IETF Logo Mail Archive

Re: [dmarc-ietf] indeterminisim of ARC-Seal b= value

Seth Blank <seth@valimail.com> Fri, 31 March 2017 01:46 UTC

Return-Path: <seth@valimail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9116B1286CA for <dmarc@ietfa.amsl.com>; Thu, 30 Mar 2017 18:46:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.71
X-Spam-Level:
X-Spam-Status: No, score=-0.71 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2Ps7BVVykWCP for <dmarc@ietfa.amsl.com>; Thu, 30 Mar 2017 18:45:58 -0700 (PDT)
Received: from mail-qk0-x230.google.com (mail-qk0-x230.google.com [IPv6:2607:f8b0:400d:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C8F79129566 for <dmarc@ietf.org>; Thu, 30 Mar 2017 18:45:55 -0700 (PDT)
Received: by mail-qk0-x230.google.com with SMTP id r142so55923618qke.2 for <dmarc@ietf.org>; Thu, 30 Mar 2017 18:45:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=+xcvvr1wW1HC1zRTwbyOTko+rZj/1CbkxLVTSEoJ3xw=; b=FFdytoCpVDoTq3Qy/+CNLcStgUomV6vArY0LrvNIoQ6KolwLxwjGFWbEAkAB77jnUq iIxcFFQzEajCQUejAT6IsfsYe+3itvaJKE6spv9YS2F3jiH+2TxX/y7vkM8UCcStOZH7 QZu9NL5WJaYH5GqUaXzvuSxir6m8dX1BwN3NHkdNKfJ/WufclUmbX+Z0QFqddzlR031+ mJmf4aWYZTjdBFqQ76bwSIIfMTBYAR5excnfSu4kk5Lxk1eyCBxyonbXXrw5DGHQopOI 63GebRJ/wLIaZ+i4h0FVACFJbH1WBKNiF6QVeAcdC8CzRJ+wmyFHGm6PfdjY/iSS9F0t KGNw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=+xcvvr1wW1HC1zRTwbyOTko+rZj/1CbkxLVTSEoJ3xw=; b=Rx/zEg0xCQMj4UDBstKMjDUOVbsc0JiNNYedLHHPXcG8R9YyeO70uXStUUx3AGLSsi nrzNfTMfkl6V2qJXUGPkSnKBEHjrkLIgM0jA1/O0lKYqglXAGPt/KThaER/Lwr1Vn/i3 3+GQXH8nvOR0J9A1/1TS5B+dF3qip3vKYDAZdrLjvhuSiIab6aO/uUjU1ZOkDWKxdU7L 7uFQY1BtvibpMBuAb0F443f/xNNVE99aE40FIR5bKya0poGdjj0hP2oNHP5Ed4pTQ4gp KAhWJn7da5ZX2P8nMxmuwkisYlB/ZjGdHVf4IMta6KYXRbCFII7AiY5MZY07pLWvSZ1s oyJA==
X-Gm-Message-State: AFeK/H0uxuQw5eML/eNlUlbuajgchbDlMG3U7NQmVfGnqY6vthoC/FNqLpZLyNmH+v1QF9xXbAx5xhQWbbhF9g==
X-Received: by 10.55.157.67 with SMTP id g64mr417692qke.192.1490924754888; Thu, 30 Mar 2017 18:45:54 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.200.42.166 with HTTP; Thu, 30 Mar 2017 18:45:34 -0700 (PDT)
In-Reply-To: <E0354A1C-4621-46A0-8F2D-BB6621A758EF@att.com>
References: <CANtLugO_D1Mz_v_341pc5O1mZ7RhOTrFA3+Ob5-onp72+5uRfA@mail.gmail.com> <alpine.OSX.2.20.1703272118210.2533@ary.local> <CAOj=BA0YKHYrkseR=wwgZn0_GNBKfdL7jmHehgBRzxqGKV6C1g@mail.gmail.com> <2978391.eJVbVTHBlo@kitterma-e6430> <CAL0qLwbP4c+09=TNSOsDqKwcp6iw++aGW8jDhARoVwvsghSLvA@mail.gmail.com> <01QCKR5S5OXK0003XB@mauve.mrochek.com> <CAOj=BA3p-XQT=AeR4PHC-udWsn7rOmtR+UQHV0vbVofDKYOH_Q@mail.gmail.com> <01QCKXW9MZ4Q0003XB@mauve.mrochek.com> <1cf7325b-6f77-7cda-e330-025b7ddb0b92@dcrocker.net> <CAOZAAfM_fKf+egqmYQorobPB07kQpi5rP4rcb4Kj3fsLvcoRVw@mail.gmail.com> <E0354A1C-4621-46A0-8F2D-BB6621A758EF@att.com>
From: Seth Blank <seth@valimail.com>
Date: Thu, 30 Mar 2017 18:45:34 -0700
Message-ID: <CAOZAAfPc6RkYn+ZTNuw7w8CRom7OiCYz88ttks6R1Xjr1NbYww@mail.gmail.com>
To: "HANSEN, TONY L" <tony@att.com>
Cc: "dmarc@ietf.org" <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c05626e671b91054bfcf85b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/rgbvM6hrHeQDgZAMVhLNuK6UnuU>
Subject: Re: [dmarc-ietf] indeterminisim of ARC-Seal b= value
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Mar 2017 01:46:01 -0000

Yes, +1000 to many test suites.

But no test suite can function without a deterministic order of fields in
the header unless it also includes an ARC implementation for
signing/validating, which is where this conversation started and why we
care so much about discussing this ordering.

On Thu, Mar 30, 2017 at 6:11 PM, HANSEN, TONY L <tony@att.com> wrote:

> One of the reasons DKIM was successful in becoming interoperable was not
> that we had a test suite to force conformance, but instead that we had
> >multiple< test suites that were able to successfully validate DKIM
> signatures from multiple implementations. My test suite caught corner cases
> that Ned’s and Yahoo’s and Google’s did not, and vice versa for each one of
> them. (My company actually had two totally independent implementations of
> DKIM so that we could do internal testing against a different platform. It
> was just prudent to do it that way.)
>
>
>
> When there was an issue in someone’s test suite, we were then able to
> discuss whether it was an issue in the test suite that needed to be fixed,
> or it was an issue in the implementation. A single test suite is never
> sufficient – that’s one reason we prefer multiple interoperating
> implementations in order for something to be considered an internet
> standard.
>
>
>
> By the way, none of us that implemented DKIM test suites had an issue with
> the header order being determined by the sender. It makes the validation
> infinitesimally trickier than having a predetermined header order.
>
>
>
> -1000 to the suggestion of having a single conformance test suite that
> everyone lives and dies by. +1000 to multiple test suites that multiple
> people write and can be used to test against.
>
>
>
> I’m all for you, Seth and Peter, to write a test suite. But nothing you’ve
> said so far has convinced me that a predetermined header order or a single
> conformance test suite is worth pursuing. One of many, sure.
>
>
>
>                 Tony Hansen
>
>
>
> *From: *dmarc <dmarc-bounces@ietf.org> on behalf of Seth Blank <
> seth@valimail.com>
> *Date: *Thursday, March 30, 2017 at 8:10 PM
> *To: *"dcrocker@bbiw.net" <dcrocker@bbiw.net>
> *Cc: *"Murray S. Kucherawy" <superuser@gmail.com>, "dmarc@ietf.org" <
> dmarc@ietf.org>, Scott Kitterman <sklist@kitterman.com>, Peter Goldstein <
> peter@valimail.com>, "ned+dmarc@mrochek.com" <ned+dmarc@mrochek.com>
> *Subject: *Re: [dmarc-ietf] indeterminisim of ARC-Seal b= value
>
>
>
> Dave, If we were only talking about ARC Signing messages, I'd generally
> agree with the comments on this list.
>
>
>
> However, ARC is fundamentally different. It is about a chain of messages
> that validate each other. And ARC's complexity is not in the signing (where
> most of this conversation has been focused), but in this chain validation
> and the cascading issues that can be created by any member of the chain
> doing something slightly wrong. And since *everyone* in the chain except
> the initial signer is also a receiver, the final receiver simply can't make
> up for mistakes caused by a less savvy intermediary - the chain will
> already be broken and unrecoverable.
>
>
>
> ARC also has a lot of subtlety that is missable at interops because of
> this. For instance, if I'm modifying a message, I need to validate the
> incoming chain, then make my modifications, and then sign the outgoing
> message. An intermediary doing this wrong (say, validating and then signing
> after message modification) isn't a bug a final receiver can fix. And
> without a seriously complex interop with a ton of intermediaries and
> sending relationships mapped out for testing, it's not likely an error in
> any specific implementation here will be discovered until it's too late.
>
>
>
> To my understanding, working on the test suite shook these issues out
> because they were what caused problems running the test suite at the
> interop in the first place. So this is actually a good and healthy part of
> the process, and is the natural consequence of the interops. What worked
> here for DKIM is insufficient with the nuances of ARC.
>
>
>
> What we've been discussing doesn't just guarantee a test suite can be made
> that works for everyone (which is huge in itself), but constrains the
> problem space for everyone involved in an ARC chain. This is clean and
> desirable.
>
>
>
> Since the spec is not finalized, this is the perfect time to set a
> deterministic order for headers that no one has even seen before.
>
>
>
> Seth
>
>
>
>
>
> On Thu, Mar 30, 2017 at 4:15 PM, Dave Crocker <dhc@dcrocker.net> wrote:
>
> On 3/30/2017 12:13 PM, ned+dmarc@mrochek.com wrote:
>
> And given the relationship with DKIM people are going to expect ARC
> to work in the same general way, maing such a change a least astonishment
> principle violation.
>
>
>
> +10.
>
> This thread has been active for 6 days.  That is 5.5 days longer than it
> should have lasted, and I'm being generous.
>
> Internet technologies succeed through interoperability testing, not
> conformance tests, or the like.  Conformance testing, and the like, are
> useful for early-stage bug-finding, but not for 'certification'.  This
> point has been a distinguishing feature of Internet technical work since
> before the Internet.
>
> ARC is a small re-casting of DKIM.  DKIM has worked for quite a few
> years.  Some details of ARC need to be different from DKIM, but the basic
> paradigm -- including the model of achieving field operation through
> interoperability testing -- should be the same.
>
> My reading of this too-long message thread is that there is essentially no
> support for making ARC's header-related issues any different from DKIM's,
> so I encourage the chair to shut this thread down.
>
> d/
>
> --
> Dave Crocker
> Brandenburg InternetWorking
> bbiw.net
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__bbiw.net&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=Kz8VdgPVctDNSNPJ6PsBaw&m=M5zzV_Ak3GCR8lZhAHLFfMA0SvGqSztWEPI0H6a5Y2E&s=ZX1C85lFDoWiX0J86FUeLGQx37E3YQcIT3LIGyCaeWU&e=>
>
>
>
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_dmarc&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=Kz8VdgPVctDNSNPJ6PsBaw&m=M5zzV_Ak3GCR8lZhAHLFfMA0SvGqSztWEPI0H6a5Y2E&s=mJ57Dtkqee8RcYkQnZ9yx6EdyO8ycHhuJTmem3tZxy8&e=>
>
>
>
>
>
> --
>
> [image: mage removed by sender. logo for sig file.png]
>
> *Bringing Trust to Email*
>
> Seth Blank | Head of Product for Open Source and Protocols
>
> seth@valimail.com
> +1-415-894-2724 <415-894-2724>
>
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>
>


-- 

[image: logo for sig file.png]

Bringing Trust to Email

Seth Blank | Head of Product for Open Source and Protocols
seth@valimail.com
+1-415-894-2724 <415-894-2724>

v2.23.0 | Report a Bug | By Email