Re: [dmarc-ietf] ARC-Seal is meaningless security theatre
Tim Draegen <tim@eudaemon.net> Mon, 07 August 2017 14:51 UTC
Return-Path: <tim@eudaemon.net>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3CF281323B5 for <dmarc@ietfa.amsl.com>; Mon, 7 Aug 2017 07:51:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=eudaemon.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XMXcMU2qIJJW for <dmarc@ietfa.amsl.com>; Mon, 7 Aug 2017 07:51:55 -0700 (PDT)
Received: from mail-yw0-x22c.google.com (mail-yw0-x22c.google.com [IPv6:2607:f8b0:4002:c05::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B15341323B2 for <dmarc@ietf.org>; Mon, 7 Aug 2017 07:51:55 -0700 (PDT)
Received: by mail-yw0-x22c.google.com with SMTP id l82so4124658ywc.2 for <dmarc@ietf.org>; Mon, 07 Aug 2017 07:51:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=eudaemon.net; s=dkey; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=xuQw6SbwZxVxsqkKQvpKTgMNDI6lxyLjvKAyT9tvMzc=; b=Ybx0YjUr2jH/WNDNabH+qX8CJsSfC7luEPC5aA8wS794zwkN7RSFSV3DCDo1mZExYs w0cr8eXWnQP/lq/V6tPgCmmXicsOD+9/CuGPevaWxuZ0Wg0GkDE4H44qxhdSRigIWZZO mciO0LobXvsi3F5OOmfw8gn9JLQNv+j6b8ZDk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=xuQw6SbwZxVxsqkKQvpKTgMNDI6lxyLjvKAyT9tvMzc=; b=fVW9kFaQIKOM28m1CzGcht964mWJwuZMBPo5NHK01gSjSyG6lW0pAsSSIdEAeNzMpn S2sYo4N+q7tYf3FpumdlPLiQYJ6z7jdXUhkq8bQ56cBGMOOPcCRKG4LDAkjRU4wcy/fs TFRYlFqCLrJx3EmS8byNxTthO37uoPYqiXHZ4mfZUPDaPw87TO5+jW6cGe5wgoHU1Z17 JDee55eHYPuEozCpXfTjwhdQ3R0wwv2yZClSCXxhV6sth13WaR5RRukXKXVzG3k5FARa yScXl36sJcVszXyNkGZt6EEaAIY+wfb6BIo0IAiQ0JLzqlFHUPqnMarq+1SinthzjeAs F8wQ==
X-Gm-Message-State: AHYfb5jdXMt5aypqz7q83Kaj3Fmc+y3sp682N0cnrUG5BF/Zj6h8FJDL kYrpsnp2BvuJ4JH1
X-Received: by 10.129.85.5 with SMTP id j5mr750947ywb.120.1502117514731; Mon, 07 Aug 2017 07:51:54 -0700 (PDT)
Received: from [192.168.0.30] (208-104-133-98.brvd.dsl.dyn.comporium.net. [208.104.133.98]) by smtp.gmail.com with ESMTPSA id m6sm3004042ywb.67.2017.08.07.07.51.53 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 07 Aug 2017 07:51:53 -0700 (PDT)
From: Tim Draegen <tim@eudaemon.net>
Message-Id: <15EF8F78-61CD-41B9-B7A2-317D483A56C1@eudaemon.net>
Content-Type: multipart/alternative; boundary="Apple-Mail=_43A2795B-EF2A-4F93-A478-62FF7BA996CF"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Mon, 07 Aug 2017 10:50:52 -0400
In-Reply-To: <1502083287.2191248.1065195288.7CDC7FF3@webmail.messagingengine.com>
Cc: dmarc@ietf.org
To: Bron Gondwana <brong@fastmailteam.com>
References: <1502083287.2191248.1065195288.7CDC7FF3@webmail.messagingengine.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/poBQwOa5HhbfSdLA-Ovd3DOl5kc>
Subject: Re: [dmarc-ietf] ARC-Seal is meaningless security theatre
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Aug 2017 14:51:57 -0000
> On Aug 7, 2017, at 1:21 AM, Bron Gondwana <brong@fastmailteam.com> wrote: > > A more cheap and nasty fix, assuming it's too late/complex to change the protocol more, would be to keep AS, but change the validation to only require checking the most recent AS, since validating the rest is meaningless. Bron, thanks for sharing your insight. I don't think it's too late/complex to incorporate direct real world experience into the specification. I tried to express my own attitude in the Prague meeting: the email space is special because it is huge. It doesn't make sense to pretend that it isn't. Instead, let's build tech to solve real problems, test it against the install base, and make the tech better based on what is learned. AFAICT, ARC is at the very beginning of the "test it against the install base" phase.
- [dmarc-ietf] ARC-Seal is meaningless security the… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Tim Draegen
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… John Levine
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Scott Kitterman
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen (b)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… MH Michael Hammer (5304)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen (b)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen (b)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen (b)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… mhammer@americangreetings.com
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos