IETF Logo Mail Archive

Re: [dmarc-ietf] Clarifying the value of arc.closest-fail

Bron Gondwana <brong@fastmailteam.com> Wed, 03 January 2018 00:39 UTC

Return-Path: <brong@fastmailteam.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9CCCE127137 for <dmarc@ietfa.amsl.com>; Tue, 2 Jan 2018 16:39:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.719
X-Spam-Level:
X-Spam-Status: No, score=-2.719 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmailteam.com header.b=bXPqnL8P; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=J2b6DjBx
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bls4-V110Dox for <dmarc@ietfa.amsl.com>; Tue, 2 Jan 2018 16:39:57 -0800 (PST)
Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CCCA8120721 for <dmarc@ietf.org>; Tue, 2 Jan 2018 16:39:56 -0800 (PST)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 31ED120C4D for <dmarc@ietf.org>; Tue, 2 Jan 2018 19:39:56 -0500 (EST)
Received: from web5 ([10.202.2.215]) by compute6.internal (MEProxy); Tue, 02 Jan 2018 19:39:56 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= fastmailteam.com; h=content-transfer-encoding:content-type:date :from:in-reply-to:message-id:mime-version:references:subject:to :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=qVICoswu8SSHLA6oR z5Bn8Bocy2+8B/E+F2DmicPZFQ=; b=bXPqnL8P2qzr9QATDYkuCyyGvMUaajg3i iniAOgKjjtuvrQbcW3Luj+CkCre++IY1fR8L9yTMJS+K4XSK9chs3ms3z1lZo7NP MW+RbVvO/MlKn27ISkiBk+0+NVQU3GEkq7PBuFnhGIQOZ63+KjQjLBiSdHnF5u7E Zsnf6It/kYdtRKI6iYOMqH+qgxi6Iwvd/1CG6E0nqVKqQdxeGhfDYGXmomik93i3 V1UKUq1WHWPr5MnOB/UTbjW28yOgVxZknvdVWPQRHX0NAvDTNw9XX8Ruc/w3JkCw qhkK4Xbwl5L2jFvu/retG9NQxFEYZLMHF3E4wHQVehiCpbf8s4bEQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=qVICos wu8SSHLA6oRz5Bn8Bocy2+8B/E+F2DmicPZFQ=; b=J2b6DjBxRvxRZU6XrovJLO bHDD5OP9YMZ7uHhb4hNL+tOryv0pnkCfRyaO185hOP5dvo4FhRh9xlNYQZL3P6sS 1XjFzCIN3UhHKg1DPyPL8H4j22U65Oh1JH2PG5tFLodDHtDA2C2ZeluE3c/hPBWw RorcqbDZnRAScmOc6lRhKNk8mGHonZwCEqraYgJl8i+fL+4FGH2BpdV5m44fKVsv Dmh7Cz2zTOLJ55kgGrEOLoxyvIVvr6zvkWqZTvfN+q71oI5EdILRm+zY3JmfI1x1 2jt/O5GmKIkGrJIHJSV9taOc9+2kMfeuAL4DkLdIW/ujF42h/z+BS02rA+/wPN4g ==
X-ME-Sender: <xms:XCZMWo-mDZG4vWnQlKtryALkWfRTnhEcHzfsVpm1gRPIGQtZm26lVw>
Received: by mailuser.nyi.internal (Postfix, from userid 99) id 097E39E240; Tue, 2 Jan 2018 19:39:55 -0500 (EST)
Message-Id: <1514939995.3318165.1222346488.5B169072@webmail.messagingengine.com>
From: Bron Gondwana <brong@fastmailteam.com>
To: dmarc@ietf.org
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: multipart/alternative; boundary="_----------=_151493999533181650"
X-Mailer: MessagingEngine.com Webmail Interface - ajax-cc9a457c
Date: Wed, 03 Jan 2018 11:39:55 +1100
In-Reply-To: <CABuGu1pBqv9uPQg7_XR42cUCE4x4rWbN2hgxx7ZAbWugHT6zkg@mail.gmail.com>
References: <CABuGu1pBqv9uPQg7_XR42cUCE4x4rWbN2hgxx7ZAbWugHT6zkg@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/pSv0sab_TTI3y-LfvHATIMAVM24>
Subject: Re: [dmarc-ietf] Clarifying the value of arc.closest-fail
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jan 2018 00:40:00 -0000

On Wed, 3 Jan 2018, at 04:34, Kurt Andersen (b) wrote:
> As I went through the edits for
> https://tools.ietf.org/html/draft-ietf-dmarc-arc-protocol-10#section-5.2.1
> I was unable to understand the value added by having the "arc.closest-
> fail" listed in the AAR.
Please  read my examples again if the problem wasn't clear, because you
don't get security by imagining the best cases where everyone behaves
themselves, you get security by imagining that everybody is trying to
get away with the worst abuses they can without being detected.
Without a closest-fail from each step, or a similar way to determine
changes, information about abuses gets lost along the chain, and the
final receiver can't tell who modified the message along the way.
> Looking back through the list archives, the idea for this pvalue seems
> to have come up in mid-August, captured in this snippet:> 
> On Wed, Sep 6, 2017 at 4:02 AM, Bron Gondwana
> <brong@fastmailteam.com> wrote:>> __
>> 
>> On Wed, 6 Sep 2017, at 07:52, Seth Blank wrote:
>>> On Mon, Aug 14, 2017 at 5:12 PM, Bron Gondwana
>>> <brong@fastmailteam.com> wrote:>>> > That seems like it would be enough to fix that objection.  An
>>> > additional "first AMS failure" header at each hop would give you a
>>> > list of who actually modified the message.>>> 
>>> arc.closest_fail has been defined to accomplish this.
>> 
>> That looks great.  It adds enough information that my other questions
>> are basically efficiency concerns, which are not nothing, but at
>> least ARC signing doesn't make things worse...> 
> It seems that Bron is advocating a change in the verify process where
> by all AMS signatures would have to be checked rather than just the
> most recent one. Going through the archives showed me that the
> language in 5.2.1 should say "...the most recent AMS that fails to
> validate..." rather than "...the most recent AS that fails to
> validate..." but then the verifier actions would also need to be
> updated in section 6 (steps 3+).
Yes, it should say most recent AMS, not AS.  All AS should always
validate.
>  If we are only concerned with changes in the body of the message
>  which are being introduced by intermediaries, it seems like we could
>  just check for changes in the bh value between hops rather than
>  requiring each verifier to walk (possibly) the whole list of AMS
>  headers.
No, that's bogus.  The message is not the body, the message is
body+subject+from+to.  In particular, a bad actor intermediate
could totally change the meaning of a message by changing the
subject.  Messages where the majority of meaning is in the subject
definitely exist.
Subject: Please clean out your stuff from the fridge

Body:
Thanks,
Bron.

vs

Subject: URGENT: your need to paypal $5000 to foo@bar.com TODAY or we will lose $IMPORTANT_CONTRACT
Body:
Thanks,
Bron.

Both have the same bh=, but they're very different messages.

> Does this provide enough "bang for the buck" to make it worthwhile? or
> should we cut out this field?
If we cut the field, then ARC usage guidelines need to say "don't
seal if you didn't change the message" or we're breaking the value of
the chain.
Bron.

--
  Bron Gondwana, CEO, FastMail Pty Ltd
  brong@fastmailteam.com

v2.23.0 | Report a Bug | By Email