IETF Logo Mail Archive

Re: [dmarc-ietf] ARC-Seal is meaningless security theatre

Brandon Long <blong@google.com> Thu, 10 August 2017 00:41 UTC

Return-Path: <blong@google.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E8A52131CB2 for <dmarc@ietfa.amsl.com>; Wed, 9 Aug 2017 17:41:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pm4RUVEKmalR for <dmarc@ietfa.amsl.com>; Wed, 9 Aug 2017 17:41:40 -0700 (PDT)
Received: from mail-oi0-x229.google.com (mail-oi0-x229.google.com [IPv6:2607:f8b0:4003:c06::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A79E4132139 for <dmarc@ietf.org>; Wed, 9 Aug 2017 17:41:32 -0700 (PDT)
Received: by mail-oi0-x229.google.com with SMTP id x3so76936648oia.1 for <dmarc@ietf.org>; Wed, 09 Aug 2017 17:41:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=zY6dOeP3lL/8mCwUAq9ZEU6EaMfRrz9eisb5jFNCkAw=; b=G3CJSNOCG9sLfnnGmry0JAs11TRpAqafvhh7jPGhl+Vh2PqGTzuc7w6pRvLydgHU7E Crumod4uxR3LDMKVuksWKAzDbhnzGNSha0voxk4EyTCWmput8UBYQX+lYIdsWfcCaaR4 yPViPP1RsIhjAEFflgRbnyLvivSzIkJ6PbEsUH0NlIJdfxUII1Rplohat4u9UHyhQ7bC 8MWNxjvFZa47Fj9vDOae8onvR8BzDWDOSrzQb2F/lvspb9OL8v1pgZwnszdBlgRoqc4D IKEKKFim6BzVWeUdtU69+/cwEPfudPdhwf+AyEAT2kXROYQeTDRQyK0zxIfXYMmA7hN4 z/dA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=zY6dOeP3lL/8mCwUAq9ZEU6EaMfRrz9eisb5jFNCkAw=; b=NUiP9mR6CylbOKPuf6hyl8VDOSbC241nz0Vc+Zz6wpnuY5SpDEm8auNROojMEYxc8N rzOw8TL915nb9Ai9ZzaYIdO3g1iLJJ/+O8PUZ3I+JT1CbWbWNswV98GGMpNdpOv3r/j5 RlKTKutPQS1JhDQw19M/7sDT1xkO1Er0m9IONy8jiCI2K/yFCBVtJHXEeilzRcEvLEXQ xxlXGa7e6ByhbtgJBKNP9u4lEKzPZblWGVX0CoOCoDQ6I0oL0AYgI7abwDQicPv0DQP/ w25f8KVqq2AaZXYsbKqI5J7piT2jadf5FnNPVKktX8a5bBId60Lr8YkicaXssL0u9Bu+ COcA==
X-Gm-Message-State: AHYfb5hHX08BqdEEc2QeFh0yUVkhMKUOD2yCTm4jY40TVLXDxXKOorCO Pk7K16I6bz29h9sSDWSs6ZueE3oMDLICm8o=
X-Received: by 10.202.184.8 with SMTP id i8mr11298846oif.266.1502325691539; Wed, 09 Aug 2017 17:41:31 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.74.154.51 with HTTP; Wed, 9 Aug 2017 17:41:29 -0700 (PDT)
Received: by 10.74.154.51 with HTTP; Wed, 9 Aug 2017 17:41:29 -0700 (PDT)
In-Reply-To: <1502317564.1935379.1068588344.040173AF@webmail.messagingengine.com>
References: <1502083287.2191248.1065195288.7CDC7FF3@webmail.messagingengine.com> <CABuGu1oTMbuLd4yTwecu5sKFnsmH+HiwT1FG=JpySYHzpMTx_w@mail.gmail.com> <1502200759.3946686.1066841264.607B4D0B@webmail.messagingengine.com> <2720431.u3G7bbkkxK@kitterma-e6430> <1502317564.1935379.1068588344.040173AF@webmail.messagingengine.com>
From: Brandon Long <blong@google.com>
Date: Wed, 09 Aug 2017 17:41:29 -0700
Message-ID: <CABa8R6vKW0thNAmrbyKz9J8yG3GyiYd11Ued2yug7SjMmp2aqQ@mail.gmail.com>
To: Bron Gondwana <brong@fastmailteam.com>
Cc: dmarc@ietf.org
Content-Type: multipart/alternative; boundary="001a113ce0ba2eef4905565b756a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/ig_U_ViGkzzZ0MT99l2bdC1FNBM>
Subject: Re: [dmarc-ietf] ARC-Seal is meaningless security theatre
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Aug 2017 00:41:43 -0000

We discussed this exact situation extensively during several M3AAWG
meetings, so I don't think we're missing something... but maybe.

With AS I can trust the chain and use the older hops AAR.  And whether to
use a given hops AAR is based on my trust level for that hop.

As long as the AMS passes, you can ignore hops you don't trust and keep
walking.

Once you reach a hop where the AMS doesn't verify, you can only walk back
to hops you trust, and untrusted hop ends your walk back.

So, you can copy and entire chain on to whatever message you want, but that
only works if I trust you.  If you do this a lot, we won't trust you any
more.

This doesn't mean that some messages can't abuse the trust relationship and
make it through, and we specifically say that standard spam/phishing/abuse
analysis should still be done.

With your proposed AAR signed by the AMS, I can only trust your AAR, and
whatever you choose to put in it, not anyone in front of you.

With XOAR, we have experience with that type of single hop working system,
and it's not complete enough, we see too many complicated routing policies
which go through many hops, and the last hop data isn't always enough.  We
work around it with from header rewrites and signing as the intermediary
domain, but then we need to make decisions on when to do so since dkim
means something different than ams does.

Also, you wouldn't expect to see arc signed messages from this list until
it starts doing them itself, unless people are posting to it though another
intermediary or you receive it through a separate intermediary.

Brandon

On Aug 9, 2017 6:26 PM, "Bron Gondwana" <brong@fastmailteam.com> wrote:

> On Wed, 9 Aug 2017, at 00:28, Scott Kitterman wrote:
>
> I think the "Once AMS doesn't validate anymore ..." argument is an
> suggestion that it's fragile, not that it's pointless.  I have concerns
> myself about the robustness of this design, but I think that's best
> addressed through deployment and experimentation.
>
>
> It's not fragility, the older AMS is supposed to not validate any more,
> because it's a signature over a bunch of headers and the body - any change
> in those will break it.  That's fine so long as the chain of custody exists.
>
> My problem is that ARC-Seal only actually shows the chain of custody back
> to the first bad actor.  That's also fine, because any bad actor means the
> whole message is tainted and should be discarded.
>
> The thing is - ARC-Seal and verifying every Seal only gives more integrity
> than checking the previous AMS and signing your own AAR unless this is true:
>
> * There exists a site which correctly checks ARC-Seal and adds new
> ARC-Seals, but does not generate an accurate AAR.
>
> I do feel like nobody understands what the hell I'm trying to say here
> based on the responses I've seen so far, so maybe I do actually need to
> find an existing ARC-Sealed email and forge a change to it.  Seth asked to
> have a phone chat about this, and I'm happy to have a phone chat with
> anybody if it will help explain my point.
>
> I'm not saying that the underlying concept of ARC are wrong - the idea of
> chain of custody is sound.
>
> The problem is that ARC-Seal makes claims it just doesn't deliver on -
> it's not adding value, and it is adding cost and fragility (the need to
> successfully do DNS fetches for every seal in the chain at every point,
> plus the cost of checking that crypto) - and yet any one site can still
> falsify all the earlier items in the chain.
>
> Sadly I only have a few message in my entire mailbox that have ARC-Seals
> on them.  They're from a Mozilla Thunderbird list of all things, and they
> have some Google ARC headers on them.  I'd prefer to impersonate someone
> from this list if I'm going to make a proof of concept to show what I mean,
> but nobody appears to be sending messages with ARC headers on them here!
>
> Bron.
>
> --
>   Bron Gondwana, CEO, FastMail Pty Ltd
>   brong@fastmailteam.com
>
>
>
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>
>

v2.23.0 | Report a Bug | By Email