Re: [dmarc-ietf] Email security beyond DMARC?

DAMY gustavo <gustavo.DAMY@upu.int> Wed, 20 March 2019 09:34 UTC

Return-Path: <gustavo.DAMY@upu.int>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12740131095 for <dmarc@ietfa.amsl.com>; Wed, 20 Mar 2019 02:34:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=upu.int
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GwoqaCZCFgSl for <dmarc@ietfa.amsl.com>; Wed, 20 Mar 2019 02:33:57 -0700 (PDT)
Received: from mgw3.upu.int (mgw3.upu.int [193.247.49.9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A86FD1274A1 for <dmarc@ietf.org>; Wed, 20 Mar 2019 02:33:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=upu.int; i=@upu.int; q=dns/txt; s=default; t=1553074433; x=1584610433; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=ldUPEBJ/04FyFhIzw7iNgJzm4baRB/aBy7ih2owQgso=; b=OVAR5fEbsBQ5Iy92pkeva8hfd8tACiBMH5imgs45FsK4Wve4Rn2Sxd1V hWIgCoN3A5HwHip2DmwHGki2Q5D5oE4Kmq+VYLjvza9j6EHWrnSIdh3eU iRWcJ+15Pnkjoxj6sqePuFGBxLaJe+CgrvinaJcRKXhoKGD6JI4BtKibN GWaIGXTFo19ehtJPmJnTP2u5D5HoABlTYSPoaBA3+JC50v1IKKa9B4GId NWtsyl5AyT24Tiwv7ENkZfCB7sWrV9Qenk29xvQ2rN2+Ns84jzqu4p/aC KN17v94KtZ/cyYi4KzMxZQd56GUBgbkP+6CDZwhNjEI16iFfxxX1dWtvh A==;
Authentication-Results: mgw3.upu.ch; spf=Pass smtp.mailfrom=gustavo.DAMY@upu.int; spf=None smtp.helo=postmaster@PEXC02.upu.ch
Received-SPF: Pass (mgw3.upu.ch: domain of gustavo.DAMY@upu.int designates 193.247.55.161 as permitted sender) identity=mailfrom; client-ip=193.247.55.161; receiver=mgw3.upu.ch; envelope-from="gustavo.DAMY@upu.int"; x-sender="gustavo.DAMY@upu.int"; x-conformance=spf_only; x-record-type="v=spf1"; x-record-text="v=spf1 ip4:193.247.55.160/32 ip4:193.247.55.161/32 ip4:80.80.227.166/32 ip4:193.247.63.15/32 +a:erecruit.noreply.upu.int +mx -all"
Received-SPF: None (mgw3.upu.ch: no sender authenticity information available from domain of postmaster@PEXC02.upu.ch) identity=helo; client-ip=193.247.55.161; receiver=mgw3.upu.ch; envelope-from="gustavo.DAMY@upu.int"; x-sender="postmaster@PEXC02.upu.ch"; x-conformance=spf_only
IronPort-SDR: kJUv8wLpqWELbts8Cl7q1R7PL8efKlrsNXKaP64Sp/OU7sQjfH7RNkgogphfoSyfoSaa0IaJDC 8EIZAZoLA5AdYHYT0mcpijCIznug1BtBQ1W3NseHLsC5yATaUzseSLciicb0EPq0k52YdOOIkV HfO/S39HefgA9w9ty+5gtA06iRJgYBI54Qau20S2D63+WjjNmdy5vhiup3Ex5kY0z1TYp7j/jg JAH6cSe2QesrGygo3yn1kEJ3JJ8q+1td6j2zUsMgTFCaG7SZTtJwuVN4bMN8vmsIBGqGxejUaP /N0=
X-IronPort-AV: E=Sophos;i="5.60,248,1549926000"; d="scan'208";a="1860181"
Received: from PEXC01.upu.ch (2002:c1f7:37a0::c1f7:37a0) by PEXC02.upu.ch (2002:c1f7:37a1::c1f7:37a1) with Microsoft SMTP Server (TLS) id 15.0.1130.7; Wed, 20 Mar 2019 10:33:46 +0100
Received: from PEXC01.upu.ch ([fe80::28c1:e4c1:2f2e:11fc]) by PEXC01.upu.ch ([fe80::28c1:e4c1:2f2e:11fc%13]) with mapi id 15.00.1130.005; Wed, 20 Mar 2019 10:33:46 +0100
From: DAMY gustavo <gustavo.DAMY@upu.int>
To: "dmarc@ietf.org" <dmarc@ietf.org>
Thread-Topic: [dmarc-ietf] Email security beyond DMARC?
Thread-Index: AQHU3b0Xv/AeslasNkiUwE096qOcBKYTO0Dw///6sgCAAAU7gIAA+KSQ
Date: Wed, 20 Mar 2019 09:33:45 +0000
Message-ID: <8e26770d45b14816b3a5b9da33acf83a@PEXC01.upu.ch>
References: <1dc451a973a8443a87d37b6e5c41fe38@bayviewphysicians.com> <alpine.DEB.2.20.1903181355520.5419@softronics.hoeneisen.ch> <90b936ec488f41108bc4e528eb7933f6@PEXC01.upu.ch> <002a01d4de81$18ac27b0$4a047710$@bayviewphysicians.com> <alpine.DEB.2.20.1903191935400.4731@softronics.hoeneisen.ch>
In-Reply-To: <alpine.DEB.2.20.1903191935400.4731@softronics.hoeneisen.ch>
Accept-Language: en-GB, fr-CH, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.22.0.30]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/rT7FG1Y8C6bFp1Kk6OKFEBuIo6Y>
Subject: Re: [dmarc-ietf] Email security beyond DMARC?
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Mar 2019 09:34:00 -0000

OK thank you Bernie, 
But pEp  is also based on MIME   (which requires trust on at least one centralized  CA which falls into the centralized infrastructure  isn't it ?)

And yes I agree bad guys could use this as well (but probably they already do it anyway) so through pEp  + DMARC it wouldn't be even safer to exchange messages finally an easy way to have End to end encryption using open protocols for webmail  (and not just rely on existing APPS/SW) implementations? 

At the end you have to trust someone and that could be linked to existing DMARC DNS records? 

Regards
Gustavo
 

-----Original Message-----
From: 'Bernie Hoeneisen' <bernie@ietf.hoeneisen.ch> 
Sent: Tuesday, March 19, 2019 7:44 PM
To: Doug Foster <fosterd@bayviewphysicians.com>
Cc: DAMY gustavo <gustavo.DAMY@upu.int>nt>; dmarc@ietf.org
Subject: Re: [dmarc-ietf] Email security beyond DMARC?

Dear Doug / Damy

There is no direct connection between pEp and DMARC, as pEp is not relying on centralized infrastructure.


cheers
  Bernie

On Tue, 19 Mar 2019, Doug Foster wrote:

> Can one of you elaborate on the potential connection between PeP and DMARC,
> or more generally, the connection beteen PeP and spam filtering?
>
> -----Original Message-----
> From: dmarc [mailto:dmarc-bounces@ietf.org] On Behalf Of DAMY gustavo
> Sent: Tuesday, March 19, 2019 2:03 PM
> To: dmarc@ietf.org
> Cc: Bernie Hoeneisen
> Subject: Re: [dmarc-ietf] Email security beyond DMARC?
>
> Very useful links Bernie, thanks for the info.
> I wonder if this working group will eventually will make reference  to the
> concept of PeP  protocol to reinforce the usage of DMARC  you are mentioning
> below?
>
> Best Regards
> Gustavo Damy
>
>
> -----Original Message-----
> From: Bernie Hoeneisen <bernie@ietf.hoeneisen.ch>
> Sent: Monday, March 18, 2019 1:58 PM
> To: Douglas E. Foster <fosterd@bayviewphysicians.com>
> Cc: dmarc@ietf.org
> Subject: Re: [dmarc-ietf] Email security beyond DMARC?
>
> Hi Doug
>
> On Sat, 16 Mar 2019, Douglas E. Foster wrote:
>
>> I tried to understand what IETF is doing about email security, and
>> this working group seems to be the only surviving effort.  Based on
>> the index, the groups attention is focused on polishing the existing
>> DMARC implementaton rather than plowing new territory.  Given the
>> devastating effect of WannaCry and the success of other email-based
>> attacks, I think our work is far from finished.
>
> You may want to have a look on some upcoming work. We just started a new
> mailing list, which includes the topic of email security:
>
>  MEDUP -- Missing Elements for Decentralized and Usable Privacy
>
> To subscribe:
>
> - https://www.ietf.org/mailman/listinfo/medup
>
> Please find more information on:
>
> - https://mailarchive.ietf.org/arch/msg/medup/mbrbhFekt_srXShzpCa4RiXgPbY
>
> - https://mailarchive.ietf.org/arch/msg/pearg/oBjgAwG3_eoR6tpLQGTE_9OggzQ
>
> The former also includes a list of Internet-Drafts describing the MEDUP
> challenges.
>
>
> Please be also informated that the LAMPS WG has requested a new work item on
> email header protection to be added to its charter.
>
>
> Hope that helps!
>
> Best,
>  Bernie
>
> --
>
> http://ucom.ch/
> Modern Telephony Solutions and Tech Consulting for Internet Technology
>
>
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>
>
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>