Re: [dmarc-ietf] ARC-Seal is meaningless security theatre
Bron Gondwana <brong@fastmailteam.com> Tue, 15 August 2017 00:12 UTC
Return-Path: <brong@fastmailteam.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7280513245F for <dmarc@ietfa.amsl.com>; Mon, 14 Aug 2017 17:12:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.719
X-Spam-Level:
X-Spam-Status: No, score=-2.719 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmailteam.com header.b=SEXOQ0Hj; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=oQI4g3gu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V7_S4Thpr5gH for <dmarc@ietfa.amsl.com>; Mon, 14 Aug 2017 17:12:02 -0700 (PDT)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3BC7D13245E for <dmarc@ietf.org>; Mon, 14 Aug 2017 17:12:02 -0700 (PDT)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id A41F520783; Mon, 14 Aug 2017 20:12:01 -0400 (EDT)
Received: from web5 ([10.202.2.215]) by compute6.internal (MEProxy); Mon, 14 Aug 2017 20:12:01 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= fastmailteam.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=UuzTEg OQZ32UtkrBUhs2k50h69EJYeuN+WgG+m9JmGo=; b=SEXOQ0HjyZDqMykjN/Wubu Pu3YLLjjfv/WFMHScYooF1/R7WThUHVBHq5QDVHxH8tOnD1OGB8ThxRAwCrThbmF rcM+IF3lxi/Mginlp2eDrqmBqCSFXa3k9dsG96yYxiPjgNI2YJMZar3NZQmU7JRo Y0CTX1b4iqE2Ye+s1T17tmVLMBmSRzsbIChtQYrs2T5PWdxUMzrYQOY1v/lVyGEj IP0pGbIJ/7J5HorZ7nkgERvGDqc2GFdBLIdcA6ESxsy+odIoxqXGjYwotUM0HMpa Pu6fjWIqg6kzr0KtODiuW72afW+I9CUy4J7Z/Jmo1m+WkxSB44uDFdU0NwWD5IBQ ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=UuzTEg OQZ32UtkrBUhs2k50h69EJYeuN+WgG+m9JmGo=; b=oQI4g3guSEXTIQIBN/bftE p/kvx9Pk+lWMZzAZqVMxI/ngUeCLtQF6kGC64MEFn4TnN2Q0UUC46rt5sveUt2d4 Rt4mEgX2a+Zr2rEu/LwEJc55V1Ic4SMo8434eICUsaRSN2dSeIM2ZI4hlIh2Grt+ zD6sOlXl4Rk4YXrc7iOcPHuekRdpyglCyfYZQxWw4yFPxELkJ9L6mADb+s6smmhf 3bjY/8LaTqp8Jpco3FsbfeI6r/HwKjq2ETzc14L2iVWR493fM8WQbPdjS1q35Z8X HVhDS2x5mKBCo++KOQ6BMPGBTdzARrS7zL36VYJiAplJxOAe6d7Oq1te3a1FNpNQ ==
X-ME-Sender: <xms:UTySWXIslEVkTE2-hCfEMbnzspsx9bew5VbHclHOCi-_pBAPHGPOrg>
Received: by mailuser.nyi.internal (Postfix, from userid 99) id 7D32D9E264; Mon, 14 Aug 2017 20:12:01 -0400 (EDT)
Message-Id: <1502755921.1067004.1073467336.14612B87@webmail.messagingengine.com>
From: Bron Gondwana <brong@fastmailteam.com>
To: Brandon Long <blong@fiction.net>
Cc: dmarc@ietf.org
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: multipart/alternative; boundary="_----------=_150275592110670042"
X-Mailer: MessagingEngine.com Webmail Interface - ajax-ff6d44b3
In-Reply-To: <CABa8R6uV=4Cc47zHtZtA-0WFVhuEYPAr3NTswzvF4H21tjfWTw@mail.gmail.com>
References: <1502083287.2191248.1065195288.7CDC7FF3@webmail.messagingengine.com> <CABuGu1oTMbuLd4yTwecu5sKFnsmH+HiwT1FG=JpySYHzpMTx_w@mail.gmail.com> <1502200759.3946686.1066841264.607B4D0B@webmail.messagingengine.com> <2720431.u3G7bbkkxK@kitterma-e6430> <1502317564.1935379.1068588344.040173AF@webmail.messagingengine.com> <a08c7590-ded3-1642-4ffc-07848b3c6cd2@gmail.com> <e14f2130-6f00-4ef1-485b-850a4cc1c48c@gmail.com> <1502495646.4099176.1070896040.2B09B1F8@webmail.messagingengine.com> <CABa8R6uV=4Cc47zHtZtA-0WFVhuEYPAr3NTswzvF4H21tjfWTw@mail.gmail.com>
Date: Tue, 15 Aug 2017 10:12:01 +1000
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/oTpTGZsyKGbW9p6J18zw_oEz2Mc>
Subject: Re: [dmarc-ietf] ARC-Seal is meaningless security theatre
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Aug 2017 00:12:05 -0000
On Tue, 15 Aug 2017, at 05:42, Brandon Long wrote: > > > On Fri, Aug 11, 2017 at 4:54 PM, Bron Gondwana > <brong@fastmailteam.com> wrote:>> __ >> On Sat, 12 Aug 2017, at 03:22, Dave Crocker wrote: >> >> I'm just picking out the key quote here: >> >> >>> On 8/7/2017 4:22 PM, Seth Blank wrote: >>>> When validating an ARC signed message, one verifies the latest AMS>>>> (which must validate), and *the entire chain* of ARC Seals, >>>> not only>>>> the latest. This guarantees you a list of all message signatories ->>>> the chain of custody we're talking about. >> >> >> Yes, I follow this bit, but then... >> >> >>>> When evaluating the chain for final receipt, there are two >>>> states to>>>> worry about as a matter of local policy: 1) you trust all the >>>> signatories on the chain 2) there is an untrusted signatory on the>>>> chain >> >> >> Which is why it's a bad idea to sign if you're not modifying, because >> then everybody has to trust you or their chain breaks, even though >> you didn't do anything which required signing.> > This is an interesting point. > > If there is a non-participating intermediary, either the message > wasn't modified (so the next hop passes arc) or it was (and the next > hop fails the whole chain).> > If you are participating, the fact that you didn't modify the message > is lost when the message is modified down the chain.> > This is a clearly worse scenario for participation, due to the lack of > information that is passed forward in the chain.> > We would need to include more information in the chain in order to > overcome this, some information from hop N about which previous hop > was the last modifying hop. That seems like it would be enough to fix that objection. An additional "first AMS failure" header at each hop would give you a list of who actually modified the message. > Theoretically, the second modifying hop could include information from > the preceding AAR in it's AAR, and maybe that transitive trust (I > trust hop 2, which trusts hop 1, so I have to trust hop 1) is ok, > because by trusting hop 2, they could have completely replaced the > message. This wasn't done with XOAR. Right. That's the bit that we do absolutely need, regardless of everything else. Every link in the chain has to be trustworthy or they can just repurpose an existing chain valid chain. If you didn't have that with XOAR I can see how an intermediate could have falsified the chain of custody under XOAR without being implicated for reputation purposes. We definitely need to be able to know who the injection point for bad content! > There would be no point in including multiple AMS/AAR headers, why > bother keeping the non-verifiable ones. Or maybe, you just get rid of > the AMS and keep the AAR and have your AMS sign over all of the > existing AAR records. Yes, that makes sense - So long as each AAR includes the signing domain that it checked against for its arc=pass, then no information is lost. I just had a really good chat with Seth on Skype half an hour ago about this. He was unable to find a case where having a full AS,AMS,AAR adds any provable value over just checking the most-recent AMS and having AAR signed. I do like your proposal of signing ALL the existing AARs, because they're the thing of value. Old AMS have no value, and old AS have no value either so long as you have a cv=pass on the current AS. So if we had this: AMS: i=4, h=[...]:arc-authentication-results:arc-authentication-results:arc-authentication-results:arc-authentication-results:[...]AAR: i=4, arc=pass, dkim=fail, spf=fail AAR: i=3, arc=pass, dkim=fail, spf=fail AAR: i=2, arc=pass, dkim=pass, spf=fail AAR: i=1, dkim=pass, spf=pass That would give you everything. The one downside is that every ARC layer added another item to the h= header in the AMS. One nice thing about AS is that you don't need the h=, because it's implied. But overall I'd say removing the other AMS headers and all the AS headers still leads to a smaller payload than adding one h=arc-authentication- results for each hop. Unless I'm missing something, this design is just as robust as the existing AS,AMS,AAR for tracking chain of custody back to the first untrusted site, and neither design is any good for knowing things for certain about the changes made before the first untrusted site. Of course - this design doesn't tell you which of the steps modified the message any more (my first point above). I do like the idea of tagging the message with data about which hops modified it... which is an argument for not stripping AMS while is still validates. You would wind up with something like: AMS: i=4, h=[...]:arc-authentication-results:arc-authentication-results:arc-authentication-results:arc-authentication-results:[...]AAR: i=4, arc3=pass, arc2=pass, dkim=fail, spf=fail AMS: i=3 h=[...]:arc-authentication-results:arc-authentication-results:arc-authentication-results:[...]AAR: i=3, arc2=pass, dkim=fail, spf=fail AMS: i=2 h=[...]:arc-authentication-results:arc-authentication-results:[...]AAR: i=2, arc1=pass, dkim=pass, spf=fail AAR: i=1, dkim=pass, spf=pass Which tells you that i=3 and i=4 didn't modify the message, because arc2 passed when i=4 validated it (proving that i=3 didn't modify it), and the AMS for i=2, i=3 and i=4 all pass now. If the next hop was to modify the message it would add: AAR: i=5, arc4=pass, arc3=pass, arc2=pass, dkim=fail, spf=fail then strip all the existing AMS and add its own: AMS: i=5, h=[...]:arc-authentication-results:arc-authentication-results:arc-authentication-results:arc-authentication-results:arc-authentication-results:[...] Which signed that it verified hops 3 and 4 as non-modifiers. Regards, Bron. -- Bron Gondwana, CEO, FastMail Pty Ltd brong@fastmailteam.com
- [dmarc-ietf] ARC-Seal is meaningless security the… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Tim Draegen
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… John Levine
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Scott Kitterman
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen (b)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… MH Michael Hammer (5304)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen (b)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen (b)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen (b)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… mhammer@americangreetings.com
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos