Re: [dmarc-ietf] Reversing modifications from mailing lists
Wei Chuang <weihaw@google.com> Sun, 05 December 2021 19:55 UTC
Return-Path: <weihaw@google.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A27413A082C for <dmarc@ietfa.amsl.com>; Sun, 5 Dec 2021 11:55:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.599
X-Spam-Level:
X-Spam-Status: No, score=-17.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wXKrj3EHgkem for <dmarc@ietfa.amsl.com>; Sun, 5 Dec 2021 11:55:46 -0800 (PST)
Received: from mail-il1-x135.google.com (mail-il1-x135.google.com [IPv6:2607:f8b0:4864:20::135]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 789103A0825 for <dmarc@ietf.org>; Sun, 5 Dec 2021 11:55:46 -0800 (PST)
Received: by mail-il1-x135.google.com with SMTP id s6so2751101ild.9 for <dmarc@ietf.org>; Sun, 05 Dec 2021 11:55:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=sGWcStCiin+SSU80XhG0T6sOv7uDdubZrRLDYBpX0uA=; b=KGwL43K6PS9+G+bIQbVLCHR/nGGuKtZFybXRgq4MkT55QmvvT14mv+1xtXCvJbDXdR kJjz0H2gTNHwBKzsDSRhGc49ywZC/V9CyUpJfkk9sfet9GzfadJ9g9DbZvJGjOHEQ2JP 32d2nTnMYggoSAWzGCQpHldzdYtSQDJFA7fw3uULLMd0D0Yp4YTKNqXlKQ3jGuchLXWB UJlJDfytGFGA7Xm33I3pX0UOIhSbZQb/OUYbrZ/PfoihcpXoGJGQXNUBVU3cEENdnLvO 71QRjWbLmDNe/AwH0hiBwamtiisgyjyK787dpnjdKwLZrYJKCWC1Ef/lIEGiNkqkyBJk VErg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=sGWcStCiin+SSU80XhG0T6sOv7uDdubZrRLDYBpX0uA=; b=o8P22X38GNyZ6KLTaV5wAgGmDDkBzN3qqLNqXWJ83JLACkPyaSLOwJkoGAz6Ee95fJ 6dX3PcoNlAa0/Hj8g6i7FcFEjTfi7112ypeS2y9XNAMi1OXBmJAmdH/u4maCVJw+hSK0 wA64aAwCKDeHuGgrFEw4ayXEttD2l9k5F8DEd1o5w768LpaToN48d+qcke+a3DDffiHU wuIGqY53xQvLz8IUgyhhO5xkpre28i+xBL0Y6TAWuWxLQsgzMMINc8l2FAHPUW1maTTm zNb2Zu2kwHh3Oc5BIJ/pO7llzKzRTlcqeCjVM7tXKNEihpnO8ZkbsPCcLKOZRtXn/yzF /ZLQ==
X-Gm-Message-State: AOAM533OIOf+kvE1yqWRBqubcmRBIFiaUSDVnQj3jzi4Klo3XKqqrAbJ bM0B3HPEYJGdDFo8yJTyz5Ny7RNyJRf8XFjMoxHrEowQiYe86A==
X-Google-Smtp-Source: ABdhPJz4itRXHYjggIRfRH+2LwFbmWNW8Yp7XZKtrsGIsgMfoKD1BgAuhUuG4LXjOvLaz/Rx/CQlyz+wvXQNyXtYcw0=
X-Received: by 2002:a05:6e02:d4e:: with SMTP id h14mr27159886ilj.244.1638734144565; Sun, 05 Dec 2021 11:55:44 -0800 (PST)
MIME-Version: 1.0
References: <20211129030358.BC1EA30B80A5@ary.qy> <0e941529-1c93-b84d-ae7f-01c505a52c60@tana.it> <d6116d53-b415-f4d1-67e6-3a765f83754d@taugh.com> <4eb213fc-c269-3d62-36dd-50fd39efb368@tana.it> <CAAFsWK2BLP8+GOVzdDtn_PsyAGaKwt0Y3F_hQWkdTHdC6RhD=A@mail.gmail.com> <b2b240b0-a658-b852-fe22-6902de577745@taugh.com> <d3bb0d23-8930-8b7e-3c5e-03821daaae2a@tana.it>
In-Reply-To: <d3bb0d23-8930-8b7e-3c5e-03821daaae2a@tana.it>
From: Wei Chuang <weihaw@google.com>
Date: Sun, 05 Dec 2021 11:55:30 -0800
Message-ID: <CAAFsWK3yQAn-SSfpp7mAx70+EaCu=_bHjrDROyb+KL1gjKVb5Q@mail.gmail.com>
To: Alessandro Vesely <vesely@tana.it>
Cc: John R Levine <johnl@taugh.com>, dmarc@ietf.org
Content-Type: multipart/alternative; boundary="00000000000091f24705d26b86b1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/t3XEgSNiYQsQtyJBkUk72KLGQS8>
Subject: Re: [dmarc-ietf] Reversing modifications from mailing lists
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Dec 2021 19:55:52 -0000
On Wed, Dec 1, 2021 at 3:45 AM Alessandro Vesely <vesely@tana.it> wrote: > On Tue 30/Nov/2021 18:30:39 +0100 John R Levine wrote: > > On Tue, 30 Nov 2021, Wei Chuang wrote: > >> What about adding a footer to some html mime part is poorly handled when > >> using "l="? Multipart bodies could be handled by other techniques. > > > > See section 8.2 in the DKIM spec which says if you use l= you need to be > > careful with your MIME boundaries so naughty people can't add another > part that > > overlays the real message. > Agreed there's risk in HTML hiding content and showing malicious things but that risk has existed before. An updated DKIM authenticator could help us understand who did those malicious updates along some forwarding path. > > I'm not clear about the last but one paragraph of that section: > > An example of such an attack includes altering the MIME structure, > exploiting lax HTML parsing in the MUA, and defeating duplicate > message detection algorithms. > > I'm going to file an errata about it. Altering the MIME structure is only > possible if the value of l= is less than the original message length. If > the > whole MIME structure forms the body hash, including the epilogue, it is > not > feasible to alter it. If Content-Type is not signed, the attacker can > change > the top boundary and append whatever content she likes, thereby relegating > the > original, unaltered MIME structure to the role of preamble. > > Setting l= with MIME structures doesn't help a non-breaking footer > addition. > For plain text messages, it would help. However, Section 5.4.1. suggests > to > sign Content-Type when setting l=, to avoid the above attack, and signing > Content-Type makes for breakable DKIM signatures since MLMs overwrite that > field. (Yes, they set text/plain again if the type was such, but > capitalization and comments may differ.) Hence I retract what I said in > my > previous message[*], that l= works well with a wide range of mailing lists. > Could a way of dealing with "l=" is extending the list-canon <https://datatracker.ietf.org/doc/html/draft-kucherawy-dkim-list-canon> ideas of identifying signatures by mime-parts into identifying length as well? In other words, with list-canon each part generates a hash, and similarly each part can have a length of the content in that part that is claimed. It also records the content-type for each part. I'm going to guess that this is to help identify changes like what I believe you are concerned with. > > Finally, I thought duplicate message detection was rather related to > Message-ID > than to l=. > > > > I have seen lists that edit the footer into the HTML of the body, I > think at > > Yahoo groups. Don't see how you're going to describe that in a > reversible way. > > > Hm... when HTML parts are paired by alternative plain text parts, it is > hard, > due to HTML complexity, to make the added footers look alike. > > Anyway, I wouldn't want to authenticate a message that underwent an HTML > footer > addition, because it can completely replace the original content in the > end > recipient's eyes. My draft requires footers to be plain text. > I was looking at the footers that Googlegroups puts in, and it seems to add them to both the text/plain and text/html parts. At least one IETF mailing list adds a new mime-part with text/plain. BTW has someone cataloged all these possible mailing list changes? -Wei > > > Best > Ale > -- > > [*] > https://mailarchive.ietf.org/arch/msg/dmarc/MKgdtkeKzNNguNWHwtrop0gvb_g > > > > > > >
- [dmarc-ietf] Reversing modifications from mailing… Wei Chuang
- Re: [dmarc-ietf] UNCOL and Reversing modification… John Levine
- Re: [dmarc-ietf] UNCOL and Reversing modification… Alessandro Vesely
- Re: [dmarc-ietf] Reversing modifications from mai… Alessandro Vesely
- Re: [dmarc-ietf] Reversing modifications from mai… Douglas Foster
- Re: [dmarc-ietf] UNCOL and Reversing modification… John Levine
- Re: [dmarc-ietf] Reversing modifications from mai… John Levine
- Re: [dmarc-ietf] UNCOL and Reversing modification… Alessandro Vesely
- Re: [dmarc-ietf] Reversing modifications from mai… Alessandro Vesely
- Re: [dmarc-ietf] UNCOL and Reversing modification… Baptiste Carvello
- Re: [dmarc-ietf] UNCOL and Reversing modification… Douglas Foster
- Re: [dmarc-ietf] Reversing modifications from mai… Wei Chuang
- Re: [dmarc-ietf] UNCOL and Reversing modification… Wei Chuang
- Re: [dmarc-ietf] UNCOL and Reversing modification… John R Levine
- Re: [dmarc-ietf] Reversing modifications from mai… John Levine
- Re: [dmarc-ietf] Reversing modifications from mai… Alessandro Vesely
- Re: [dmarc-ietf] Reversing modifications from mai… ned+dmarc
- Re: [dmarc-ietf] Reversing modifications from mai… Wei Chuang
- Re: [dmarc-ietf] Reversing modifications from mai… Dave Crocker
- Re: [dmarc-ietf] Reversing modifications from mai… John Levine
- Re: [dmarc-ietf] Reversing modifications from mai… Alessandro Vesely
- Re: [dmarc-ietf] Reversing modifications from mai… John R Levine
- Re: [dmarc-ietf] Reversing modifications from mai… Murray S. Kucherawy
- Re: [dmarc-ietf] Reversing modifications from mai… Murray S. Kucherawy
- Re: [dmarc-ietf] Reversing modifications from mai… Alessandro Vesely
- Re: [dmarc-ietf] Reversing modifications from mai… Wei Chuang
- Re: [dmarc-ietf] Reversing modifications from mai… Wei Chuang
- Re: [dmarc-ietf] Reversing modifications from mai… Wei Chuang
- Re: [dmarc-ietf] Reversing modifications from mai… John R Levine
- Re: [dmarc-ietf] Reversing modifications from mai… Scott Kitterman
- Re: [dmarc-ietf] Reversing modifications from mai… Alessandro Vesely
- Re: [dmarc-ietf] Reversing modifications from mai… John Levine
- Re: [dmarc-ietf] Reversing modifications from mai… Alessandro Vesely
- Re: [dmarc-ietf] Reversing modifications from mai… Wei Chuang
- Re: [dmarc-ietf] Reversing modifications from mai… John R Levine
- Re: [dmarc-ietf] Reversing modifications from mai… Benny Pedersen
- Re: [dmarc-ietf] Reversing modifications from mai… Murray S. Kucherawy
- Re: [dmarc-ietf] Reversing modifications from mai… Alessandro Vesely