IETF Logo Mail Archive

Re: [dmarc-ietf] ARC questions

Michael Thomas <mike@mtcc.com> Sun, 22 November 2020 18:51 UTC

Return-Path: <mike@fresheez.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A793B3A09EB for <dmarc@ietfa.amsl.com>; Sun, 22 Nov 2020 10:51:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.25
X-Spam-Level:
X-Spam-Status: No, score=0.25 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mtcc-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vpg2fdMTx5T7 for <dmarc@ietfa.amsl.com>; Sun, 22 Nov 2020 10:50:59 -0800 (PST)
Received: from mail-pg1-x534.google.com (mail-pg1-x534.google.com [IPv6:2607:f8b0:4864:20::534]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4291F3A09EA for <dmarc@ietf.org>; Sun, 22 Nov 2020 10:50:59 -0800 (PST)
Received: by mail-pg1-x534.google.com with SMTP id s63so2277838pgc.8 for <dmarc@ietf.org>; Sun, 22 Nov 2020 10:50:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mtcc-com.20150623.gappssmtp.com; s=20150623; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language; bh=fhdAcVE7u8XPxfSXbei/fzoBum10RPVat4HUCSQOQdQ=; b=vEq6aNj0dBpXoAFhPHOR2ZnrgjRq4Lr5Ls3tjz8umz0s+xYFq0wjbVHRt6MrrFa/kS UZ9wJWRoGo7KzuZCiyWh6X7mXkO7UaD5vGAMl+2zsJWjjAjR2YNxqhsmFWagDwBNz6bU xWqA0RKcLvO+/gXV1zth5QEJ8mnXDegIzqypKaKjjlzAgLQLom+6nHW8D2q37QFQ++Ti NBy25pUgePXUfNlwUxcx0dNAA05V/yknRoujxrVVLmsgSuJ/tSGPgo+1oZ/GCO4g49EG yLJ3Vnpp88cvgOKhqPG8t7cYAj6akIJE+k5p0j78q3fOrYbBTWDXofUG0ZxlL6tGLp/V wg2w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=fhdAcVE7u8XPxfSXbei/fzoBum10RPVat4HUCSQOQdQ=; b=jhSU3WmYcxcJoHW9F5A1rRwr+Cdj5Iic7CSeerCMmOiCBUZtr/prtc5K7YBDqvdDfF LgY3+RjtS+fnkAcR39xOz3DHCpJMCp9wQnaYZk1eNgZ/ux1xhajTyhHv3qojaT50+eDz KRTjEDXi8fULNt0h/K7/BPtTsM1JpI64gRSSAshvpbAVnZ3GABX71sft67Cuv8o+PK4G fZjgsDExHYE+Ml2O7Xy8H9Hg3EFA6cP2jcS+PJn2JxenFyUz55D1OCnUKt42BBLgbgBG C0IiFPZ7elIGor/35jK5vYtSbLqMyAgFFYYdQVZKNjc0k9pLK3XD+ej2eQI73jZdIAPz +/Iw==
X-Gm-Message-State: AOAM5325L7zX7vGQmL2ZpfmytUZWjhK0AI7jocpU9XVSSHVhU1/RAx7v xFA+fTcnUvhl4rp3WYzpsAbBse5ooWzM7A==
X-Google-Smtp-Source: ABdhPJyqWDG5fhPGfwE5mL0DKpfiC2iloU3/7MCrfH1eMn+Vmv+icBwD86eVqTjO46BQtfClxsLI0Q==
X-Received: by 2002:a17:90a:4497:: with SMTP id t23mr20999627pjg.39.1606071058192; Sun, 22 Nov 2020 10:50:58 -0800 (PST)
Received: from mike-mac.lan (107-182-37-5.volcanocom.com. [107.182.37.5]) by smtp.gmail.com with ESMTPSA id c191sm9647084pfc.166.2020.11.22.10.50.56 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 22 Nov 2020 10:50:57 -0800 (PST)
To: "Kurt Andersen (b)" <kboth@drkurt.com>, John Levine <johnl@taugh.com>
Cc: "dmarc@ietf.org" <dmarc@ietf.org>
References: <dcc265f9-a143-5093-eba0-94ee059c7cc7@mtcc.com> <20201122021417.B5E6E27B3E59@ary.qy> <CABuGu1pX=5ZC4RLsv19qrosRN9nCrPdeSk5Xg4O7ViEZit6dnA@mail.gmail.com>
From: Michael Thomas <mike@mtcc.com>
Message-ID: <453c4db4-fc62-dc76-5b15-707623d66f9f@mtcc.com>
Date: Sun, 22 Nov 2020 10:50:55 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Thunderbird/68.12.1
MIME-Version: 1.0
In-Reply-To: <CABuGu1pX=5ZC4RLsv19qrosRN9nCrPdeSk5Xg4O7ViEZit6dnA@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------163CE033ED04755FAC7F93A0"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/n7Zxhj4pDj6lHbQpXxBAoYY8I7Y>
Subject: Re: [dmarc-ietf] ARC questions
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Nov 2020 18:51:01 -0000

On 11/22/20 10:41 AM, Kurt Andersen (b) wrote:
> As usual, John has pretty well nailed the response, but there was one 
> other part of your question (Mike) that I thought deserved explanation:
>
> On Sat, Nov 21, 2020 at 7:14 PM John Levine <johnl@taugh.com 
> <mailto:johnl@taugh.com>> wrote:
>
>     In article <dcc265f9-a143-5093-eba0-94ee059c7cc7@mtcc.com
>     <mailto:dcc265f9-a143-5093-eba0-94ee059c7cc7@mtcc.com>> you write:
>     >If I'm a receiver who is going to be making some filtering decisions
>     >based on ARC, I see that it passed by some authenticator along
>     the way
>     >which is fine, but my question is why I should trust that
>     intermediary
>     >in general?
>
>     The short answer is that you shouldn't, any more than you should trust
>     random DKIM signatures.
>
>     This also means that ARC isn't useful if you don't have a reputation
>     system to tell you where the lists and other forwarders that might add
>     legit ARC signatures are.
>
>
> On Sat, Nov 21, 2020 at 2:33 PM Michael Thomas <mike@mtcc.com 
> <mailto:mike@mtcc.com>> wrote:
>
>
>     Or did I miss where ARC resigns the body? Or is there a tie in for
>     ARC
>     with the mailing list's resigned DKIM signature for the new message?
>
>
> The ARC-Message-Signature (referred to as the AMS) includes a 
> signature over the newly modified message (headers & body) in a way 
> very similar to a DKIM-Signature. But this does not solve the problem 
> of a malicious forwarder that does a wholesale replacement of the 
> (presumably) good content with spam. That's were your own reputation 
> and content analysis has to come in.
>
Is there a reason that there is a separate ARC-signature rather than 
just using the DKIM signature that is normally created for the new 
message? Since ARC is new, you'd not want the intermediary to stop DKIM 
signing the message so you end up with essentially two signatures doing 
essentially the same thing?

Mike

v2.23.0 | Report a Bug | By Email