[dmarc-ietf] ARC questions
Michael Thomas <mike@mtcc.com> Sat, 21 November 2020 21:32 UTC
Return-Path: <mike@fresheez.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 89CE93A0E09 for <dmarc@ietfa.amsl.com>; Sat, 21 Nov 2020 13:32:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.345
X-Spam-Level:
X-Spam-Status: No, score=0.345 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DRUGS_ERECTILE=1.994, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mtcc-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8FCJj-LY8miW for <dmarc@ietfa.amsl.com>; Sat, 21 Nov 2020 13:32:58 -0800 (PST)
Received: from mail-pl1-x630.google.com (mail-pl1-x630.google.com [IPv6:2607:f8b0:4864:20::630]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 290D13A0E07 for <dmarc@ietf.org>; Sat, 21 Nov 2020 13:32:57 -0800 (PST)
Received: by mail-pl1-x630.google.com with SMTP id l11so6828763plt.1 for <dmarc@ietf.org>; Sat, 21 Nov 2020 13:32:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mtcc-com.20150623.gappssmtp.com; s=20150623; h=to:from:subject:message-id:date:user-agent:mime-version :content-transfer-encoding:content-language; bh=YgdLbrbWy1tAW2zyNu3U0QaOtE+htVH0a9GR81eRbQ4=; b=upsheV/GNDlawbzKhA+3vd9eNZ6baNHom7NPBcDZxS/wpipyDgKwkRltTonGfgnwbV c+CxMYYKGh/cfyaAe8FDJAdtsiSPkZQ6u1bIs6HimWsfcAgeSSyHZJjOqv8zuPiuOivK gTJqXoYo6gVDTYlbx/y4N7SSPoJkt2JErrJ7ppXstX6gqGwcIwSZ4VS07HzLADyVNwAx 9W0yriQ5PucssgcJzxsvErNJqDXXf9rGKi5+wgjgkC7Jz+utq5wBzMK7VG8Jf/R0/XX8 Hi8WgEZGegNC852pVh5LkZowU199Tx8RjEpDDaAy0bz5z4VDexupRUbYIlwr1YLbgMLh hQAQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:from:subject:message-id:date:user-agent :mime-version:content-transfer-encoding:content-language; bh=YgdLbrbWy1tAW2zyNu3U0QaOtE+htVH0a9GR81eRbQ4=; b=UMheBqXzkW+9HAdewRNEYQrORBoR/5XF3Lbzx7PtXD+aA2rvpwAOdhw6otHQBwNuq0 wIv8omUuXd4KMZ/pFuHWRXU846f3588uvUy2DnwcYmjER5HFz6fJIFJnGM/bAqAY4Kac nKMhHYkX9m9vwayjhQii/YB/cxG/2izPKd9J1gfVX5gq6cWweqCOaqF478kWZ7STz3TN uOi8jddEsDc3Jx5jL+MAYZzrixgwjMD9F8irpjrx0nA4bWoRPiImZr6amLyoH06m+flV hCZee6BuFCaJHpQ0gERnjcYQ5hx27/V6NvIjkxqaIGy18O6gqiJWOVJ4jjD8hEZF7UM3 L6uw==
X-Gm-Message-State: AOAM531gp9JyY89DegGGjYO5aCm0N5zYCqMkToVZS2lg8AgAcxxrwVD2 h5qFSLu39A8JFMla+1W6seumf6ytrIhWRg==
X-Google-Smtp-Source: ABdhPJzkS8C/2Hl3d80AIsMBNckAw7xFegSiYR962Ep1eKBzNfwedEzTPJ+ScDGUlK8jQQ2I4PnFUQ==
X-Received: by 2002:a17:902:b209:b029:d8:e7a4:bf10 with SMTP id t9-20020a170902b209b02900d8e7a4bf10mr18745185plr.77.1605994376888; Sat, 21 Nov 2020 13:32:56 -0800 (PST)
Received: from mike-mac.lan (107-182-37-5.volcanocom.com. [107.182.37.5]) by smtp.gmail.com with ESMTPSA id y81sm8080650pfc.25.2020.11.21.13.32.55 for <dmarc@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 21 Nov 2020 13:32:56 -0800 (PST)
To: dmarc@ietf.org
From: Michael Thomas <mike@mtcc.com>
Message-ID: <dcc265f9-a143-5093-eba0-94ee059c7cc7@mtcc.com>
Date: Sat, 21 Nov 2020 13:32:54 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Thunderbird/68.12.1
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/gMDVFoGDJfLMux3jD7ZBHR22gKk>
Subject: [dmarc-ietf] ARC questions
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Nov 2020 21:33:00 -0000
Hi all, long time. I finally read through the ARC spec after seeing it accidentally in mail headers wondering what it was, especially since it was so DKIM like. My barely informed take is that it allows intermediaries to say "this is what it looked like to me at this point [and before i messed it]". So far, so good. It seems that a receiver can then verify that the ARC signature especially if the "original" DKIM signature is broken. So far, so good again. If I'm a receiver who is going to be making some filtering decisions based on ARC, I see that it passed by some authenticator along the way which is fine, but my question is why I should trust that intermediary in general? I mean, this is easy if it's gmail since I know google has an interest in good email practices out of band, but what if the ARC signer is actually an attacker that I have no idea who they are? Which is to say, how do I go about trusting the ARC signer to not be doing something bad? I don't have a specific attack in mind (still too new to this), but say if spam.com ARC signs a message it adulters to its advantage how do I know that I should disregard its ARC results? Or maybe not so much disregard results per se, but not want to "accept" the changes to the original message? Ok, maybe here is an attack. Suppose this message is scrapped by a spammer since this is a public email list. It has a broken original DKIM signature but a valid ARC signature from ietf.org. The attacker takes the message, adds the Viagra scams in the body to the ARC signed message and reinjects the new message toward the targets of their choice (? mailing list members only? not sure). Or did I miss where ARC resigns the body? Or is there a tie in for ARC with the mailing list's resigned DKIM signature for the new message? Sorry so many questions, and probably misunderstanding what's going on. Mike
- [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions John Levine
- Re: [dmarc-ietf] ARC questions John Levine
- Re: [dmarc-ietf] ARC questions Kurt Andersen (b)
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions John R Levine
- Re: [dmarc-ietf] ARC questions Douglas E. Foster
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions John R Levine
- Re: [dmarc-ietf] ARC questions Douglas E. Foster
- Re: [dmarc-ietf] ARC questions Joseph Brennan
- Re: [dmarc-ietf] ARC questions Todd Herr
- Re: [dmarc-ietf] ARC questions Dave Crocker
- Re: [dmarc-ietf] ARC questions Doug Foster
- Re: [dmarc-ietf] ARC questions Dave Crocker
- Re: [dmarc-ietf] ARC questions Todd Herr
- Re: [dmarc-ietf] ARC questions Dave Crocker
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions John R Levine
- Re: [dmarc-ietf] ARC questions Brandon Long
- Re: [dmarc-ietf] ARC questions Dave Crocker
- Re: [dmarc-ietf] ARC questions Brandon Long
- Re: [dmarc-ietf] ARC questions Brandon Long
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions Brandon Long
- Re: [dmarc-ietf] ARC questions Dave Crocker
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions Brandon Long
- Re: [dmarc-ietf] ARC questions Brandon Long
- Re: [dmarc-ietf] ARC questions John R Levine
- Re: [dmarc-ietf] ARC questions Brandon Long
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions John R Levine
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions Dave Crocker
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions John Levine
- Re: [dmarc-ietf] ARC questions John Levine
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions Dave Crocker
- Re: [dmarc-ietf] ARC questions John R Levine
- Re: [dmarc-ietf] ARC questions Dave Crocker
- Re: [dmarc-ietf] ARC questions John R Levine
- Re: [dmarc-ietf] ARC questions Dave Crocker
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions Brandon Long
- Re: [dmarc-ietf] ARC questions Dave Crocker
- Re: [dmarc-ietf] ARC questions John Levine
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions Seth Blank
- Re: [dmarc-ietf] ARC questions Brandon Long
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions Brandon Long
- Re: [dmarc-ietf] ARC questions John R Levine
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions Douglas Foster
- Re: [dmarc-ietf] ARC questions Murray S. Kucherawy
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions Murray S. Kucherawy
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions Murray S. Kucherawy
- Re: [dmarc-ietf] ARC questions Alessandro Vesely
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions John Levine
- Re: [dmarc-ietf] ARC questions Brandon Long
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions John R Levine
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions John R Levine
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions John R Levine
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions John R Levine
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions Benny Pedersen
- Re: [dmarc-ietf] ARC questions Brandon Long
- Re: [dmarc-ietf] ARC questions Brandon Long
- Re: [dmarc-ietf] ARC questions Michael Thomas