Re: [dmarc-ietf] BATV
"Murray S. Kucherawy" <superuser@gmail.com> Sun, 17 April 2022 02:18 UTC
Return-Path: <superuser@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0CCBB3A18C7 for <dmarc@ietfa.amsl.com>; Sat, 16 Apr 2022 19:18:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id opJ3epIU8Kif for <dmarc@ietfa.amsl.com>; Sat, 16 Apr 2022 19:17:58 -0700 (PDT)
Received: from mail-vs1-xe36.google.com (mail-vs1-xe36.google.com [IPv6:2607:f8b0:4864:20::e36]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D4F383A18C4 for <dmarc@ietf.org>; Sat, 16 Apr 2022 19:17:57 -0700 (PDT)
Received: by mail-vs1-xe36.google.com with SMTP id i34so9037741vsv.6 for <dmarc@ietf.org>; Sat, 16 Apr 2022 19:17:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=o+EE0Bm3LILOfUOfuFQt9nTFjlTfNAy0A4BdLzBnbRc=; b=FHqMIwcpL5Qz0RWZRxfnKPPfD80Hr1DpUefTUG+oZx6HJPO2no611oky0LyTfytBOT fyhmPa3sW7B5IkmYVr1p3SgtdM1ERPsYy93lF3RItV541N3hu0wpVYMzjLJxbE+2ftc8 oKwU+ra/LEd2aaqVQ0UsIjmTHgzAOL5LPsVYOWFoXqr+MAue6Fu/q66m7sCjFk3G27oL E8I1VeGzH9ntefAC6B8HMZ+gGKM9JRo0ksYiccAf+uWS54tfy4JGec9fphGefCAsclpu Ma+aiNVNLkShS7zplwMBK2FaRzm6bfXRGhyRd0RYRn7pqVazpzsbnQZRrFGaj0GUcglS 84mA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=o+EE0Bm3LILOfUOfuFQt9nTFjlTfNAy0A4BdLzBnbRc=; b=Ctrx29+8Fci8Zcw79br+Ze80/kNd5dU/gI04L8x+UvwvAOtIvX7z2Y4rIrl2q/yqNv MbuFXy3iI0UezZtm2HjZC5+eiAbrPU5gQuMY9kmf+qJx5/OjfHUHLynjIhqlgrIfEEF1 64RcTCLUrrMoIXCFDhbpHIFZ+/f2uzzYuVPq60rtOwNtyVmMAx0Zuzo1+iSKTNX/LHUc +Ism4zAo2Ca09Dre00tEumtiUfDZ7Gs73kJp2UL6nnDkLAqWmUHhRgXJh+qlJcKUhwRe JUPhogEA/wd0iKxIGDlbr80ihJT0gYuc9lZ/fRuXm+hIgUktygTLion8QPV/vxHI3lwp 0eFw==
X-Gm-Message-State: AOAM532gza5WoIc/ihCkPBnoZEL6ZNRprPkk4b09Tgiw3zB6XLu6OrNn B6+1+JV1M4+naUchhLEo7S0ZMIzICO3HmIrmSF8=
X-Google-Smtp-Source: ABdhPJwtJrN7n7eqaShk+dB7D0dmbAd+72//Msg/46k5Tvdp4hkAa74Kh1Qv6E6L2c8xGEOx/QcjQpEIEGvg2FnGHV0=
X-Received: by 2002:a05:6102:5d5:b0:32a:32c6:249f with SMTP id v21-20020a05610205d500b0032a32c6249fmr1442881vsf.0.1650161876524; Sat, 16 Apr 2022 19:17:56 -0700 (PDT)
MIME-Version: 1.0
References: <CAH48Zfz_9wj88D507K56Orw+FDRNnL9XSm7bQ1VZQPo_TTkW7A@mail.gmail.com>
In-Reply-To: <CAH48Zfz_9wj88D507K56Orw+FDRNnL9XSm7bQ1VZQPo_TTkW7A@mail.gmail.com>
From: "Murray S. Kucherawy" <superuser@gmail.com>
Date: Sat, 16 Apr 2022 19:17:46 -0700
Message-ID: <CAL0qLwa=QvZ2AwZmiEbUVcRQu9zmvze3iLOioO7Xu1LG0BoF8w@mail.gmail.com>
To: Douglas Foster <dougfoster.emailstandards@gmail.com>
Cc: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000078e1d105dcd040f2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/mICScy29-h04LcEeyJEUDlfkJow>
Subject: Re: [dmarc-ietf] BATV
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Apr 2022 02:18:02 -0000
On Sat, Apr 16, 2022 at 5:35 AM Douglas Foster < dougfoster.emailstandards@gmail.com> wrote: > I would like to see John Levine's BATV document revived from expired draft > status > https://datatracker.ietf.org/doc/html/draft-levine-smtp-batv > > BATV is in use within the current mail stream, and one commercial product > has cloned it to make a proprietary version of the same idea, so it is time > to declare it a success. More importantly, it provides a general > technique, based on signature and timestamp, which permits private > communication between MTAs using insecure RFC5322 header fields. That > technique has other uses. > Who's using it? Which commercial product are you talking about? I wrote and released an open source BATV filter for use with postfix and sendmail back when it was a new idea. The interest in the filter or in the specification was negligible, as there were legitimate use cases with which it interfered, such as these: https://en.wikipedia.org/wiki/Bounce_Address_Tag_Validation#Problems For example, A-R does not include a signature security mechanism, so > implementers must be concerned about injection of spoofed A-R records. > Because ARC is dependent on the secure transmission of A-R within one > organization, weak A-R also weakens ARC. Both problems would have been > avoided by using the BATV signature system, but expired drafts make poor > reference documents for other RFCs > If you're following the A-R specification, you only trust your own A-R fields (unless you really know what you're doing), and your border MTAs are supposed to strip anything it identifies as spoofed. In theory, you can trust anything you see beyond that point that's bearing your own authserv-id. If you think that's not enough, you could DKIM sign the message on ingress, including the A-R field you're adding on the way in, so that it can be proven legitimate. -MSK
- [dmarc-ietf] BATV Douglas Foster
- Re: [dmarc-ietf] BATV Murray S. Kucherawy
- Re: [dmarc-ietf] BATV John Levine
- Re: [dmarc-ietf] BATV Douglas Foster