IETF Logo Mail Archive

[dmarc-ietf] WGLC ARC-16 concern on Section 5.1.2 - cv=fail should sign greedily

Seth Blank <seth@sethblank.com> Wed, 25 July 2018 21:34 UTC

Return-Path: <seth@sethblank.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 583F31277C8 for <dmarc@ietfa.amsl.com>; Wed, 25 Jul 2018 14:34:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sethblank-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NtM_wXSir459 for <dmarc@ietfa.amsl.com>; Wed, 25 Jul 2018 14:34:25 -0700 (PDT)
Received: from mail-oi0-x22a.google.com (mail-oi0-x22a.google.com [IPv6:2607:f8b0:4003:c06::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C14612777C for <dmarc@ietf.org>; Wed, 25 Jul 2018 14:34:25 -0700 (PDT)
Received: by mail-oi0-x22a.google.com with SMTP id y207-v6so16509723oie.13 for <dmarc@ietf.org>; Wed, 25 Jul 2018 14:34:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sethblank-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=qQuINTFCGWK/qYWp788cQAl5Lbv33kkgvm0+s53QirY=; b=lcm43fabB2NaYdN0eRVFAtZIZ7DyAM6eoo+hWEpUUvFrCLKPTpty1LxVQSYfzgz4du uXxbE0hCIQGTjTmI6iyEJ77yquP/xxfkaqbh7d1a7kzAI0Dd45WF77gL8TV3yLCbQLke I1gAhyKhAtvKrMBWJqJLV4SKiYg/Q5QLa8e666AXLw1kZxE7Kw6ELVlss93cCuWrSMo3 TaqMQySVZwAQS0kKIPtW344bX68cnRDnRQRN+8nXg66qZULgmBPp0ymvEnC8Ne9KzQiR P8XSH//8DJXyfxVhg4g4N5st9Co/D18ABXkiIO/vY70exQMKt0uf/iDwT2vKUxLbgHda /bnQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=qQuINTFCGWK/qYWp788cQAl5Lbv33kkgvm0+s53QirY=; b=N3sTGkM+6x/inm/OplMalhjS7PvYuM4KSKwO5ABC9BThXr9YXQdI+iNFNzksvQ6Zjs bUB6rlwbHSGACxs+1Tog9BGOs6Q/RTsu4MdaYwagDbs90K3Nneo+VX8E+A2hDI78yQp3 rzdgQvzXEWhu4kuWbzuKfRw0XcZj5HxX49GFAtfO8USHugGqqGbgvGtxUOv1K/uGfCW8 H9mPhkPujppQB+sBpQKOVkp9nydQdbA2aXEov0bv0kQg+pjfgFOwz313LAwaG7bndgEm DVDfzA/zU9/DoTtRDAUn07osqD960XRdELLKVyuis4r+k2/JRiJC9fkWDrKKYQdJRCrg MQtg==
X-Gm-Message-State: AOUpUlFvBz+Y3xmpxxfP5HQHSzH+xl1rpHmZN1jpYPU6phmHUSOHEIL8 lbhTgoQWIqRyYPb7gIrXAJyvZgyi9PgpQT4NaIgTOjPBiQ/PsA==
X-Google-Smtp-Source: AAOMgpfsnnsOapGYHP72NbhPxKufXSWoVPnru7IDdEMyJFOo6pRs4c9gbksWohFTnkZnbSIEdWko9i1wkX7dNrggWbs=
X-Received: by 2002:aca:d088:: with SMTP id j8-v6mr5343917oiy.276.1532554464206; Wed, 25 Jul 2018 14:34:24 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a9d:2646:0:0:0:0:0 with HTTP; Wed, 25 Jul 2018 14:34:03 -0700 (PDT)
From: Seth Blank <seth@sethblank.com>
Date: Wed, 25 Jul 2018 14:34:03 -0700
Message-ID: <CAD2i3WMMJPaZYonS-qcz8pwOKYmS2Xe+8WBZPuAqjiGoYePzSg@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000070476e0571d9a441"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/ZXw_6xNsexXmfC0K-ctjWkg2xQ0>
Subject: [dmarc-ietf] WGLC ARC-16 concern on Section 5.1.2 - cv=fail should sign greedily
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Jul 2018 21:34:29 -0000

https://tools.ietf.org/html/draft-ietf-dmarc-arc-protocol-16#section-5.1.2

Originally, even in the event of a chain validation failure, the Sealer's
ARC-Seal would sign all ARC header fields on the message.

When we introduced the concept of cv=invalid last year, the advice was to
only sign your own ARC Set, because there was no deterministic way to know
which header fields to sign when those ARC header fields were not properly
intact (the definition of invalid). We then decided to abandon the
cv=invalid path and only have cv=fail.

Somehow, in the current doc this advice for invalid chains now applies to
all chain failures. Section 5.1.2's title even mentions it is for the
invalid case, but the text as written applies to all failed chains.

Without the ARC Seal covering the ARC header fields in the failing chain,
all the data in the failed chain can be modified as it is not covered under
the latest signature.

The proper guidance should be that the ARC-Seal MUST sign the ARC Chain in
its entirety, unless that is structurally impossible, in which case it
should only sign itself.

I believe the proper text for this section (replacing the first paragraph
for 5.1.2 in its entirety) should be:

   In the event that it is not possible to generate a deterministic list of
previous
   ARC Sets to sign (such as when the chain undergoing validation
   is structurally invalid), the signature scope of the AS header field b=
   value MUST only include the latest ARC Set headers as if this newest ARC
   Set was the only set present.

v2.23.0 | Report a Bug | By Email