Re: [dmarc-ietf] Tickets 98 and 99 -- fake reports are not a problem and if they were authentication would not help

John Levine <johnl@taugh.com> Mon, 25 January 2021 18:23 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7DFF43A171A for <dmarc@ietfa.amsl.com>; Mon, 25 Jan 2021 10:23:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.049
X-Spam-Level:
X-Spam-Status: No, score=0.049 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=pIUJxWgF; dkim=pass (2048-bit key) header.d=taugh.com header.b=IRVo4HOV
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8bKyTYYk8n9f for <dmarc@ietfa.amsl.com>; Mon, 25 Jan 2021 10:23:53 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2AB2F3A1716 for <dmarc@ietf.org>; Mon, 25 Jan 2021 10:23:52 -0800 (PST)
Received: (qmail 73568 invoked from network); 25 Jan 2021 18:23:51 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=11f5e.600f0cb7.k2101; bh=kTq9m3N8kIYCFNF2cxyztc5k7BgUBoglvE4+dl+N578=; b=pIUJxWgFWw0gst31CUijb0x9OOAAwAdQSF0bDphSfpEvTGaR4tR8qYvj6gD3u7XL6Ikto7cUUnNF/P+Fu2oH8ZuH8vgNFY2vUyz/13SvciKQyRFSU3ZxRcwWU4WvJBSlHR2RLpwZ1RkxehfQ95V2WKOCRWgAfaHwnBfCzslZ41cCZqrqRVeRqfYP1XFzORRuWFLIZBBZdhTSv8wdQKEUgfpyKPcyKxwoqqs7vt17nw2BB7xRwxk4l2PkdAYqH2CKYMh9jKdPruxnSCfu5NjeFUyXks4fmcEt1obxJwG8W84t3tNPVWQ+1QzBiH+ySsU+g3IeOEO4NpYEQSY1UllfHw==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=11f5e.600f0cb7.k2101; bh=kTq9m3N8kIYCFNF2cxyztc5k7BgUBoglvE4+dl+N578=; b=IRVo4HOVFmjr/mQ8kg4aI30Z/hlINRSW0AFIfL8Dp3drJcGLrXIstqSgWtsWa2zPxz3zFMQ4bBYz82TTV6FbVGmD297UtMmdlZQkj5hthQxiROygnE815kryPoysccKjnVY65Y/2JmwSCBp5b6lVvfQBNRXzdLUj2h55dD0bggBEJ++Ho1j5JWJVojtivNpNm927KlXpErAKzTpt6WZfcu7mTz6yYgj0zzS5AJGnoQSCv79uzeANYHYNDQ1/4LoAcKHR7pXV5Mi7HkAuWpIG4yYYKgt7uHcxJ0O9yagO+Qmw8AFTvwaBBXR8Ng2QZ2LbtjKUBV1Vu9hKzz00FItuiQ==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 25 Jan 2021 18:23:51 -0000
Received: by ary.qy (Postfix, from userid 501) id DE0FE6C131FB; Mon, 25 Jan 2021 13:23:49 -0500 (EST)
Date: 25 Jan 2021 13:23:49 -0500
Message-Id: <20210125182350.DE0FE6C131FB@ary.qy>
From: "John Levine" <johnl@taugh.com>
To: dmarc@ietf.org
Cc: seth@valimail.com
In-Reply-To: <CAOZAAfP5n15=Ez6_SFmkyDOyF=mpD8npZJmJujKP1vw322fGLg@mail.gmail.com>
Organization: Taughannock Networks
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/bhPte_l9HQeg5tbdR7Vs0vgIDUw>
Subject: Re: [dmarc-ietf] Tickets 98 and 99 -- fake reports are not a problem and if they were authentication would not help
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jan 2021 18:23:54 -0000

>The list seems to be digging in because no one has raised a use case that
>shows a need to revisit the text. This was made worse by asserting that
>reports must be authenticated, when the text already makes that clear.

I think the use case is my proposed https reporting. If you think it
would be useful to allow domain authentication, it's easy enough to
say that the client SHOULD send a client certificate. Nobody will, but
every https server and client library I know supports client certs so
it's not hard to implement.

I continue to believe that authenticating the domain sending reports
is of no value, since there is no way to tell what if any connection
that domain has to the IPs in an aggregate report or the IPs or
domains in a failure report. If I wanted to send fake gmail failure
reports, I would register gmail-reports.com and send 100% perfectly
aligned fake reports from that domain.

R's,
John