UaopsbrJc6ZGWRrGbGeA+nmKPCLJTj/py3Q5lmYScq+YP8z9Geulmdn301qO FtXOGf0R965AKr4iCqEE=
Received: by beta.winserver.com (Wildcat! SMTP Router v8.0.454.10) for dmarc@ietf.org; Sun, 26 Jul 2020 15:05:31 -0400
Received: from [192.168.1.68] ([75.26.216.248]) by beta.winserver.com (Wildcat! SMTP v8.0.454.10) with ESMTP id 1933506500.1.56208; Sun, 26 Jul 2020 15:05:30 -0400
Message-ID: <5F1DD464.8030104@isdg.net>
Date: Sun, 26 Jul 2020 15:07:16 -0400
From: Hector Santos <hsantos@isdg.net>
Reply-To: hsantos@isdg.net
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1
MIME-Version: 1.0
To: dcrocker@bbiw.net
CC: dmarc@ietf.org
References: <cd9258e6-3917-2380-dd9b-66d74f3a64d3@gmail.com> <20200717210053.674D61D2C431@ary.qy> <CAL0qLwbkhG-qUyGqxaEjcFn2Lb7wPMhcPFEMA8eqptBJpePPxA@mail.gmail.com> <8efcf71c-f841-46a4-10b7-feb41a741405@gmail.com> <CAL0qLwbK7GQXkiS+H8GtsvHMzWr4o431Shc7Cc9MhqsTiHfzFw@mail.gmail.com> <bc7ed18c-8f1d-b41b-0a4b-3aa180a63563@gmail.com> <CAL0qLwYgs7py1aTQ87pykNT_0dpnrKz=+1DxMMSQMgbwz4XZDg@mail.gmail.com> <381c7792-5bd8-a1be-6b93-b7df015a2333@gmail.com> <d8bab034-7539-fbb4-faa0-daf6aa51e087@wisc.edu> <1442df0b-c885-f8da-67f5-93f51a683937@dcrocker.net> <5F1D9E69.5060605@isdg.net> <bf093e68-b84a-fe22-91ee-df0b49c9b155@gmail.com> <5F1DCB7B.8010807@isdg.net> <704d0ee5-8e55-1f4e-f669-32aaf8ff19de@dcrocker.net>
In-Reply-To: <704d0ee5-8e55-1f4e-f669-32aaf8ff19de@dcrocker.net>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/XzynSvwy0cNta43jlA6PS0rFhnY>
Subject: Re: [dmarc-ietf] Response to a claim in draft-crocker-dmarc-author-00 security considerations
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Jul 2020 19:07:27 -0000

On 7/26/2020 2:34 PM, Dave Crocker wrote:
> On 7/26/2020 11:29 AM, Hector Santos wrote:
>> Dave, for a number of years of practice, depending in the system or
>> service, users have been provided with trust-related decisions . Do
>> you need real examples?
>
>
> There is a difference between providing a signal, versus its getting
> received and use.
>
> Please provide objective data that these signals are being perceived
> and used effectively by end users.

Dave, I made a mistake to preempt the remaining comment by saying  "Do 
you need real examples?"  I thought I had removed it.  It was rude. Sorry.

Please read the remaining part in my previous message with my input 
explaining how GMAIL provides Trust-Related decision options to the 
layman user mail reader.

There is a lot more to this and I need to go.   I think you are 
correct in suggesting the user has no input in the protocols are are 
looking for.   Its the deterministic vs subjective/learning/heuristics 
protocols issue again.  In reality, we don't have the latter (IETF 
public domain standard for a non-deterministic filtering engine). 
Unless we want to include SpamAssasin as the Default EmailCore AVS 
Engine, it has been a long time missing, desirable part of the total 
picture.  With that engine, users would be a natural part of the 
equation. Unfortunately, we are not there.  But with the former, I 
always thought these deterministic protocols were targeted for 
unsolicited, anonymous transactions where only the AUTHOR DOMAIN, the 
self-signing domain, is the only trusted source.  Not the user or even 
the sender unless IFF there is an Author::Sender association established.

Have a good day, off to relax at the safe-distancing pool.

-- 
Hector Santos,
https://secure.santronics.com
https://twitter.com/hectorsantos

v2.23.0 | Report a Bug | By Email