Re: [dmarc-ietf] Question regarding RFC 8617

"Kurt Andersen (b)" <kboth@drkurt.com> Wed, 06 November 2019 15:36 UTC

Return-Path: <kurta@drkurt.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ACFA612008D for <dmarc@ietfa.amsl.com>; Wed, 6 Nov 2019 07:36:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.499
X-Spam-Level:
X-Spam-Status: No, score=-1.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLACK=0.5] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=drkurt.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id djcND3W5I-Yi for <dmarc@ietfa.amsl.com>; Wed, 6 Nov 2019 07:36:52 -0800 (PST)
Received: from mail-io1-xd2f.google.com (mail-io1-xd2f.google.com [IPv6:2607:f8b0:4864:20::d2f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 785A712004C for <dmarc@ietf.org>; Wed, 6 Nov 2019 07:36:52 -0800 (PST)
Received: by mail-io1-xd2f.google.com with SMTP id s3so23642910ioe.3 for <dmarc@ietf.org>; Wed, 06 Nov 2019 07:36:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=drkurt.com; s=20130612; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=uOR2zjnpSdh3giRKrSB3cN5+7bsYZPFxSeTDvy9L1nE=; b=cK+gT49HvgOi9sV1HV8J6Q+G1zJIDxGchPLMh/YVMaIz/JGRkZXXWaU849Tkm+QHOe tqR3p/eeNx/GPAHS7GIPKfDi1G8wNzashRroU25AjBwE8z7jmcKe8bysQk9m/98Rt7+Y LQHOsLAQ+5oiN/IN3PWpMtFVpGKmN2sX0YHoY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=uOR2zjnpSdh3giRKrSB3cN5+7bsYZPFxSeTDvy9L1nE=; b=VTW9/ZY2Wqmqr8trMKmmgNUag1R3WvgLgMzZysS75yT1iMamrsOX54T0118wHBoEAY +sIt7Iq3FyYvUugxJ6xl2Qi7J/mizjISa7M8T3aqjreeyAagrFoMBCmz/B+yWGW89/KD CYb+i56SgTsCd0WQS0E9jBuDdxuJZejmE9YuSe2B8D7NWYA+l2BX8KHNgXjgbheWGZnO hS7C8EF4z+HgAPmruhgvq2vgEhoN94kkwdruY7cNmU1oIISzl97c5lGzWoo8jUuGYsX0 4JASav9EGjcqoV6AQimDGE6GbbB9/8oAtcMCX+OHMMhQr2FDatJhgNsKYBXXTZ0oeC1T NAxQ==
X-Gm-Message-State: APjAAAVkE7B36ZxXWv+fyaJBLlAcHzey22rohKHbkQB3ja92P7T5s5KE NkEwJVOFvcYrTHHLoXaH9suFgov5dRajR0c5km85aw==
X-Google-Smtp-Source: APXvYqyJDu4HZjS/FKQOwBpZzQvuqZPyqKQUSn+x8celV66yTdOwmSqqGf1fs7ffwvJ9IY83pAXpYgBv6ziqc7Aur4M=
X-Received: by 2002:a5d:8987:: with SMTP id m7mr2183072iol.104.1573054611497; Wed, 06 Nov 2019 07:36:51 -0800 (PST)
MIME-Version: 1.0
References: <BN7PR05MB416368F6F754F6B6E0095648FA7F0@BN7PR05MB4163.namprd05.prod.outlook.com>
In-Reply-To: <BN7PR05MB416368F6F754F6B6E0095648FA7F0@BN7PR05MB4163.namprd05.prod.outlook.com>
From: "Kurt Andersen (b)" <kboth@drkurt.com>
Date: Wed, 6 Nov 2019 07:36:37 -0800
Message-ID: <CABuGu1rsiK0VWXCZXqhLvbO0bULBPZD+JuQ9LqwzMr05MSnLpQ@mail.gmail.com>
To: "Weist, Bill" <William.Weist@iqvia.com>
Cc: "dmarc@ietf.org" <dmarc@ietf.org>
Content-Type: multipart/related; boundary="00000000000054d6bb0596af5144"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/lJNADepgNYW3Ci587L0JQ0vbRkM>
Subject: Re: [dmarc-ietf] Question regarding RFC 8617
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Nov 2019 15:36:55 -0000

The choice of which headers are included in the signed set is strictly up
to the domain administrators who implement the signing practices. Also, the
AMS is only relevant for the next receiver, it is not intended to be
validated by hops >1 step away from the domain which adds that instance so
I don't see how mutability would matter.

--Kurt Andersen

On Wed, Nov 6, 2019 at 7:30 AM Weist, Bill <William.Weist@iqvia.com>; wrote:

> DOI:  10.17487/RFC8617
>
>
>
> The inclusion of the address headers in the signature, and possibly the
> Subject, is an issue:
>
>
>
> ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=
> microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
> bh=;
>
>
>
> If a downstream server needs to modify either of these two values, the
> signature check fails.
>
>
>
> It is my understanding that the Authenticated Received Check signature is
> to validate the chain of possession.  As such, in my opinion, the signature
> should only include immutable references.
>
>
>
> In my opinion, there is value in NOT requiring headers to be stripped by
> downstream servers, thus maintaining the custody chain from origination to
> destination.
>
>
>
> Thank you for your time and attention,
>
>
>
> *William M. Weist*
>
> *Enterprise Architect I – Global Messaging – Mobile and Presence*
>
> CIO Team – End User Computing
>
> *[image: IQVIA logo_96dpi_100pxheight]*
>
> Learn more <http://www.iqvia.com/> about IQVIA™
>
>
>
> 400 Campus Drive
>
> Collegeville, PA 19426
>
> USA
>
>
>
> O: +1 610 244 2646 | M: +1 484 904 8244
>
>
>
>
> ________________________________________
> *IMPORTANT* - PLEASE READ: This electronic message, including its
> attachments, is CONFIDENTIAL and may contain PROPRIETARY or LEGALLY
> PRIVILEGED or PROTECTED information and is intended for the authorized
> recipient of the sender. If you are not the intended recipient, you are
> hereby notified that any use, disclosure, copying, or distribution of this
> message or any of the information included in it is unauthorized and
> strictly prohibited. If you have received this message in error, please
> immediately notify the sender by reply e-mail and permanently delete this
> message and its attachments, along with any copies thereof, from all
> locations received (e.g., computer, mobile device, etc.). To the extent
> permitted by law, we may monitor electronic communications for the purposes
> of ensuring compliance with our legal and regulatory obligations and
> internal policies. We may also collect email traffic headers for analyzing
> patterns of network traffic and managing client relationships. For further
> information see: https://www.iqvia.com/about-us/privacy/privacy-policy.
> Thank you.
>
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>