IETF Logo Mail Archive

Re: [dmarc-ietf] Add MLS/MLM subscription/submissions controls to DMARCbis

Douglas Foster <dougfoster.emailstandards@gmail.com> Mon, 01 May 2023 10:51 UTC

Return-Path: <dougfoster.emailstandards@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 77B63C1519B0 for <dmarc@ietfa.amsl.com>; Mon, 1 May 2023 03:51:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YsNlMKDEGLKS for <dmarc@ietfa.amsl.com>; Mon, 1 May 2023 03:50:59 -0700 (PDT)
Received: from mail-lf1-x132.google.com (mail-lf1-x132.google.com [IPv6:2a00:1450:4864:20::132]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E338C151992 for <dmarc@ietf.org>; Mon, 1 May 2023 03:50:59 -0700 (PDT)
Received: by mail-lf1-x132.google.com with SMTP id 2adb3069b0e04-4efe9a98736so2786800e87.1 for <dmarc@ietf.org>; Mon, 01 May 2023 03:50:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1682938257; x=1685530257; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=C4IuNstRDvsr5ZzWyY+tEMwttwezdUB3Vbc10813ILw=; b=eOG2yJXHqE6TJ+R12Aj58CWI3wfPvNZURirAsst+Ro0/7nmhJeYcKVSgikj7Q8nQ4l KHOXaczztM3kivL3qgtsjMqYgobcm+sdUgVSUFzIehRnt1C0kqXO8Yqi3lS+h3eQ6ndp z15YiIlJV1PUCcSmFyoyMQx2fWRvPn7iMeiAKoLdcsWB/+z7cd0O7tRB+9ZMi7isM/xM gpyDvXU7XYhY/1CaV8gCK+JpYQkm/XKVzQkcXtX0UdTiBHT7JJR+zR1dRZY7EmhyYOec 4COuy8sh8YyQ24+2UkRtxnSXFHLl8LP5Ok+hBWPSxQD3kVV0HuVvjw4lmDdHGZREB7cM +tLQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1682938257; x=1685530257; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=C4IuNstRDvsr5ZzWyY+tEMwttwezdUB3Vbc10813ILw=; b=ki78ElKEoFU1kIZlH64+xWSI/o/0TR1wasE3L+G44S8euzKEkFVQGrUxOvw2/VPb4R 7X4Iev3rN9XAPkgbY5NMzv4EXDtrN2QgQLrZKGbVxNFesak/27k36BnaABv6j649+fAM bPUe4IxeU3KrS9+FB6KdI1I4gcIxHF7n9p+DtBUyEy7DCx0o+tMh/mf+mVfJrUo6Cg3j x1x2CUECfJFI1ngZwYS8sx4XYrTE08qLERLye4+Htuyxf1hmv2fphgh/b1q89unvowto +gB50z7fxBKtQm42IEpOzvcwEV8q1E9Eaw7QuYm5Lyw1N1d4y/i5Fm/yLWW7GzwZ6QYT fbqQ==
X-Gm-Message-State: AC+VfDxMbmVagQUqMO+KhNOqc2iJ5BWu30ATTkW8MHzSZlv18tl5uWSw 5w2LD4uNdKvGuXkAHdI2WqR2MgBH58V8Q1PF4oM=
X-Google-Smtp-Source: ACHHUZ7m1ynE+NfkuvQTBwubPhDMP+2dHgelR1Y2fTq84MTJJCUasUR1s/ANWDZL+uLJMzb97OJvoiyvzX0aPQ1YzsY=
X-Received: by 2002:ac2:48b3:0:b0:4e8:502e:b32b with SMTP id u19-20020ac248b3000000b004e8502eb32bmr3587151lfg.68.1682938257314; Mon, 01 May 2023 03:50:57 -0700 (PDT)
MIME-Version: 1.0
References: <CALaySJ+NBg9vzqa0_t-sBf7EKXQ3A=DTyy-Vc7M-ZK9-vfJxmw@mail.gmail.com> <29216533.CRhL9lMF2B@localhost> <3141092.K83ThNGNZP@zini-1880> <CAH48ZfzS+MCC4-Dk3mZhF_bwc9hzWowApgPG3am14bjB9ZDz3Q@mail.gmail.com> <630A8A65-E04D-4C48-AE80-516F610EB93A@isdg.net> <CAH48ZfzmQJBb3xNSvVn84wpwf5SK2F0RSNQnSNObtxKfdHaY1w@mail.gmail.com> <B4E79EF6-E5F5-4969-824A-329576ECF20C@isdg.net> <CAH48ZfxaW5qO01HO-ESj4Sgy9gHM2rx8h_zA2-vHdS0s=yCcBg@mail.gmail.com> <CAFcYR_VBXmqT++8bS94Q1v9MPoHLXYn-0yCWy5U4FMj4gY6=XQ@mail.gmail.com>
In-Reply-To: <CAFcYR_VBXmqT++8bS94Q1v9MPoHLXYn-0yCWy5U4FMj4gY6=XQ@mail.gmail.com>
From: Douglas Foster <dougfoster.emailstandards@gmail.com>
Date: Mon, 01 May 2023 06:50:45 -0400
Message-ID: <CAH48ZfwuBbf4Dbtg+h4bCTW6fKAmZRSrbJLQKOLDbeNJKhwnUQ@mail.gmail.com>
To: Emanuel Schorsch <emschorsch@google.com>
Cc: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000000199e105fa9f99f3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/apTpsvjb-yb5rD1m8c2HR9Lq_cM>
Subject: Re: [dmarc-ietf] Add MLS/MLM subscription/submissions controls to DMARCbis
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 May 2023 10:51:03 -0000

Yes, I think there is value in recommending a specific rewrite format, and
recommending that the unmodified From be stored in an ORIGINAL-FROM:
header.   This solves the user problem, but does not provide feedback to
the list.

About feedback options:

A feedback mechanism could be public or private.   A public mechanism would
presumably be in DNS, to indicate support for a particular technique.  As
applied to the methods mentioned:

- Evaluator whitelisting is specific to a message source, so it is only
suitable for private communication.

- Public notice of ATSP participation provides certainty.  Accepting the
protocol means accepting valid signatures from the third party on behalf of
the first party.   A public assertion of participation also seems to
present no particular increase in risk to the evaluator.

- ARC does not provide certainty, since the interpretation of any single
ARC set depends on the trust given to the ARC set creator, and the specific
content of the ARC set in a particular message.    Therefore, I don't see
that public disclosure of ARC participation can provide the list with the
information that it needs.   So ARC feedback needs to be private.

There has been some talk of providing a version of DMARC reports to senders
when they are different from the domain owners.   It would be a form of
private notification, if all of the objections are overcome and deployment
is sufficiently widespread.

Doug Foster


On Sun, Apr 30, 2023 at 10:25 PM Emanuel Schorsch <emschorsch@google.com>
wrote:

> I want to ask about the "hollow victory" aspect and what would turn it
> into a more meaningful victory. If fromHeader rewriting is the damage we
> want to avoid it seems there's two options:
> 1) Have the mailingList make a decision based on what they know about the
> evaluator. This would need some mechanism for evaluators to indicate what
> trust techniques they accept.
> 2) Have the mailingList rewrite the fromHeader but store the original
> fromHeader and propagate the necessary trust information so that downstream
> evaluators can undo the rewriting.
>
> Given that currently many mailingList do fromHeader rewriting it seems
> that #2 would allow gradual adoption and flexibility for experimentation
> over time to see what trust methods work and allow downstream evaluators to
> make personalized decisions depending on the recipients trust preferences.
>
> What are your thoughts? What would be needed for that to result in a
> non-hollow victory?
>
>
> On Sun, Apr 30, 2023, 9:54 PM Douglas Foster <
> dougfoster.emailstandards@gmail.com> wrote:
>
>> Everything depends on an evaluator who trusts the alternate
>> authentication protocol.   We have at least three trust techniques:
>> - local policy at evaluator
>> - ARC set trusted by evaluator
>> - ATPS trusted by evaluator.
>>
>> Until the list knows that the evaluator will accept the credentials, he
>> has to assume that rewrite is necessary to avoid message blocks,
>> unsubscribes, and possibly blacklisting
>>
>> No such feedback exists at present, so even though ARC has some
>> acceptance, it is a hollow victory.
>>
>> DF
>>
>>
>> On Sun, Apr 30, 2023, 8:05 PM Hector Santos <hsantos@isdg.net> wrote:
>>
>>>
>>>
>>> On Apr 29, 2023, at 4:42 PM, Douglas Foster <
>>> dougfoster.emailstandards@gmail.com> wrote:
>>>
>>> ...
>>>
>>> But I need to clarify whether I understand your point.   What I am
>>> hearing is:
>>>
>>>    - For the short term, mailing lists should refuse postings from
>>>    DMARC-enforcing domains.   That position can be relaxed only if all
>>>    participating domains have agreed to ignore DMARC Fail for messages from
>>>    the list  (Ale floated some ideas about that approach.)
>>>    - For the longer term, we need a non-DKIM method for delegating
>>>    rights to a third party.
>>>
>>>
>>> Ideally, the goal is to eliminate “From Rewrite” to return to the “good
>>> ol’ days.”  So the first time is to recognize having subscription and
>>> submissions controls is a natural consideration for the DKIM Policy
>>> "Protocol Complete” model. If the MLS supports the protocol, it would
>>> consider this method more so than a destruction method that tear down
>>> security.  This will also pass the buck back to the domain owner to deal
>>> with its user’s needs or not.
>>>
>>> You talk about "incomplete protocol" as if this is a commonly understood
>>> and accepted term.  I interpret it to mean a third-party authentication
>>> method other than DKIM.  DKIM does serve for third-party authentication
>>> where it has been embraced and deployed.   So the issue is that it has not
>>> been practical for many situations and we do need another option.
>>>
>>>
>>> Protocol complete is a client/server protocol negotiation concept.  It
>>> basically means the “State Machine”, the conversation between the client
>>> and server is well-defined. No Loop Holes!!!! Very key concept in protocol
>>> design.
>>>
>>> In terms of DKIM Signing Practices, you can read "Requirements for a
>>> DomainKeys Identified Mail (DKIM) Signing Practices Protocol https
>>> ://www.rfc-editor.org/rfc/rfc5016.txt
>>> <https://www.rfc-editor.org/rfc/rfc5016.txt> for its definition.
>>>
>>> DKIM Signing Complete: a practice where the dtomain holder assert
>>> that all legitimate mail will be sent with a valid first party
>>> signature.
>>>
>>> But I believe it is not Protocol Complete and to achieve this with DKIM
>>> Policy Modeling, you have to cover the other signing scenarios which
>>> includes 3rd party signing scenarios.
>>>
>>> ATPS is the best we got and it works. You don’t have to worry, You are
>>> using gmail.com. Relaxed policy. Minimal security. ietf.org Rewrite
>>> destroys my isdg.net domain security even though I have ietf.org
>>> authorized as an ATPS signer.
>>>
>>> It should honor policy and reject my submissions. Idea. Add the option
>>> to the subscription. If you don’t care, let it rewrite to join or use
>>> another unsecured address.
>>>
>>> Not hard.
>>>
>>> —
>>> HLS
>>>
>>>
>>> _______________________________________________
>> dmarc mailing list
>> dmarc@ietf.org
>> https://www.ietf.org/mailman/listinfo/dmarc
>>
>

v2.23.0 | Report a Bug | By Email