IETF Logo Mail Archive

Re: [dmarc-ietf] Response to a claim in draft-crocker-dmarc-author-00 security considerations

Brandon Long <blong@google.com> Tue, 21 July 2020 20:43 UTC

Return-Path: <blong@google.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B2BA3A09E9 for <dmarc@ietfa.amsl.com>; Tue, 21 Jul 2020 13:43:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.599
X-Spam-Level:
X-Spam-Status: No, score=-17.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hff-BMJnQe6R for <dmarc@ietfa.amsl.com>; Tue, 21 Jul 2020 13:43:01 -0700 (PDT)
Received: from mail-vs1-xe30.google.com (mail-vs1-xe30.google.com [IPv6:2607:f8b0:4864:20::e30]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 35EB63A09E8 for <dmarc@ietf.org>; Tue, 21 Jul 2020 13:43:01 -0700 (PDT)
Received: by mail-vs1-xe30.google.com with SMTP id e15so11121986vsc.7 for <dmarc@ietf.org>; Tue, 21 Jul 2020 13:43:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=UVCJPhzddx0lRy4o+7J7hHqH8e5TZNGveW7yoqDDpYM=; b=dVK9y8TIybf35Xz4mt+nC6PK7LS06dg07Ch3Kj6WrGMSMAV1Vk7rYFQ0KqkGc1Kwp2 xzlbZN9+4ajdJJX3Rb4bZIdlApM5E+aSB6YoAxQbC7Qp7DtU935nF3vKI36OJ9jF9Kx8 Whcirg22NdGWcmcFSf+yRcwMo4JRjez0KS9pmAwGuJjWC4AJKJIfntnS5vF1AaCKokuB qzQkv0a4TS6sMJQHXp8Ju59PhAYz7NOsfVnTLbi1n8voDkwP1eeR6fn/ImZ+erZodZkv I0u1ORyIacC02S0soSvatdelRhULLHuhsweMmXA+zOYqc6loJkZtLJUoGTKF6k2StbRc QaNA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=UVCJPhzddx0lRy4o+7J7hHqH8e5TZNGveW7yoqDDpYM=; b=Mw5ppMSiOwxo7UyZKwMTotu6wyKyDZ5gvLmFKM5fnAob0OZgrlRjXBhtN21hfF+l8/ RXvfce/6mN9eZW88h37C6Oeqq1Qd1eaJSg1zNpN3E+12rnbpfNEjsphcmOIuwyHoEt9P 9wOoiFi9OVJGu39MMNaV02AqFRBeqA2/hsV2jcPF9STpgTL+rHKhVUsPmBZUH0yofvL4 rvIW4OscuzBp6yC93ycIRTv/k9lMaAVk5HBwOqD1QfNJOeBJ0VQx3NvlG+PIJYTznlFn bWcM6IXkDelinJH8qA/AxbruKvP/FU+mBdXQQtwZNEGyyfAIj6N6SIb3USIv1BPfgooA pVxw==
X-Gm-Message-State: AOAM53373NmLmFyq2LwLqAzyKeOCR1Zgb+f19sNXanokHdq9VL5Be31W 3227IYEtzYS5OhprepGNA/5GQ05tVBoGUp+LdL16
X-Google-Smtp-Source: ABdhPJx6d6HmY6iIF22z+voxFMtaOafcYQiDSLWcZYBoFEA1ZOVqDWC065sNa9IPBvFTna9Ftp3G4Fe7YXU7+GYGT8s=
X-Received: by 2002:a67:643:: with SMTP id 64mr22206885vsg.32.1595364179893; Tue, 21 Jul 2020 13:42:59 -0700 (PDT)
MIME-Version: 1.0
References: <bf5b68c74a3c487ca8a07a0a27061e47@com> <87zh7ur069.fsf@orion.amorsen.dk> <3829fac4748a48d0b752403450843bd5@bayviewphysicians.com> <c9353a06-ab31-c397-449e-7d36afbf655d@wisc.edu> <c2ad22cd-8b35-733f-bc4c-839e2c4b3e98@dcrocker.net> <CAJ4XoYf23gu4m7Zru2iq9SV-hYNCx6KFg4J7oTDpLpTcXFk7Rg@mail.gmail.com> <f2cd4931-9f61-2031-00bc-af9c460c15a3@bbiw.net> <CAJ4XoYf=XhaHKZpUjwoBJnLMwq_0LajTBWjJ01qjCaP7365E=w@mail.gmail.com> <2f231818-5c25-eca3-9db6-3af0fba7d5c8@gmail.com>
In-Reply-To: <2f231818-5c25-eca3-9db6-3af0fba7d5c8@gmail.com>
From: Brandon Long <blong@google.com>
Date: Tue, 21 Jul 2020 13:42:47 -0700
Message-ID: <CABa8R6t7Wsm88_qZ3k9w80xinNFoEtj3voY3y0ow=9+3csZofQ@mail.gmail.com>
To: Dave Crocker <dcrocker@gmail.com>
Cc: Dotzero <dotzero@gmail.com>, IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000003b561a05aaf9abd2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/a1ZeSyR4GIWhyz9h6HmnjYPoFyc>
Subject: Re: [dmarc-ietf] Response to a claim in draft-crocker-dmarc-author-00 security considerations
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jul 2020 20:43:03 -0000

On Tue, Jul 21, 2020 at 12:45 PM Dave Crocker <dcrocker@gmail.com> wrote:

> On 7/21/2020 12:32 PM, Dotzero wrote:
>
>
>
> On Tue, Jul 21, 2020 at 2:06 PM Dave Crocker <dcrocker@bbiw.net> wrote:
>
>> On 7/21/2020 10:58 AM, Dotzero wrote:
>> For this case, DMARC externalizes that internal personnel problem.
>>
>> But it does not fit the definition of "spoofing".
>>
>> Please note that I did noy use either the word "spoof" or "spoofing".
> You wrote "MLM is authorized by the user". Someone without authority cannot
> authorize. In this case the user externalized the problem, not DMARC.
>
> That's simple incorrect.
>
> I give you my credit card, telling you to use it only for gasoline
> purchases while running errands for me.  You take the car on a
> cross-country joyride, running the cc charges for gasoline up.  The
> stations that  charged the gas to the card did nothing wrong.  The problem
> is internal, between you and me.
>
> The MLM's did not do any spoofing.  They acted appropriately, as they have
> for 45 years.
>
> If the domain owner has a problem with the user's behavior, that's
> internal, between the domain owner and the user.
>
> Using language that casts the MLM as doing something wrong is a
> fundamental misrepresentation of the situation.
>

Yahoo Groups, at least at the time I worked on it, allowed moderators to
edit the message before approval.  The full scope of that
certainly allowed the moderators to effectively spoof the poster.

That said, sure, we're not talking about spoofing.  We're talking about
message changes that prevent strict signature verification.
There is nothing in what MLM does that prevent much stronger changes than
would be considered expected by the MLM.

Stricter validation is not an uncommon addition to protocols over the last
45 years.

I'd be curious when MLMs modifying the mail going through them became a
thing, I guess I assume it wasn't 45 years ago, but I know it's irrelevant.

Brandon

v2.23.0 | Report a Bug | By Email