IETF Logo Mail Archive

Re: [dmarc-ietf] Response to a claim in draft-crocker-dmarc-author-00 security considerations

Brandon Long <blong@google.com> Mon, 20 July 2020 23:21 UTC

Return-Path: <blong@google.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A29A13A092F for <dmarc@ietfa.amsl.com>; Mon, 20 Jul 2020 16:21:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.599
X-Spam-Level:
X-Spam-Status: No, score=-17.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8OPfUapODTfQ for <dmarc@ietfa.amsl.com>; Mon, 20 Jul 2020 16:21:11 -0700 (PDT)
Received: from mail-vs1-xe30.google.com (mail-vs1-xe30.google.com [IPv6:2607:f8b0:4864:20::e30]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB3473A0979 for <dmarc@ietf.org>; Mon, 20 Jul 2020 16:21:11 -0700 (PDT)
Received: by mail-vs1-xe30.google.com with SMTP id s20so9420323vsq.5 for <dmarc@ietf.org>; Mon, 20 Jul 2020 16:21:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Asg0Ila/D2dTIltY0CYKP6TaJRz2MOyDPLKe4N5RAE0=; b=oar+PeOR8xR8sBeC5lbfgGWW4qxCFDrq8AFR/i8cNSKmuiirehLBy8WvPLZcnlNHSh 4dXHnL7en/dDMlOACvICQ2h3X0r4/1PRrzBLvGH8hW5KtTTmSCyJt0x3tW6/K+AwJMJJ 6YJH8cKnZVB/cggWxacUua93eN6CzbLjXEMyAUtgFMxALFotDM6N3P5fg3td3yX5krV2 I1MAO2bqFDWmBJ5yFHPfTU1eb6r2mfKs/if+v7A3DuvgoFdkGFRKKDnMjSSVQy+cZnDt J14/ISdFfL21jOSeewT2cmaOpwZAEF/8V3MpOqYLluuoK8PATyt9u2HYogadJYHjhiVm MxVA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Asg0Ila/D2dTIltY0CYKP6TaJRz2MOyDPLKe4N5RAE0=; b=CbA0FECfkOr/jKaVcDG+g9c3A0fdaUm369PRJ9R6mKPcDreJEDCgCPmaWPs81YibCD yaFT1hQeKWdlVK8Ga4EdBYLAmcfU3r1IZWJCMVeL+9YHmM/2fy73k4IeckL6OzCEZpSW lZ7JzGDNfp2vf9KhM4UTKgzFy76u5vTYh3nL5ObKedLD0HEOEB0OjsqH9fH2zINeq/lQ S9A+LfgjgcV0xv5bdHRoVpYrdeFPFTCZZwam3lkHS50BieodyFGzRxsqgdgzYMDOvwRc /5voF/7IdTsFo1Xa7BAUqysD2RWXk8JNjHFUjh5D02Vnx4MssRLCItTat2tiNopNYP6Y TKWg==
X-Gm-Message-State: AOAM530OQaxgxAEBCJtDc4dbW2UW5bpzXFIboIZzNgYR9WMyt72cr47g 54OE1ImXrcYFe56fjLpb+O7LQfmG1JcDVcMUEqGF
X-Google-Smtp-Source: ABdhPJzRFqJ6EXCROwBcNb/Ba5M/VO0b1n2GxWKoIJbqDQr21rPrPW7f6ErLDYEVr5cAko97s/P8OiLe9F3FGPSVIjo=
X-Received: by 2002:a67:643:: with SMTP id 64mr18586425vsg.32.1595287270387; Mon, 20 Jul 2020 16:21:10 -0700 (PDT)
MIME-Version: 1.0
References: <cd9258e6-3917-2380-dd9b-66d74f3a64d3@gmail.com> <20200717210053.674D61D2C431@ary.qy> <CAL0qLwbkhG-qUyGqxaEjcFn2Lb7wPMhcPFEMA8eqptBJpePPxA@mail.gmail.com> <8efcf71c-f841-46a4-10b7-feb41a741405@gmail.com> <CAL0qLwbK7GQXkiS+H8GtsvHMzWr4o431Shc7Cc9MhqsTiHfzFw@mail.gmail.com> <bc7ed18c-8f1d-b41b-0a4b-3aa180a63563@gmail.com> <CAL0qLwYgs7py1aTQ87pykNT_0dpnrKz=+1DxMMSQMgbwz4XZDg@mail.gmail.com> <5AF00366-DB28-41CB-A1C4-F5BCA77EC969@wordtothewise.com> <CABa8R6vm39JLWGkah7kLzmdkh24jdV1eUNGQdJOdcac=Pi0xNA@mail.gmail.com>
In-Reply-To: <CABa8R6vm39JLWGkah7kLzmdkh24jdV1eUNGQdJOdcac=Pi0xNA@mail.gmail.com>
From: Brandon Long <blong@google.com>
Date: Mon, 20 Jul 2020 16:20:56 -0700
Message-ID: <CABa8R6tfELeqg6GfuCeEPdkjdOKdN3JJa7Xmm1kRGL2bm0xS0Q@mail.gmail.com>
To: Laura Atkins <laura@wordtothewise.com>
Cc: "Murray S. Kucherawy" <superuser@gmail.com>, IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000011643a05aae7c3d5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/Y5FzAMeaYhvz9I20bgNmKuLV5og>
Subject: Re: [dmarc-ietf] Response to a claim in draft-crocker-dmarc-author-00 security considerations
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jul 2020 23:21:14 -0000

On Mon, Jul 20, 2020 at 4:20 PM Brandon Long <blong@google.com> wrote:

>
>
> On Mon, Jul 20, 2020 at 2:00 AM Laura Atkins <laura@wordtothewise.com>
> wrote:
>
>>
>> On 19 Jul 2020, at 19:08, Murray S. Kucherawy <superuser@gmail.com>
>> wrote:
>>
>>
>>    I'm less convinced by the notion that all of the RFC5322.From is
>>> disregarded by the preponderance of users when deciding what level of trust
>>> to put in the message's content. That suggests we blindly open and read
>>> absolutely everything, and I suspect that isn't the case.
>>>
>>> 1. That's not what it suggests, at all
>>>
>> Then I don't know what else you might mean by "end users do not reliably
>> make trust decisions based on /any/ of the information in the rfc5322.From
>> field".  What other data exist upon which to make trust decisions in the
>> display of a mailbox?
>>
>>
>> There was a research project done by an inbox provider and a major
>> supporter of DMARC presented at a MAAWG meeting a few years ago. They tried
>> adding trust indicators to the message list but found no statistically
>> significant behavioral changes by users. Given the conference policies, I
>> hesitate to mention it here, but there is research. There’s also a
>> conference paper I found, done by a computer science research team at VA
>> Tech that looked at this as well.
>>
>
> Was it us?  If so, I can push on folks to find and make it releasable, but
> I don't recall that we had such a presentation but I've also been out of
> the loop for a while and wasn't there are
> the beginning of DMARC either.  Ie, I know the ecert goldkey stuff failed
> on this, but don't think I ever saw the data.
>

Hah, and of course that was supposed to be private.

Brandon



>
> Brandon
>
>
>
>>
>> This question is actively being studied and there is research out there.
>> We don’t need to speculate or bring in individual opinions, we can look at
>> the different studies folks have done.
>>
>> 2. No doubt there is a better way to put this, but I'm not thinking of
>>> it, and this isn't just my second thought on the challenge, but quite a bit
>>> more than that:  This demonstrates why the IETF is a very poor venue for
>>> conducting human factors discussions.
>>>
>> No argument here.
>>
>>> Again: There is quite a bit of experience demonstrating that providing
>>> trust indicators to end users does not produce reliable -- ie, useful --
>>> decision-making by end users.
>>>
>> We appear to be talking past each other.  I wasn't talking about trust
>> indicators, but rather whether the RFC5322.From domain is visible..  I
>> don't have any reason yet to think trust indicators are effective.
>>
>>
>> Most clients these days seem to be hiding the RFC5322.From domain from
>> the individual end users. Mail.app on OSX does unless you change that
>> setting specifically (and it seems every few upgrades they reset the
>> setting and then hide the checkbox again). The iOS mail app doesn’t even
>> have a setting to change that I’ve been able to find. I seem to remember
>> the last time I set up a mailbox on Thunderbird (pre-2016 election as I was
>> tracking some candidate mail) they also hid the 5322.From address.
>>
>> There was another comment elsewhere about why not change the 5322.from
>> address if it’s not visible to the enduser, and there are 2 reasons I have
>> for that: The ability to search for mail from a particular author and the
>> ability to block mail from a particular author. Rewriting the From: address
>> always breaks the first. Some mailing lists point the Reply-To: to the
>> original author which means some kinds of filtering can trigger off that.
>> Other mailing lists point Reply-To: to the list address, which breaks the
>> second. Both things are important to mailing list usability.
>>
>> laura
>>
>> --
>> Having an Email Crisis?  We can help! 800 823-9674 <(800)%20823-9674>
>>
>> Laura Atkins
>> Word to the Wise
>> laura@wordtothewise.com
>> (650) 437-0741
>>
>> Email Delivery Blog: https://wordtothewise.com/blog
>>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> dmarc mailing list
>> dmarc@ietf.org
>> https://www.ietf.org/mailman/listinfo/dmarc
>>
>

v2.23.0 | Report a Bug | By Email