Re: [dmarc-ietf] ARC-Seal is meaningless security theatre
Bron Gondwana <brong@fastmailteam.com> Tue, 08 August 2017 04:02 UTC
Return-Path: <brong@fastmailteam.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76B27120727 for <dmarc@ietfa.amsl.com>; Mon, 7 Aug 2017 21:02:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.719
X-Spam-Level:
X-Spam-Status: No, score=-2.719 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmailteam.com header.b=jUsjXY58; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=abrGaL29
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MEW7JnCwc1jt for <dmarc@ietfa.amsl.com>; Mon, 7 Aug 2017 21:02:01 -0700 (PDT)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 897EB1243F3 for <dmarc@ietf.org>; Mon, 7 Aug 2017 21:02:01 -0700 (PDT)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id D258D20A42 for <dmarc@ietf.org>; Tue, 8 Aug 2017 00:02:00 -0400 (EDT)
Received: from web5 ([10.202.2.215]) by compute6.internal (MEProxy); Tue, 08 Aug 2017 00:02:00 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= fastmailteam.com; h=content-transfer-encoding:content-type:date :from:in-reply-to:message-id:mime-version:references:subject:to :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=UGbE8lgsJgGjw3Jip wmO9sKhRXF6FKhJy5LrLVbFlHQ=; b=jUsjXY58YVnqkUrWF+LFGxjlg+FH7g3JK d7toZIISbF/BfnCRE/wzurnunRioq5lTws0RxDHewfjlk+QBGH0jV8bjBM0EcOuY EKrgTJR7DcS+O2zkXiNH61kJRFlh6rwcxAoD7fAnlRIAO4O2PfOHw/DPM/TXJ1Iy zseK2Bm0SmVbOmqSZRP2HuQFvfaAZz8JqTuzFJlBdTtaapgctN3QYd9ClUGhRoq7 NXCPTjiQVYcpgJkWzboilUGNmO5D5flQPlljITUp4reWSzFRzIEmuq78SqmIrGB6 n+iLjo98hG1+EKk5CiXX1EOWHRdi9HUPMCZOdUO3tOAxsTuhvPG9Q==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=UGbE8l gsJgGjw3JipwmO9sKhRXF6FKhJy5LrLVbFlHQ=; b=abrGaL29fmMt8ZpvVRtXG1 1izEjd+g3SJDy2/zhTjSkRONQsVfMztz1nmZ73k3BpfnoaP4vahIE8WhjXqi/ukA I5aGFGa9hU5E2yN/3czH+6uzXk1ZdEKg2bxexnf5m2rBqUDhM3rs3eeuC+rzmsDn dTUUNsECXKR7X6pMNmTp3oegwv89BWZ9dyn8oZJ/h8t9UYQoScfOQ9rZn2KeRLVA Xd5cUkli2jRc04zp/Uh6NRiXG7Oyblcm3vVLROy6DmvcFRAmD4Ubu4YQ02UFw32A XKCOvpqMuPae1FRWCy+cZLd71OUAK518R7HX7dnvpeLO7bjyXhwjRmjt+/XhKDkQ ==
X-ME-Sender: <xms:uDeJWd6zM8K4mxfhO6_9pNvFc8Kk-oX3NAFXQZFaNh9Q93bYsaSI4w>
Received: by mailuser.nyi.internal (Postfix, from userid 99) id A31E49E260; Tue, 8 Aug 2017 00:02:00 -0400 (EDT)
Message-Id: <1502164920.4114743.1066377640.37EA2DB1@webmail.messagingengine.com>
From: Bron Gondwana <brong@fastmailteam.com>
To: dmarc@ietf.org
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: multipart/alternative; boundary="_----------=_150216492041147433"
X-Mailer: MessagingEngine.com Webmail Interface - ajax-7b2cde4a
In-Reply-To: <15EF8F78-61CD-41B9-B7A2-317D483A56C1@eudaemon.net>
References: <1502083287.2191248.1065195288.7CDC7FF3@webmail.messagingengine.com> <15EF8F78-61CD-41B9-B7A2-317D483A56C1@eudaemon.net>
Date: Tue, 08 Aug 2017 14:02:00 +1000
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/Y8CsnP0iRweZ3-TnT5RQ8trpNTg>
Subject: Re: [dmarc-ietf] ARC-Seal is meaningless security theatre
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Aug 2017 04:02:03 -0000
On Tue, 8 Aug 2017, at 00:50, Tim Draegen wrote: >> On Aug 7, 2017, at 1:21 AM, Bron Gondwana >> <brong@fastmailteam.com> wrote:>> >> A more cheap and nasty fix, assuming it's too late/complex to change >> the protocol more, would be to keep AS, but change the validation to >> only require checking the most recent AS, since validating the rest >> is meaningless.> > Bron, thanks for sharing your insight. I don't think it's too > late/complex to incorporate direct real world experience into the > specification.> > I tried to express my own attitude in the Prague meeting: the email > space is special because it is huge. It doesn't make sense to pretend > that it isn't. Instead, let's build tech to solve real problems, test > it against the install base, and make the tech better based on what is > learned.> > AFAICT, ARC is at the very beginning of the "test it against the > install base" phase. Thanks Tim, We'll set ARC up at FastMail and experiment with it for sure. The code is pretty much ready to slot into place, and while nobody is filtering on it, it's easy enough to play with. It's not like ARC is worse than nothing (apart from maybe the increased DNS load). Regardless of our opinion of how good it is, we'll certainly implement anything which helps our users' mail be delivered! But it would be nice to help make it even better if we get a chance to influence the technology choices :) Bron. -- Bron Gondwana, CEO, FastMail Pty Ltd brong@fastmailteam.com
- [dmarc-ietf] ARC-Seal is meaningless security the… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Tim Draegen
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… John Levine
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Scott Kitterman
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen (b)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… MH Michael Hammer (5304)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen (b)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen (b)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen (b)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… mhammer@americangreetings.com
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos