IETF Logo Mail Archive

Re: [dmarc-ietf] indeterminisim of ARC-Seal b= value

Peter Goldstein <peter@valimail.com> Thu, 30 March 2017 17:01 UTC

Return-Path: <peter@valimail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4AA891299C9 for <dmarc@ietfa.amsl.com>; Thu, 30 Mar 2017 10:01:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.719
X-Spam-Level:
X-Spam-Status: No, score=-1.719 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_FONT_FACE_BAD=0.981, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t-jR0nLYdWhk for <dmarc@ietfa.amsl.com>; Thu, 30 Mar 2017 10:01:13 -0700 (PDT)
Received: from mail-qk0-x230.google.com (mail-qk0-x230.google.com [IPv6:2607:f8b0:400d:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 75E9F1299E4 for <dmarc@ietf.org>; Thu, 30 Mar 2017 10:01:07 -0700 (PDT)
Received: by mail-qk0-x230.google.com with SMTP id p22so45487216qka.3 for <dmarc@ietf.org>; Thu, 30 Mar 2017 10:01:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=erDYH+nyzldSfz9S3vUorce8Cw+zkBW5slOgCF4JIF0=; b=Gc42hLXxkYGj4BClqR7RLg1uTUSdCNLlCEkajrKX3wsrjDdK+PVLCujgxo38vKJbQc hKPMP0KmNnlP6M/oMN7KWwAW1HE+tK/etNhJ3KQrFSU8jXUHWXo124qMEg6LyVYvM0KM KCjYHyAsXCmadnndUcTGrQZwcECdqr9EKbVfw0ns04IFDl+lNoVDXrYlQZM3LRr3IdFk URA/tScbJrQQ08n/bQApgDK1JhOJmcCcqdQejZXznKAYh/k/dH8LAB7njG9fwro8XtuG vmqonLhMHfPfdjNla761n+oPdQRIrGHqhnQMrblhJQRAMsaE8dP9kjV66sEnhdrvDctj fJTQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=erDYH+nyzldSfz9S3vUorce8Cw+zkBW5slOgCF4JIF0=; b=duPAgcSG/f83L6WUBzcidLIOCxxivtUA50nX8KkKl1vFZiznv2/doAbZ5IryC6LrX/ NPXhHOBUDonw7Yp38nfljXysCmnV+BqO8OeXCGyd9BMppYz6VCYKsQUwQr4GTDkmdLmr 8Q5UTcuBiPVuU4cA3c00kfuEQOGsFw+gsu/p1xvFiFONPfJ9tdOdBcaoL14zQZPjnB8f J2XnfZmpbyBBCZ4wp1fI0uFzVPW4DLeJnpMUdlHOPhRZF6Q+rqZOFuTMcIaaNJIiFMJT Ra8JJSeQ4XTnRiYJRkMu+91ucYX+7QY4c7C+8HmzqrYEwwhOL1lSiXH05grdg2+V/Xa1 y59Q==
X-Gm-Message-State: AFeK/H3rObzc/VgHG7rjXu9bgrxRS7nrFyYQTzTn/7RrqpBOblcvz/k2yrnX7/0aPPQKo+AaM6Qo/uno+1ojTA==
X-Received: by 10.55.87.198 with SMTP id l189mr700339qkb.304.1490893266514; Thu, 30 Mar 2017 10:01:06 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.12.141.207 with HTTP; Thu, 30 Mar 2017 10:01:05 -0700 (PDT)
In-Reply-To: <01QCKR5S5OXK0003XB@mauve.mrochek.com>
References: <CANtLugO_D1Mz_v_341pc5O1mZ7RhOTrFA3+Ob5-onp72+5uRfA@mail.gmail.com> <alpine.OSX.2.20.1703272118210.2533@ary.local> <CAOj=BA0YKHYrkseR=wwgZn0_GNBKfdL7jmHehgBRzxqGKV6C1g@mail.gmail.com> <2978391.eJVbVTHBlo@kitterma-e6430> <CAL0qLwbP4c+09=TNSOsDqKwcp6iw++aGW8jDhARoVwvsghSLvA@mail.gmail.com> <01QCKR5S5OXK0003XB@mauve.mrochek.com>
From: Peter Goldstein <peter@valimail.com>
Date: Thu, 30 Mar 2017 10:01:05 -0700
Message-ID: <CAOj=BA3p-XQT=AeR4PHC-udWsn7rOmtR+UQHV0vbVofDKYOH_Q@mail.gmail.com>
To: ned+dmarc@mrochek.com
Cc: "Murray S. Kucherawy" <superuser@gmail.com>, "dmarc@ietf.org" <dmarc@ietf.org>, Scott Kitterman <sklist@kitterman.com>
Content-Type: multipart/alternative; boundary="001a114dbb788ca870054bf5a38d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/Y0BnTa_186dTXvC-rQzGPKoIAn0>
Subject: Re: [dmarc-ietf] indeterminisim of ARC-Seal b= value
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Mar 2017 17:01:25 -0000

>
> > I think Peter's proposal (and he can correct me if I'm wrong) is only to
> > constrain signers.  Verifiers are still expected to handle everything
> weird
> > that the infrastructure might do.
> This proposal creates a situation where verifiers are required to support
> something that no compliant signer will generate. The result will be that a
> test suite with reasonable coverage cannot be generated using compliant
> software.
> And since most people are not going to bother to create an incompliant
> signer
> specifically for purposes of testing, if anything this will create, rather
> than
> elimnate, interoperability problems.
>

Just to be clear, this is not what I was proposing.  Specifically, I don't
think the Robustness Principle
<https://en.wikipedia.org/wiki/Robustness_principle> applies in this case.
Verification should check the RFC defined spacing, ordering, etc. of the
tag/value pairs and reject non-compliant values

As this is a new protocol, and these headers are all new and used
exclusively for ARC, and for the reasons mentioned by Ned, there's no
reason to be lenient in what is accepted.

> That sort of organic validation of implementations seemed to work for
> > DKIM.  The unknown here is whether ARC will be as successful with that
> > model.
> Exactly. And given the success of the approach with DKIM, the burden is
> on those proposing to use a different model for ARC to explain why it will
> work better.


A few quick comments on this.

As per my earlier email, I have a lot less confidence in how well this
'seemed to work' than some of the other participants in this thread.  One
of the benefits of DMARC re:DKIM is it has exposed some issues with DKIM
implementations that were not obvious prior to DMARC evaluation.  Without
DMARC reporting some of the problems with certain DKIM implementations were
simply not very visible.  So I don't actually think the DKIM model worked
as well as is being asserted.

Second, the existence of such a test suite would have had material benefits
just within the last ~18 months over which ARC implementations have been
developed.  We know this because of the immediate benefits the current test
suite (which does impose a canonical ordering, spacing, etc.) yielded
almost immediately.

The suite exposed a few minor but significant issues with the Python
implementation that was submitted to dkimpy.  Similarly, it exposed that
the current OpenARC signing functionality is in a much less mature state
than was generally understood.  In terms of RFC definition, it exposed the
fact that the current RFC as written required support for insecure 512 bit
keys - and triggered a discussion on this very list.  In our internal
development it's forced us to look hard at some of the corner cases and
raise them on this list or at interops.  Note that most of these issues had
escaped detection through multiple interops.

None of the above is meant to insult the associated developers or spec
authors.  Their contributions have been essential, and the skill and
dedication they've brought to their tasks is greatly appreciated.  It is
simply meant to demonstrate the material benefit that this kind of testing
has already brought.  This is what automated tests do - bring problems to
light quickly.

So yes, I think this approach works better.  Much better.

Best,

Peter


>

-- 


[image: logo for sig file.png]

Bringing Trust to Email

Peter Goldstein | CTO & Co-Founder

peter@valimail.com
+1.415.793.5783

v2.23.0 | Report a Bug | By Email