IETF Logo Mail Archive

Re: [dmarc-ietf] ARC-Seal is meaningless security theatre

Brandon Long <blong@fiction.net> Thu, 10 August 2017 00:42 UTC

Return-Path: <blong@fiction.net>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCEFC1324E2 for <dmarc@ietfa.amsl.com>; Wed, 9 Aug 2017 17:42:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.199
X-Spam-Level:
X-Spam-Status: No, score=-2.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fiction.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f_GgXqOlX2Pd for <dmarc@ietfa.amsl.com>; Wed, 9 Aug 2017 17:42:10 -0700 (PDT)
Received: from mail-oi0-x236.google.com (mail-oi0-x236.google.com [IPv6:2607:f8b0:4003:c06::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AAF17131CB2 for <dmarc@ietf.org>; Wed, 9 Aug 2017 17:42:10 -0700 (PDT)
Received: by mail-oi0-x236.google.com with SMTP id e124so77091227oig.2 for <dmarc@ietf.org>; Wed, 09 Aug 2017 17:42:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fiction.net; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=13KqUpzwyg35xHZ+nJsoFYAC63bZFUInamhUNUzAFwA=; b=IOhlC4EEt5gM2dubbRJQX3jMiHTx+Qde3aIGH/iWJHp1+xv6YktFSHCh6kxy5LRrjG CXksDZXZ7NQf46WYWz0qiVavJqxvMNANfiNKPLxwCN/k6RZJFoLDnIvHNZd7yc8GzBxG hn63YICnnI4khXvMnkbYUUXbCAPj4ST5mowsWb8N+JMuqOC9U0Guq1jbp45j2uX4J5bH oMAgCWPoRZqH0Z8rWXz2oVLfLgC7IC3VrjEG7I2Fzqulycll6SrMZJgj2yJwDV40BP8K qhHxK2vD2awR4X1EZgyl4lZU5C6vMdR6TTnyGMAmb51eUwnuq6lhdNjpm9C5oA5+UpGI AwIA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=13KqUpzwyg35xHZ+nJsoFYAC63bZFUInamhUNUzAFwA=; b=ba6l5W5Bdrp65yHxt3fufnQzwasGhg06GCvFIkuvSU2t9EFpWXBhorwK1ehMbhcocB /vljXb9ZEa21qp0ev0t8heRS5Zz2NwcfAyPTdgCGXjEPuY2NQoKt86ALoL91GRiN9XKs wLf4NQXtIdSju/lyuR37caKXnx89mX1MkMaM73zSLHJ596wx6WMAiJ4hFm7BTv+W0WqA n3OYchHS3snQ5pVOAy8G2kK03rSrNCSDG6hCnfDn0oABF7dsKyMOjDC4i79/ypZIRZSK VSw+P8I1QBdtZiful+t1/qrnpb8p5Oi4DPnaj1ixQGEhfOuBB0Ikv+0DRfxAMKe+I6wj b1zw==
X-Gm-Message-State: AHYfb5h1cmpgc2BvH049NTqyFW3bIUr/Iy2MS3bCGvWNqg86gcAiSjm8 88pyHZhlYNbR0SQwnz0=
X-Received: by 10.202.213.216 with SMTP id m207mr12790429oig.17.1502325729998; Wed, 09 Aug 2017 17:42:09 -0700 (PDT)
Received: from mail-oi0-f51.google.com (mail-oi0-f51.google.com. [209.85.218.51]) by smtp.gmail.com with ESMTPSA id l191sm5002346oih.26.2017.08.09.17.42.09 for <dmarc@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 09 Aug 2017 17:42:09 -0700 (PDT)
Received: by mail-oi0-f51.google.com with SMTP id x3so76944946oia.1 for <dmarc@ietf.org>; Wed, 09 Aug 2017 17:42:09 -0700 (PDT)
X-Received: by 10.202.104.6 with SMTP id d6mr10262103oic.95.1502325728623; Wed, 09 Aug 2017 17:42:08 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.74.154.51 with HTTP; Wed, 9 Aug 2017 17:42:07 -0700 (PDT)
Received: by 10.74.154.51 with HTTP; Wed, 9 Aug 2017 17:42:07 -0700 (PDT)
In-Reply-To: <CABa8R6vKW0thNAmrbyKz9J8yG3GyiYd11Ued2yug7SjMmp2aqQ@mail.gmail.com>
References: <1502083287.2191248.1065195288.7CDC7FF3@webmail.messagingengine.com> <CABuGu1oTMbuLd4yTwecu5sKFnsmH+HiwT1FG=JpySYHzpMTx_w@mail.gmail.com> <1502200759.3946686.1066841264.607B4D0B@webmail.messagingengine.com> <2720431.u3G7bbkkxK@kitterma-e6430> <1502317564.1935379.1068588344.040173AF@webmail.messagingengine.com> <CABa8R6vKW0thNAmrbyKz9J8yG3GyiYd11Ued2yug7SjMmp2aqQ@mail.gmail.com>
From: Brandon Long <blong@fiction.net>
Date: Wed, 09 Aug 2017 17:42:07 -0700
X-Gmail-Original-Message-ID: <CABa8R6umw_EgDEEZtpXs5Wi4HYiVmZ3yyzUxqpXZSix6R5Xg9g@mail.gmail.com>
Message-ID: <CABa8R6umw_EgDEEZtpXs5Wi4HYiVmZ3yyzUxqpXZSix6R5Xg9g@mail.gmail.com>
To: Bron Gondwana <brong@fastmailteam.com>
Cc: dmarc@ietf.org
Content-Type: multipart/alternative; boundary="001a1140f9c264fb4e05565b77d4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/e4tTgafBd2o0G8baKyVf49b1Ink>
Subject: Re: [dmarc-ietf] ARC-Seal is meaningless security theatre
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Aug 2017 00:42:15 -0000

Sorry, posted from the wrong address, trying again.

On Aug 9, 2017 8:41 PM, "Brandon Long" <blong@google.com> wrote:

> We discussed this exact situation extensively during several M3AAWG
> meetings, so I don't think we're missing something... but maybe.
>
> With AS I can trust the chain and use the older hops AAR.  And whether to
> use a given hops AAR is based on my trust level for that hop.
>
> As long as the AMS passes, you can ignore hops you don't trust and keep
> walking.
>
> Once you reach a hop where the AMS doesn't verify, you can only walk back
> to hops you trust, and untrusted hop ends your walk back.
>
> So, you can copy and entire chain on to whatever message you want, but
> that only works if I trust you.  If you do this a lot, we won't trust you
> any more.
>
> This doesn't mean that some messages can't abuse the trust relationship
> and make it through, and we specifically say that standard
> spam/phishing/abuse analysis should still be done.
>
> With your proposed AAR signed by the AMS, I can only trust your AAR, and
> whatever you choose to put in it, not anyone in front of you.
>
> With XOAR, we have experience with that type of single hop working system,
> and it's not complete enough, we see too many complicated routing policies
> which go through many hops, and the last hop data isn't always enough.  We
> work around it with from header rewrites and signing as the intermediary
> domain, but then we need to make decisions on when to do so since dkim
> means something different than ams does.
>
> Also, you wouldn't expect to see arc signed messages from this list until
> it starts doing them itself, unless people are posting to it though another
> intermediary or you receive it through a separate intermediary.
>
> Brandon
>
> On Aug 9, 2017 6:26 PM, "Bron Gondwana" <brong@fastmailteam.com> wrote:
>
>> On Wed, 9 Aug 2017, at 00:28, Scott Kitterman wrote:
>>
>> I think the "Once AMS doesn't validate anymore ..." argument is an
>> suggestion that it's fragile, not that it's pointless.  I have concerns
>> myself about the robustness of this design, but I think that's best
>> addressed through deployment and experimentation.
>>
>>
>> It's not fragility, the older AMS is supposed to not validate any more,
>> because it's a signature over a bunch of headers and the body - any change
>> in those will break it.  That's fine so long as the chain of custody exists.
>>
>> My problem is that ARC-Seal only actually shows the chain of custody back
>> to the first bad actor.  That's also fine, because any bad actor means the
>> whole message is tainted and should be discarded.
>>
>> The thing is - ARC-Seal and verifying every Seal only gives more
>> integrity than checking the previous AMS and signing your own AAR unless
>> this is true:
>>
>> * There exists a site which correctly checks ARC-Seal and adds new
>> ARC-Seals, but does not generate an accurate AAR.
>>
>> I do feel like nobody understands what the hell I'm trying to say here
>> based on the responses I've seen so far, so maybe I do actually need to
>> find an existing ARC-Sealed email and forge a change to it.  Seth asked to
>> have a phone chat about this, and I'm happy to have a phone chat with
>> anybody if it will help explain my point.
>>
>> I'm not saying that the underlying concept of ARC are wrong - the idea of
>> chain of custody is sound.
>>
>> The problem is that ARC-Seal makes claims it just doesn't deliver on -
>> it's not adding value, and it is adding cost and fragility (the need to
>> successfully do DNS fetches for every seal in the chain at every point,
>> plus the cost of checking that crypto) - and yet any one site can still
>> falsify all the earlier items in the chain.
>>
>> Sadly I only have a few message in my entire mailbox that have ARC-Seals
>> on them.  They're from a Mozilla Thunderbird list of all things, and they
>> have some Google ARC headers on them.  I'd prefer to impersonate someone
>> from this list if I'm going to make a proof of concept to show what I mean,
>> but nobody appears to be sending messages with ARC headers on them here!
>>
>> Bron.
>>
>> --
>>   Bron Gondwana, CEO, FastMail Pty Ltd
>>   brong@fastmailteam.com
>>
>>
>>
>> _______________________________________________
>> dmarc mailing list
>> dmarc@ietf.org
>> https://www.ietf.org/mailman/listinfo/dmarc
>>
>>

v2.23.0 | Report a Bug | By Email