IETF Logo Mail Archive

Re: [dmarc-ietf] Proposal to adopt ARC documents into the WG (toward phase 2 milestone)

Barry Leiba <barryleiba@computer.org> Wed, 11 May 2016 16:00 UTC

Return-Path: <barryleiba.mailing.lists@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D14C512B068 for <dmarc@ietfa.amsl.com>; Wed, 11 May 2016 09:00:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.4
X-Spam-Level:
X-Spam-Status: No, score=-2.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2xatfh_1lN7g for <dmarc@ietfa.amsl.com>; Wed, 11 May 2016 09:00:33 -0700 (PDT)
Received: from mail-io0-x230.google.com (mail-io0-x230.google.com [IPv6:2607:f8b0:4001:c06::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2019512D700 for <dmarc@ietf.org>; Wed, 11 May 2016 09:00:26 -0700 (PDT)
Received: by mail-io0-x230.google.com with SMTP id f89so59917738ioi.0 for <dmarc@ietf.org>; Wed, 11 May 2016 09:00:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc; bh=me8fBkhwUdTP/m/jOgoGgo2KgLb+q7TXbT3TYtnOnak=; b=cIjYqktu5DzYMJbYsza4oQUSXmLdyw09ATYvGbi9WTSp/0Ckr0pbvz9fx5fAwLh+AR QUalOZCgTwSWgqCHtaT1gCTEUqp1CDLbBPvR3RCV4/XOpNimrR3y36G2a8ERF05BV3Ju 45mRevcTjHx5G+YlIkieikBQoxBh0w065PaW1THGDzBf8Emh+w3J8DfX1w/FVwDrBusy 6S3ldZ87NlAnoNxdrBrNdTzRes0XPOgNpJwZVtqylEcWWdgv5OrrUfFtLaxHNa11HnVJ oLjDGI7262bfgzShNdCvDL9stpTVI8vhaMZUXdQlFPnVRntCNLfPGI7cBXJc52FAE956 uY8w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to:cc; bh=me8fBkhwUdTP/m/jOgoGgo2KgLb+q7TXbT3TYtnOnak=; b=VrBWsVKTJ9Vpltfni3ykx3Vcf3li6km2KIKdk3aZX9Iv1UObj50diDH15C+KhowkaF tYk9tSJ1XGNJqScC7Gzs+1Y9ftVKgmMK2T6KDriebWSq7m5N9C0sqpVK7yaGxHN29XuA oIpaagL4nLEYZalx7HTNwuI8Qlap3BiZpurOX5pMRJM6qKG0oDGBzfGX0a4V7sxgae6X 0kmPh0+TrJ/Exv9yj96k79X30NsuK9O4GDj6QKMJSsYdujbQpGvaZipzAvEYmO0NvhEL KFIETihxKVRwCfcioPADpVqiLjAQGIHBTDYK+uA7lMUHukaxucuyFe7Fj/vV7fTR3pQX 7DLA==
X-Gm-Message-State: AOPr4FXaWQMjTaQJclwE1xjxxxH7dubI3FScVJFWUxmpdJYWv3zdIhovVk7ap7n7pCm0Oudfe8RvcTkmt1p41w==
MIME-Version: 1.0
X-Received: by 10.107.13.11 with SMTP id 11mr4530359ion.129.1462982425444; Wed, 11 May 2016 09:00:25 -0700 (PDT)
Sender: barryleiba.mailing.lists@gmail.com
Received: by 10.107.144.11 with HTTP; Wed, 11 May 2016 09:00:25 -0700 (PDT)
In-Reply-To: <CABuGu1rb-deW+=bZOQGJXs8iE5UpGmt9O0L=KpjF4afCkR8S2g@mail.gmail.com>
References: <20160511002303.14397.qmail@ary.lan> <57327D81.6050306@gmail.com> <alpine.OSX.2.11.1605102044150.73948@ary.lan> <CABa8R6v=rEGRSdz92fOaiedCEXCVpUin30_GtD+rVbTY2kwGgQ@mail.gmail.com> <57331D94.2010004@tana.it> <CAL0qLwaTdihUGt6936bQM9jiq4=gca+VjEnQW4SGH3ooAyxmzw@mail.gmail.com> <CABuGu1rb-deW+=bZOQGJXs8iE5UpGmt9O0L=KpjF4afCkR8S2g@mail.gmail.com>
Date: Wed, 11 May 2016 12:00:25 -0400
X-Google-Sender-Auth: VPDI8bx56Z9OlWiDATHIsjECZN8
Message-ID: <CAC4RtVB808Xg6hCGq=MePXRY-2WD1t1J9zRNpabPNtvn05pN-g@mail.gmail.com>
From: Barry Leiba <barryleiba@computer.org>
To: "Kurt Andersen (b)" <kboth@drkurt.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dmarc/ex67d_k-9KvIB8dSYdn7Ogs1TvY>
Cc: "dmarc@ietf.org" <dmarc@ietf.org>
Subject: Re: [dmarc-ietf] Proposal to adopt ARC documents into the WG (toward phase 2 milestone)
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 May 2016 16:00:40 -0000

I'm pulling the arc-discuss list back off the distribution for this
message (and it's probably a good idea to alert people when you add a
new mailing list to an ongoing discussion).

Kurt's original message asked whether the DMARC working group...

1. ...wants to work on the ARC spec, using
https://datatracker.ietf.org/doc/draft-andersen-arc/ as a starting
point, and

2. ...also wants to work on ARC usage recommendations, using
https://datatracker.ietf.org/doc/draft-jones-arc-usage/ as a starting
point.

It certainly seems that the working group is interested in discussing
ARC, as I can judge from the discussion in the short time since Kurt's
proposal.  So let's go back and get a proper answer:

Does anyone object to having the DMARC working group take on this work?
Does anyone object to using the two documents above as starting points
for that work?
Does anyone have an alternative proposal?

Please respond to this list, <dmarc@ietf.org>, by 20 May.

Barry, for the DMARC chairs


On Wed, May 11, 2016 at 11:29 AM, Kurt Andersen (b) <kboth@drkurt.com> wrote:
> On Wed, May 11, 2016 at 7:00 AM, Murray S. Kucherawy <superuser@gmail.com>
> wrote:
>>
>> On Wed, May 11, 2016 at 4:55 AM, Alessandro Vesely <vesely@tana.it> wrote:
>>>
>>> It would be silly to deny that ARC is about indirect mail flows.  The
>>> reason it
>>> is perceived to be in the wrong camp is that DMARC focuses on originators
>>> of
>>> email, while ARC requires no changes for them.  A possible tweak is to
>>> introduce an ARC-0, zero for originator, an optional ARC set with i=0:
>>
>>
>> Perhaps I'm misunderstanding, but doesn't an i=0 ARC set represent a
>> verification by the originator of its own mail?
>
>
> The concept of an AS[0] set of headers was debated and deemed, as suggested
> by Murray, to just be a repetition of the DKIM signature assertion. As such,
> it doesn't really add any utility. There have been suggestions on the
> arc-discuss list that, perhaps, AS[0] could be used as an assertion "on
> behalf of" some other domain that the message submitter was known to the
> sending ADMD (as mentioned below under "authenticated identity"). The
> biggest problem with that, is whether anyone should trust such purported
> authentication claims. I doubt that anyone with minimal exposure to security
> issues would find that appealing.
>
>>>
>>> ARC-0 is substantially equivalent to a weak signature.  The ARC-Seal
>>> field
>>> proves that the originator was involved.  ARC-Message-Signature is
>>> expected to
>>> be broken by forwarders.  ARC-Authentication-Results may contain just an
>>> auth
>>> stanza, with a possibly redacted authenticated identity.
>>
>>
>> Doesn't the i=1 ARC set also prove the originator was involved?
>
>
> Yes, AS[1] testifies to the Authenticated-Results of receiving the message
> from the originator.
>
> --Kurt
>
>
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>

v2.23.0 | Report a Bug | By Email