IETF Logo Mail Archive

Re: [dmarc-ietf] ARC-Seal is meaningless security theatre

Dave Crocker <dcrocker@gmail.com> Fri, 11 August 2017 16:27 UTC

Return-Path: <dcrocker@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EEE19132376 for <dmarc@ietfa.amsl.com>; Fri, 11 Aug 2017 09:27:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uZQsh3S21RVB for <dmarc@ietfa.amsl.com>; Fri, 11 Aug 2017 09:27:04 -0700 (PDT)
Received: from mail-oi0-x232.google.com (mail-oi0-x232.google.com [IPv6:2607:f8b0:4003:c06::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A46F91321A1 for <dmarc@ietf.org>; Fri, 11 Aug 2017 09:27:04 -0700 (PDT)
Received: by mail-oi0-x232.google.com with SMTP id f11so37855539oic.0 for <dmarc@ietf.org>; Fri, 11 Aug 2017 09:27:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=9VKkxUrrMSa/lOKfV83QU3Z2gPEp/hkRfXBjMQ0/cZw=; b=YRdh6PDSlA1ElGINtBTzHTsBHGkmLQy8hbTzT7l0LJxIcqNsLBQ7UYVfsnhnXBC0i1 DlLULj+yqPizHJ+FTMC9Rc0S+UIC3mHo/SnocnSPo3g4utuOKYSwcljV4xniCtZ1uWxa XlGnm260bYa7yTMk/J68Z1Rnu9t9i7Sk+9wF3k+0jMNHCWegoCHdaeOJMD8Z1DQUg+oI YJXK+8WiiSopLVLwKjkGv+aKefhiUyenjOaOI4udIuFwDxi9+YzCiHuON+VJnbHAScNh m9mSDKqWZLknOyKqpYLGIJa1B7cYAJw0NJwguQ6PDuC+xPNN3p4GBwRDP7UUs/QvRwof V7Hw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=9VKkxUrrMSa/lOKfV83QU3Z2gPEp/hkRfXBjMQ0/cZw=; b=XdUt7ik7TEtQyJiLyDysSz//Yf5I19A+c4Giiwh+yEnLB+WZU47A2WV+G8gUTEI3iv qlzxQ+s2Y7fIkrj8JnUd9iz5JjBxFzyqrvbP2ACIKvPsAT2fS3qGei7071pzgjx9Zy6x klCLuPNd9pOKyD00TqnCWoOhhn9PlUJY8lqoFyl9wIWsS9oWfpE3O6jTnI59/pOygrPG WBK8A3D6fq3PHYEfDeLqMX1WJthtZkGjNq2nyI2ZC6TDGLioIWTL+8SgoveQut1q9lyz E4KSqYOOeDYb5ZG44r9tTENAAzSDi4AeTTkBjtiIvdMOJ8DwAx8EfLZoPrEGzwOP7WlR 7jzQ==
X-Gm-Message-State: AHYfb5gZQSMH/ttswkeE0DNE5XLRD45IXCUjQq+RpQox8FKlZcV/6CfC Xd6F11Qzxd36ZdlmXdY=
X-Received: by 10.202.198.23 with SMTP id w23mr17068210oif.168.1502468823633; Fri, 11 Aug 2017 09:27:03 -0700 (PDT)
Received: from ?IPv6:2602:304:cda0:8800:d17e:7fe3:9cb7:7c98? ([2602:304:cda0:8800:d17e:7fe3:9cb7:7c98]) by smtp.gmail.com with ESMTPSA id x23sm1043037oix.51.2017.08.11.09.27.02 for <dmarc@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 11 Aug 2017 09:27:02 -0700 (PDT)
To: dmarc@ietf.org
References: <1502083287.2191248.1065195288.7CDC7FF3@webmail.messagingengine.com> <CABuGu1oTMbuLd4yTwecu5sKFnsmH+HiwT1FG=JpySYHzpMTx_w@mail.gmail.com> <1502200759.3946686.1066841264.607B4D0B@webmail.messagingengine.com> <2720431.u3G7bbkkxK@kitterma-e6430> <1502317564.1935379.1068588344.040173AF@webmail.messagingengine.com>
From: Dave Crocker <dcrocker@gmail.com>
Message-ID: <89f1a978-0cc6-f7f3-5d3d-0ccd67341369@gmail.com>
Date: Fri, 11 Aug 2017 09:27:01 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <1502317564.1935379.1068588344.040173AF@webmail.messagingengine.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/ly-lcv64Gx_-z82LlbHlAZtPo4g>
Subject: Re: [dmarc-ietf] ARC-Seal is meaningless security theatre
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Aug 2017 16:27:07 -0000

On 8/9/2017 3:26 PM, Bron Gondwana wrote:
> I do feel like nobody understands what the hell I'm trying to say here 
> based on the responses I've seen so far, so maybe I do actually need to 
> find an existing ARC-Sealed email and forge a change to it.  Seth asked 
> to have a phone chat about this, and I'm happy to have a phone chat with 
> anybody if it will help explain my point.


I've been mulling over this thread for some days.  A challenge in 
writing an IETF spec is to make sure the text is adequately 
understandable to folk who weren't part of the original specification 
effort, yet still can produce interoperable systems.  And will know why 
they should and what benefit will accrue if they do.  I think the 
current document does not provide enough information for this.

I wanted to try to generate some candidate text that would respond to 
the concerns that Bron has raised, but find that I'm not (yet) clear 
enough about underlying details of ARC.  I don't mean technical details, 
I mean conceptual basis.  (And this is in spite of my having been a 
participant in ARC development from the start!)

So I'm now going to ask for a discussion that produces at least bits of 
text.  When there is convergence on those bits, I'm glad to offer to 
assemble them into some sort of "Concepts and Facilities" summary of ARC.


Here's the task I see:

   *  Talk about ARC in non-technical terms, describing not just its 
abstract goal but the nature of how it achieves those goals, in terms of 
threats it is responding to, capabilities that it is responding to, and 
limitations to those capabilities.  This discussion needs to look for 
leaps of faith and other points of confusion or implicit assumption, and 
it needs to resolve them.

   *  This needs to include reference to the concept of 'trust' as an 
operational attribute.

   *  There also needs to be statements about the operational history 
upon which ARC builds -- that is, what is it doing that is well-founded 
-- and what it is doing that is new.

   *  For the parts that are 'new', there needs to be statements the 
provide explain why it is reasonable to be optimistic that deployment 
and use will be safe and useful.


Thoughts?

d/


-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net

v2.23.0 | Report a Bug | By Email