IETF Logo Mail Archive

Re: [dmarc-ietf] third party authorization, not, was non-mailing list

"Douglas E. Foster" <fosterd@bayviewphysicians.com> Fri, 21 August 2020 11:04 UTC

Return-Path: <btv1==502f1171de7==fosterd@bayviewphysicians.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 307CD3A0807 for <dmarc@ietfa.amsl.com>; Fri, 21 Aug 2020 04:04:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bayviewphysicians.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EbqhGkyuUzRn for <dmarc@ietfa.amsl.com>; Fri, 21 Aug 2020 04:04:31 -0700 (PDT)
Received: from mail.bayviewphysicians.com (mail.bayviewphysicians.com [216.54.111.133]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 119A23A07F6 for <dmarc@ietf.org>; Fri, 21 Aug 2020 04:04:30 -0700 (PDT)
X-ASG-Debug-ID: 1598007867-11fa31095e69520001-K2EkT1
Received: from webmail.bayviewphysicians.com (webmail.bayviewphysicians.com [192.168.1.49]) by mail.bayviewphysicians.com with ESMTP id vrKe1x1Dix2AMuae (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NO) for <dmarc@ietf.org>; Fri, 21 Aug 2020 07:04:27 -0400 (EDT)
X-Barracuda-Envelope-From: fosterd@bayviewphysicians.com
X-Barracuda-RBL-Trusted-Forwarder: 192.168.1.49
X-SmarterMail-Authenticated-As: fosterd@bayviewphysicians.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bayviewphysicians.com; s=s1025; h=message-id:reply-to:subject:to:from; bh=PX3oP/UUGRLPLy8KuwGQrj2sIyMwBhqmu3GAu/F8mHk=; b=bSdVklJg1seuqtEO5ynbi1aeUClugNv6JdH4VCvQxhyWPh1VObZmmayNhtQgI9s2E W5CIY3WFnmkopUsQOmoP6qcUw365jMFLCISy241Wql9ij3ZoVBCSniXl2ktGqh7jk dzYwGrAhNd6O8JKNxJpagAlOioKOfwKwlfxcf/v+U=
From: "Douglas E. Foster" <fosterd@bayviewphysicians.com>
To: dmarc@ietf.org
Date: Fri, 21 Aug 2020 11:04:20 +0000
X-ASG-Orig-Subj: Re: [dmarc-ietf] third party authorization, not, was non-mailing list
Reply-To: fosterd@bayviewphysicians.com
Message-ID: <3332208e1040436798ee5ef0729275e3@bayviewphysicians.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="4d24e574419e4d138463e45147b1d752"
In-Reply-To: <c2b6a91b-552d-3716-6126-3ffb2029a6d4@tana.it>
References: <20200810172411.A13681E7CD8B@ary.local> <7e9326fc-ae27-d4bd-9f2b-9896da8320f1@dcrocker.net> <CAL0qLwacyBbJscEM_a4-nvugO0HBaSAdPqUPkfYYOOb++cOjQQ@mail.gmail.com> <5F396A77.3000109@isdg.net> <CAL0qLwYaqsU-U8yTcr5_cw0LmEomz8JbqUXuWNJ-bnkN6ceXyA@mail.gmail.com> <21110e7f-ea60-66d6-c2fb-65b716a049a9@tana.it> <CABuGu1qdZdXBSsAwCvk4244szskz6Pf9x83kRUGd8jHDafEMGQ@mail.gmail.com> <CAL0qLwYY8ZWq4k3wobOgSJSVnabsefPRiCtcVPrb_iF1JEUZag@mail.gmail.com> <5d4e48f86ca7479ab4889ddff57a2870@bayviewphysicians.com> <6c7c2ad9-8a7e-e44c-6b2f-559129f70a9d@tana.it> <CAL0qLwb-SG-dsNkiiGtYkUz_AwsZSd6f5cKFX07Kzme5iXoZJA@mail.gmail.com> <F37D57E3-C55B-41EB-B4BE-328E40F73E81@eudaemon.net> <CABa8R6sUoyaa8sMJVOCnUUuH=g--2PSNQ-eLhVuW5NorzcQvqA@mail.gmail.com> <1988db12-7a72-6176-01aa-45848ad5683c@wisc.edu> <CAJ4XoYfChW2hqTwGExgLbnLBwHjSp0DEfMo_j4ZzkcHY9d-KcA@mail.gmail.com> <c2b6a91b-552d-3716-6126-3ffb2029a6d4@tana.it>
X-Exim-Id: 3332208e1040436798ee5ef0729275e3
X-Barracuda-Connect: webmail.bayviewphysicians.com[192.168.1.49]
X-Barracuda-Start-Time: 1598007867
X-Barracuda-Encrypted: ECDHE-RSA-AES256-SHA384
X-Barracuda-URL: https://mail.bayviewphysicians.com:443/cgi-mod/mark.cgi
X-Virus-Scanned: by bsmtpd at bayviewphysicians.com
X-Barracuda-Scan-Msg-Size: 11738
X-Barracuda-BRTS-Status: 1
X-Barracuda-Spam-Score: 0.00
X-Barracuda-Spam-Status: No, SCORE=0.00 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=9.0 tests=HTML_MESSAGE
X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.84055 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- 0.00 HTML_MESSAGE BODY: HTML included in message
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/iwTRnkjp9fokypN5ZbGv8zDF9YU>
Subject: Re: [dmarc-ietf] third party authorization, not, was non-mailing list
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Aug 2020 11:04:33 -0000

Instead of immediately deciding which ideas can and cannot work, I suggest that we create an extension mechanism for DMARC and then let the market decide.  Perhaps someone will find traction for an idea that is useful to a subset of users even if it is not useful for every sender-receiver pair.

The extension mechanism could be as simple as an "add-ons=Y" clause in the DMARC record.

If a receiver has implemented ANY add-on method, this flag tells him to check all of the options that he supports.   Most likely this will require one or more additional DNS lookups to determine which add-on technique is supported by the sender.    The result of those lookups will determine if the sender and the receiver support any of the same techniques.   When there is a match on supported techniques, the logic for that technique is invoked.    But when the flag is absent, no resources are wasted on checking add-on methods that can only apply to a subset of all messages.

This approach separates the DMARC spec, which focuses on two specific authentication strategies, from add-on methods that invoke alternate authentication strategies, so that the DMARC specification can move forward.

It leaves room for all of the ideas mentioned so far, and for those that have not yet been suggested.   It also leaves room for a good-but-neglected idea to gain traction based on future events.

The details of those other implementations can be determined by private agreement or by RFC.

DF

----------------------------------------
From: Alessandro Vesely <vesely@tana.it>
Sent: 8/21/20 4:58 AM
To: dmarc@ietf.org
Subject: Re: [dmarc-ietf] third party authorization, not, was non-mailing list
On Fri 21/Aug/2020 01:55:52 +0200 Dotzero wrote:
> On Thursday, August 20, 2020, Jesse Thompson <jesse.thompson@wisc.edu> wrote:
>> On 8/20/20 4:00 PM, blong@google.com wrote:
>>> Neither atps or spf include are really designed for large scale usage
>>
>> That's my conclusion, as well. I don't want to authorize every potential
>> MLM to use all addresses in all of our domains cart blanch, even if I would
>> otherwise trust them (e.g. their purported ARC results).
>>
>> I *do* want to authorize our *own* MLM(s) to use our own domains for
>> *internal* use... so I thought for a minute... maybe ATSP has merit for
>> small scale usage, as an alternative to SPF include?

Besides limiting the recourse to hashes, w.r.t ATPS my proposal provides for a rhswl zone which can be outsourced.

>> But no, I don't know if any MLM has a way to check to see if they
>> are authorized via any mechanism, so they will continue to munge
>> the From header for our DMARC-enabled domains anyway.

That is going to be true for /any/ method we devise now. From: rewriting is not going to stop on the next day. We must tune aggregate reports so that MLMs can tell if it's still necessary. It may take decades... still better than ∞.

>> So, for this *internal* use case, maybe I'll just check the ARC
>> result from the trusted MLM and replace the From header with the
>> value of Reply-to/X-Original-From, and call it a day.

Restoring From: at the MDA is certainly a good idea.

However, the need to whitelist each MLM is not much viable for a number of operators. And, in case, I'd adopt John's broad brush: If I went so far as to whitelist the MLM, why should I take the burden to scrutinize the way it applied policies? It seems more sound to allow my recipients to see the same messages as every other subscriber.

> This is why I proposed a tag that would have a value consisting of the
> authorized intermediary domain. It would only be valid for that message.
> Because the tag is signed separately from the rest of the message, it
> should survive even if the intermediary modifies other parts of the
> message. If the intermediary DKIM signs the modified message with their own
> signature, that provides some assurance to the receiver.

That was described on June 26, here:
https://mailarchive.ietf.org/arch/msg/dmarc/wM97DmQ6-FEgMD7wkEKtk1PdBbU/

It requires modifying signer behavior. AIUI, the sender recognizes that one of the recipients is an allowed mailing list, and adds that tag to that copy of the message. It looks less outsourceable than an external whitelist.

Let me call weak signature this concept. As it is very similar to dkim-conditional, either one or the other should be adopted.

By contrast, a somehow limited Sender:, dkim-transform, Author:, as well as weak signatures can all be adopted concurrently.

> I haven't seen enough favorable response to justify working on a detailed
> submission to the group. I'm not an IETF standards wonk.

I'd support weak signatures, in either embodiment. I don't think it needs to be linked to the Sender: field.

Best
Ale
--

_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

v2.23.0 | Report a Bug | By Email