IETF Logo Mail Archive

Re: [dmarc-ietf] my forward signer draft, third party authorization, not, was non-mailing list

"Rolf E. Sonneveld" <R.E.Sonneveld@sonnection.nl> Mon, 31 August 2020 21:49 UTC

Return-Path: <R.E.Sonneveld@sonnection.nl>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A49053A1984 for <dmarc@ietfa.amsl.com>; Mon, 31 Aug 2020 14:49:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.045
X-Spam-Level:
X-Spam-Status: No, score=-3.045 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.948, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sonnection.nl
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uE0l_EJTKm2T for <dmarc@ietfa.amsl.com>; Mon, 31 Aug 2020 14:49:06 -0700 (PDT)
Received: from mx20.mailtransaction.com (mx20.mailtransaction.com [78.46.16.213]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6FC423A1982 for <dmarc@ietf.org>; Mon, 31 Aug 2020 14:49:06 -0700 (PDT)
Received: from mx24.mailtransaction.com (mx21.mailtransaction.com [78.46.16.236]) by mx20.mailtransaction.com (Postfix) with ESMTP id 4BgP3h0yP2z1tp50; Mon, 31 Aug 2020 23:49:04 +0200 (CEST)
DKIM-Filter: OpenDKIM Filter v2.10.3 mx20.mailtransaction.com 4BgP3h0yP2z1tp50
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sonnection.nl; s=2009; t=1598910544; bh=aaxqRO534+6LNLYDDiJg9DDakP0KKo7DTM6Nh/0WS9g=; h=Subject:To:From:Message-ID:Date:From; b=kVGbkZT8AOWkrD5cJzuztd4xYE251hOKFIDzQSBzy3CBgTOf8b6kPtH4vuVhHsHsI 2vYurp6jDuNd055WH9hgIfJrth+eV1HMkANifxgUn9bPgQGdtLn+v8ZlYR1pEmDcaG 2n0aEQalqeahsYDNHJTdPU4SjDlrEcVJN+TAgiSA=
Received: from tiger.sonnection.nl (D57E1706.static.ziggozakelijk.nl [213.126.23.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx24.mailtransaction.com (Postfix) with ESMTPS id 4BgP3g1s1zz1tp3b; Mon, 31 Aug 2020 23:49:03 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1]) by tiger.sonnection.nl (Postfix) with ESMTP id 05E0B4223A3; Mon, 31 Aug 2020 23:49:03 +0200 (CEST)
X-Virus-Scanned: amavisd-new at tiger.sonnection.nl
Received: from tiger.sonnection.nl ([127.0.0.1]) by localhost (tiger.sonnection.nl [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id sc_dwKvdwzMh; Mon, 31 Aug 2020 23:49:02 +0200 (CEST)
Received: from [192.168.40.49] (cat.sonnection.nl [192.168.40.49]) by tiger.sonnection.nl (Postfix) with ESMTPSA id CA7074223A2; Mon, 31 Aug 2020 23:49:02 +0200 (CEST)
To: John Levine <johnl@taugh.com>, dmarc@ietf.org
Cc: superuser@gmail.com
References: <20200831161540.2C9F41F510E8@ary.qy>
From: "Rolf E. Sonneveld" <R.E.Sonneveld@sonnection.nl>
Organization: Sonnection B.V.
Message-ID: <ae3e8a73-c10f-a3a9-f48a-e2454ea8ba5c@sonnection.nl>
Date: Mon, 31 Aug 2020 23:49:02 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <20200831161540.2C9F41F510E8@ary.qy>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/bqW87I3lZLaK4FDYvnheKqNiTWw>
Subject: Re: [dmarc-ietf] my forward signer draft, third party authorization, not, was non-mailing list
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Aug 2020 21:49:09 -0000

On 31/08/2020 18:15, John Levine wrote:
> In article <CAL0qLwYuSD8ncf+HXU2B0z1NtrM7cT33vdVh2sUXJ-=RmLFb4w@mail.gmail.com> you write:
>> The draft suggests use of "x=" as a way to limit exposure.  If you do that,
>> then an attacker would need to be able to generate mail through your signer
>> with an "!fs=" tag identifying a domain they control, and exploit the
>> replay before the time in the "x=" tag arrives.  Sure, it's time-limited,
>> but it only takes seconds for such an attack to succeed, and automation of
>> such an attack is easy.
> The threats I had in mind were more like attacker finds an old message
> in an archive with a fs domain that's been abandoned and the attacker
> can reregister.  An x= of a few days should prevent that while still
> letting normal list traffic work.
>
> As always, as I hope we all remember DMARC alignment doesn't mean not spam,
> and you still do all of the stuff you do to sort your mail.  This scheme
> depends on the forwarders you authorize being well-behaved.  That's why I
> am concerned that senders need to be selective about who they allow to
> forward.

Yep. I like the proposal, but for me the only question left is: (how) 
will this scale? I'm not (yet) convinced it will.

/rolf

v2.23.0 | Report a Bug | By Email