Re: [dmarc-ietf] indeterminisim of ARC-Seal b= value
Seth Blank <seth@valimail.com> Fri, 31 March 2017 01:46 UTC
Return-Path: <seth@valimail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9116B1286CA for <dmarc@ietfa.amsl.com>; Thu, 30 Mar 2017 18:46:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.71
X-Spam-Level:
X-Spam-Status: No, score=-0.71 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2Ps7BVVykWCP for <dmarc@ietfa.amsl.com>; Thu, 30 Mar 2017 18:45:58 -0700 (PDT)
Received: from mail-qk0-x230.google.com (mail-qk0-x230.google.com [IPv6:2607:f8b0:400d:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C8F79129566 for <dmarc@ietf.org>; Thu, 30 Mar 2017 18:45:55 -0700 (PDT)
Received: by mail-qk0-x230.google.com with SMTP id r142so55923618qke.2 for <dmarc@ietf.org>; Thu, 30 Mar 2017 18:45:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=+xcvvr1wW1HC1zRTwbyOTko+rZj/1CbkxLVTSEoJ3xw=; b=FFdytoCpVDoTq3Qy/+CNLcStgUomV6vArY0LrvNIoQ6KolwLxwjGFWbEAkAB77jnUq iIxcFFQzEajCQUejAT6IsfsYe+3itvaJKE6spv9YS2F3jiH+2TxX/y7vkM8UCcStOZH7 QZu9NL5WJaYH5GqUaXzvuSxir6m8dX1BwN3NHkdNKfJ/WufclUmbX+Z0QFqddzlR031+ mJmf4aWYZTjdBFqQ76bwSIIfMTBYAR5excnfSu4kk5Lxk1eyCBxyonbXXrw5DGHQopOI 63GebRJ/wLIaZ+i4h0FVACFJbH1WBKNiF6QVeAcdC8CzRJ+wmyFHGm6PfdjY/iSS9F0t KGNw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=+xcvvr1wW1HC1zRTwbyOTko+rZj/1CbkxLVTSEoJ3xw=; b=Rx/zEg0xCQMj4UDBstKMjDUOVbsc0JiNNYedLHHPXcG8R9YyeO70uXStUUx3AGLSsi nrzNfTMfkl6V2qJXUGPkSnKBEHjrkLIgM0jA1/O0lKYqglXAGPt/KThaER/Lwr1Vn/i3 3+GQXH8nvOR0J9A1/1TS5B+dF3qip3vKYDAZdrLjvhuSiIab6aO/uUjU1ZOkDWKxdU7L 7uFQY1BtvibpMBuAb0F443f/xNNVE99aE40FIR5bKya0poGdjj0hP2oNHP5Ed4pTQ4gp KAhWJn7da5ZX2P8nMxmuwkisYlB/ZjGdHVf4IMta6KYXRbCFII7AiY5MZY07pLWvSZ1s oyJA==
X-Gm-Message-State: AFeK/H0uxuQw5eML/eNlUlbuajgchbDlMG3U7NQmVfGnqY6vthoC/FNqLpZLyNmH+v1QF9xXbAx5xhQWbbhF9g==
X-Received: by 10.55.157.67 with SMTP id g64mr417692qke.192.1490924754888; Thu, 30 Mar 2017 18:45:54 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.200.42.166 with HTTP; Thu, 30 Mar 2017 18:45:34 -0700 (PDT)
In-Reply-To: <E0354A1C-4621-46A0-8F2D-BB6621A758EF@att.com>
References: <CANtLugO_D1Mz_v_341pc5O1mZ7RhOTrFA3+Ob5-onp72+5uRfA@mail.gmail.com> <alpine.OSX.2.20.1703272118210.2533@ary.local> <CAOj=BA0YKHYrkseR=wwgZn0_GNBKfdL7jmHehgBRzxqGKV6C1g@mail.gmail.com> <2978391.eJVbVTHBlo@kitterma-e6430> <CAL0qLwbP4c+09=TNSOsDqKwcp6iw++aGW8jDhARoVwvsghSLvA@mail.gmail.com> <01QCKR5S5OXK0003XB@mauve.mrochek.com> <CAOj=BA3p-XQT=AeR4PHC-udWsn7rOmtR+UQHV0vbVofDKYOH_Q@mail.gmail.com> <01QCKXW9MZ4Q0003XB@mauve.mrochek.com> <1cf7325b-6f77-7cda-e330-025b7ddb0b92@dcrocker.net> <CAOZAAfM_fKf+egqmYQorobPB07kQpi5rP4rcb4Kj3fsLvcoRVw@mail.gmail.com> <E0354A1C-4621-46A0-8F2D-BB6621A758EF@att.com>
From: Seth Blank <seth@valimail.com>
Date: Thu, 30 Mar 2017 18:45:34 -0700
Message-ID: <CAOZAAfPc6RkYn+ZTNuw7w8CRom7OiCYz88ttks6R1Xjr1NbYww@mail.gmail.com>
To: "HANSEN, TONY L" <tony@att.com>
Cc: "dmarc@ietf.org" <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c05626e671b91054bfcf85b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/rgbvM6hrHeQDgZAMVhLNuK6UnuU>
Subject: Re: [dmarc-ietf] indeterminisim of ARC-Seal b= value
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Mar 2017 01:46:01 -0000
Yes, +1000 to many test suites. But no test suite can function without a deterministic order of fields in the header unless it also includes an ARC implementation for signing/validating, which is where this conversation started and why we care so much about discussing this ordering. On Thu, Mar 30, 2017 at 6:11 PM, HANSEN, TONY L <tony@att.com> wrote: > One of the reasons DKIM was successful in becoming interoperable was not > that we had a test suite to force conformance, but instead that we had > >multiple< test suites that were able to successfully validate DKIM > signatures from multiple implementations. My test suite caught corner cases > that Ned’s and Yahoo’s and Google’s did not, and vice versa for each one of > them. (My company actually had two totally independent implementations of > DKIM so that we could do internal testing against a different platform. It > was just prudent to do it that way.) > > > > When there was an issue in someone’s test suite, we were then able to > discuss whether it was an issue in the test suite that needed to be fixed, > or it was an issue in the implementation. A single test suite is never > sufficient – that’s one reason we prefer multiple interoperating > implementations in order for something to be considered an internet > standard. > > > > By the way, none of us that implemented DKIM test suites had an issue with > the header order being determined by the sender. It makes the validation > infinitesimally trickier than having a predetermined header order. > > > > -1000 to the suggestion of having a single conformance test suite that > everyone lives and dies by. +1000 to multiple test suites that multiple > people write and can be used to test against. > > > > I’m all for you, Seth and Peter, to write a test suite. But nothing you’ve > said so far has convinced me that a predetermined header order or a single > conformance test suite is worth pursuing. One of many, sure. > > > > Tony Hansen > > > > *From: *dmarc <dmarc-bounces@ietf.org> on behalf of Seth Blank < > seth@valimail.com> > *Date: *Thursday, March 30, 2017 at 8:10 PM > *To: *"dcrocker@bbiw.net" <dcrocker@bbiw.net> > *Cc: *"Murray S. Kucherawy" <superuser@gmail.com>, "dmarc@ietf.org" < > dmarc@ietf.org>, Scott Kitterman <sklist@kitterman.com>, Peter Goldstein < > peter@valimail.com>, "ned+dmarc@mrochek.com" <ned+dmarc@mrochek.com> > *Subject: *Re: [dmarc-ietf] indeterminisim of ARC-Seal b= value > > > > Dave, If we were only talking about ARC Signing messages, I'd generally > agree with the comments on this list. > > > > However, ARC is fundamentally different. It is about a chain of messages > that validate each other. And ARC's complexity is not in the signing (where > most of this conversation has been focused), but in this chain validation > and the cascading issues that can be created by any member of the chain > doing something slightly wrong. And since *everyone* in the chain except > the initial signer is also a receiver, the final receiver simply can't make > up for mistakes caused by a less savvy intermediary - the chain will > already be broken and unrecoverable. > > > > ARC also has a lot of subtlety that is missable at interops because of > this. For instance, if I'm modifying a message, I need to validate the > incoming chain, then make my modifications, and then sign the outgoing > message. An intermediary doing this wrong (say, validating and then signing > after message modification) isn't a bug a final receiver can fix. And > without a seriously complex interop with a ton of intermediaries and > sending relationships mapped out for testing, it's not likely an error in > any specific implementation here will be discovered until it's too late. > > > > To my understanding, working on the test suite shook these issues out > because they were what caused problems running the test suite at the > interop in the first place. So this is actually a good and healthy part of > the process, and is the natural consequence of the interops. What worked > here for DKIM is insufficient with the nuances of ARC. > > > > What we've been discussing doesn't just guarantee a test suite can be made > that works for everyone (which is huge in itself), but constrains the > problem space for everyone involved in an ARC chain. This is clean and > desirable. > > > > Since the spec is not finalized, this is the perfect time to set a > deterministic order for headers that no one has even seen before. > > > > Seth > > > > > > On Thu, Mar 30, 2017 at 4:15 PM, Dave Crocker <dhc@dcrocker.net> wrote: > > On 3/30/2017 12:13 PM, ned+dmarc@mrochek.com wrote: > > And given the relationship with DKIM people are going to expect ARC > to work in the same general way, maing such a change a least astonishment > principle violation. > > > > +10. > > This thread has been active for 6 days. That is 5.5 days longer than it > should have lasted, and I'm being generous. > > Internet technologies succeed through interoperability testing, not > conformance tests, or the like. Conformance testing, and the like, are > useful for early-stage bug-finding, but not for 'certification'. This > point has been a distinguishing feature of Internet technical work since > before the Internet. > > ARC is a small re-casting of DKIM. DKIM has worked for quite a few > years. Some details of ARC need to be different from DKIM, but the basic > paradigm -- including the model of achieving field operation through > interoperability testing -- should be the same. > > My reading of this too-long message thread is that there is essentially no > support for making ARC's header-related issues any different from DKIM's, > so I encourage the chair to shut this thread down. > > d/ > > -- > Dave Crocker > Brandenburg InternetWorking > bbiw.net > <https://urldefense.proofpoint.com/v2/url?u=http-3A__bbiw.net&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=Kz8VdgPVctDNSNPJ6PsBaw&m=M5zzV_Ak3GCR8lZhAHLFfMA0SvGqSztWEPI0H6a5Y2E&s=ZX1C85lFDoWiX0J86FUeLGQx37E3YQcIT3LIGyCaeWU&e=> > > > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc > <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_dmarc&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=Kz8VdgPVctDNSNPJ6PsBaw&m=M5zzV_Ak3GCR8lZhAHLFfMA0SvGqSztWEPI0H6a5Y2E&s=mJ57Dtkqee8RcYkQnZ9yx6EdyO8ycHhuJTmem3tZxy8&e=> > > > > > > -- > > [image: mage removed by sender. logo for sig file.png] > > *Bringing Trust to Email* > > Seth Blank | Head of Product for Open Source and Protocols > > seth@valimail.com > +1-415-894-2724 <415-894-2724> > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc > > -- [image: logo for sig file.png] Bringing Trust to Email Seth Blank | Head of Product for Open Source and Protocols seth@valimail.com +1-415-894-2724 <415-894-2724>
- [dmarc-ietf] indeterminisim of ARC-Seal b= value Gene Shuman
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… John Levine
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Gene Shuman
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… John R Levine
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Peter Goldstein
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Brandon Long
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Peter Goldstein
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Brandon Long
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Peter Goldstein
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… John R Levine
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Peter Goldstein
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Scott Kitterman
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Peter Goldstein
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Scott Kitterman
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Peter Goldstein
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Murray S. Kucherawy
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Murray S. Kucherawy
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Murray S. Kucherawy
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Murray S. Kucherawy
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… ned+dmarc
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Peter Goldstein
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Peter Goldstein
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… ned+dmarc
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Seth Blank
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Brandon Long
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Dave Crocker
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Seth Blank
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… HANSEN, TONY L
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Seth Blank
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Dave Crocker
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… John Levine
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Seth Blank
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Dave Crocker
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Seth Blank
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… Murray S. Kucherawy
- Re: [dmarc-ietf] indeterminisim of ARC-Seal b= va… ned+dmarc