Re: [dmarc-ietf] ARC questions

Brandon Long <blong@google.com> Fri, 04 December 2020 23:27 UTC

Return-Path: <blong@google.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19EEE3A1069 for <dmarc@ietfa.amsl.com>; Fri, 4 Dec 2020 15:27:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -16.999
X-Spam-Level:
X-Spam-Status: No, score=-16.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URI_HEX=0.1, URI_NOVOWEL=0.5, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RLeSycj4qGQy for <dmarc@ietfa.amsl.com>; Fri, 4 Dec 2020 15:27:56 -0800 (PST)
Received: from mail-vs1-xe36.google.com (mail-vs1-xe36.google.com [IPv6:2607:f8b0:4864:20::e36]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D57533A1047 for <dmarc@ietf.org>; Fri, 4 Dec 2020 15:27:55 -0800 (PST)
Received: by mail-vs1-xe36.google.com with SMTP id w18so4194176vsk.12 for <dmarc@ietf.org>; Fri, 04 Dec 2020 15:27:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=8+B9EAkTBov26HRAoCxw7zaIrP3TrB3KZlrsx52MZSM=; b=UgvOlJFCsEmiTqlYRfBKqYgGu3z07v0HhNvmjC6Gm+8vP/Uep9lf/VhdEpdW8l5JQW UcmpxIMsq/N6G97egar+y/NkdcrloYtiJ2hT2KpBBWlhnLxRiBMZdMGqCiCch76gB04k Bhi15REZqlTqlV/ZJ5FjOjYveuiz6Nmnk8ITqqCyG7mx594+x/vbg6l1jf8QpGcggQAx VNswrFo3iTTQuqjVXDn3uDoCMjjaUTEpX2WJqfHHKLDtu+iLmeigImHRUMTC6GHbx3JB Vd5DJjnv1PGITB8o5WxflP9tJL2AH850NSRZ6j3rhu8yr4h84hDrGrMtE/DRODgj9BIq IgWA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=8+B9EAkTBov26HRAoCxw7zaIrP3TrB3KZlrsx52MZSM=; b=WhbYfYRPC+VTx9us2ov8YAcLOuy/riMDN1dLGG9LOPsj9biWfjelGYjKeCbLVIthM4 sknRwm1pFjIZLbTV+A4pBoOxja7a5iqHsDIDRHEsaRvqaY8YUQLnNIxQs7fFA/SfW345 iC2mTMAXhUTrnTnRg9Ez9tbnjhR9LxWevplqNTLxTfUb7i2pUlL/8ehEj7L7PFRRqQIa BtN9aS10G8IP1gHnXdgVC0GmAhsqZXt439cYMsHTcg/bgNIeBnyMJ7Ww06+/PBQZyzcz rAHUJ1szrgP1ErmWrw5O7xqPTLmioyoQGTHwUm8LoW+VvW+bzffoQQQxBXenHjQBF9xv hxKg==
X-Gm-Message-State: AOAM531DtYsRvxNDYpJvBJA13vg12M2LrntkcAUojJoKpDPT7CGuVuaV n8Ho5kX1Err1BA+dSsjQ+c7HpVV2jfFdNdGJ/GkUAjRyIQ==
X-Google-Smtp-Source: ABdhPJwmm653cirhk3gxqnAXumPYTISNVllU9o0UUAp1K3yEMWxveE7MyX3n1xW65nzmF6mO3VqORz48K7gMRnlC9mA=
X-Received: by 2002:a67:e918:: with SMTP id c24mr6544878vso.55.1607124474574; Fri, 04 Dec 2020 15:27:54 -0800 (PST)
MIME-Version: 1.0
References: <20201124020453.AFDC027CE5C8@ary.qy> <cd855b53-d9bd-3412-3bd5-dc4b7720dc5c@mtcc.com> <CABa8R6s0bfs87Fu9eOq_R3WH1pngauVXrw3RSPe9iWWCtf3AmQ@mail.gmail.com> <c954eadd-5c85-c0d9-2168-8a42de506b72@mtcc.com> <CABa8R6swzAQLPU=xE2tr1W0J5r+w80BSYu87_ubMwHaUMgmKvA@mail.gmail.com> <1eed8278-4efa-4abc-15e0-2efcf014e82e@mtcc.com> <CABa8R6sEk+dHwHjBCKDgcmeT_Z3FymC5+jzy-GGa=7gJYvOf5A@mail.gmail.com> <446d491b-100a-9813-6463-2294f67bbda7@mtcc.com> <aafa5e78-aff9-8076-b76f-62f5b3a13fc1@taugh.com> <4190de2d-9f17-06d5-6354-30c989eecd4a@mtcc.com> <17d886fd-49fd-28d8-f8e4-7caf2e85919c@taugh.com> <f785884b-2a3d-a6fe-6bb6-ee792d23ff23@mtcc.com> <d5e9dbe-7d83-d3b1-2aa9-3e3562d3e75@taugh.com> <8bc3c7ad-2a42-3eed-524c-8c50b16131c2@mtcc.com> <42178950-1ac3-27b4-a981-155fd9117969@taugh.com> <a669c3b9-a9e5-91cb-cd39-e73115e90766@mtcc.com> <70bd5e9-f0e8-3bdf-c5f0-6428841e1577@iecc.com> <162586f5-d565-0e4f-955d-8ceca1d569d2@mtcc.com>
In-Reply-To: <162586f5-d565-0e4f-955d-8ceca1d569d2@mtcc.com>
From: Brandon Long <blong@google.com>
Date: Fri, 4 Dec 2020 15:27:41 -0800
Message-ID: <CABa8R6v+p7zWh1tJO+FUiepR3gvBADR1NPhmW1ED7pdvPxKPZA@mail.gmail.com>
To: Michael Thomas <mike@mtcc.com>
Cc: "John R. Levine" <johnl@iecc.com>, "dmarc@ietf.org" <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000006b1d9605b5abd3d4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/tI6NY3T6nY4Kb4T6HTrzQjSBZ3c>
Subject: Re: [dmarc-ietf] ARC questions
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Dec 2020 23:28:06 -0000

I'm pretty sure I explained what the X-Google-DKIM-Signature was in this or
related threads.  It was
part of the original attempt at ARC, which was
X-Original-Authentication-Results.  Adding just
an XOAR header was not sufficient, we had to have reason to trust it, so we
added the signature.
We didn't re-use the existing DKIM-Signature header name because that
header was already used
by DMARC and had a bunch of other uses that we didn't want to use.

And our own coding error while doing it meant that we validated that
point... Turns out the signature
was done re-using the existing DKIM code, which didn't sign the extra
X-Google- at the beginning...
so just stripping that off would still pass verification.  And we
originally signed with d=google.com,
so people could relay mail through us, remove the X-Google- and send it
again and phish people
since it was validly signed by Google.  So, we switched the domain to a
domain that never sends
email to work around that security issue.

So yes, that's a way to work around some of the issues if we wanted to
pursue the DKIM+A-R,
just have everyone sign with a different domain that you don't use for
mail.  That seems heavier
weight to me, but that would be a single-hop solution.  I think we did
discuss this in the early meetings
and found the ARC proposal provided more (multi-hop) and less complicated
(no new domains).  There's
also a phishing design challenge when picking a domain to represent you in
a limited way.

Brandon

On Wed, Dec 2, 2020 at 6:58 PM Michael Thomas <mike@mtcc.com> wrote:

> if you're trying to make a point about the bloat, you might actually get
> your facts straight. ARC adds an additional DKIM signature and a Seal. i
> have no idea what a X-Google-DKIM-Signature is and is not relevant.
>
> Mike
>
> On 12/2/20 6:55 PM, John R. Levine wrote:
> >> PS: you're adding X-Google-DKIM-Signature which nobody knows what its
> >> utility is to your bloat total for dramatic effect.
> >
> > Um, it was there when your message arrived here.  Complain to your
> > mail provider.
> >
> >> On 12/2/20 6:33 PM, John R Levine wrote:
> >>> On Wed, 2 Dec 2020, Michael Thomas wrote:
> >>>>> But why bother?  The IANA header field registry currently has 419
> >>>>> entries. Why is it a crisis if it increases to 422 rather than 420?
> >>>>
> >>>> It does a lot more than that:
> >>>
> >>> We've been through this all before and none of these are
> >>> persuasive.  For
> >>> example:
> >>>
> >>>> 3) It adds a lot more bloat to the headers
> >>>
> >>> The message you just sent arrived with 4600 bytes of header (see
> >>> below) and under 2K of text.  Copies that went through the dmarc
> >>> mailing list probably had at least another 1K of header.
> >>>
> >>> If header bloat were ever an issue, it hasn't been for decades.
> >>>
> >>> R's,
> >>> John
> >>> ---- snip ---
> >>> Return-Path: <mike@fresheez.com>
> >>> X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
> gal.iecc.com
> >>> X-Spam-Level: X-Spam-Status: No, score=-1.5 required=4.4
> >>> tests=BAYES_00,DCC_REPUT_00_12,
> >>>     DKIM_SIGNED,DKIM_VALID,NICE_REPLY_A,RDNS_NONE,SPF_HELO_NONE
> >>>     autolearn=no autolearn_force=no version=3.4.4
> >>> Delivered-To: johnl@iecc.com
> >>> Received: (qmail 70731 invoked by uid 1014); 2 Dec 2020 23:30:07 -0000
> >>> Delivered-To: virtual-taugh-johnl@taugh.com
> >>> Received: (qmail 70729 invoked from network); 2 Dec 2020 23:30:07 -0000
> >>> Authentication-Results: iecc.com; spf=pass
> >>> spf.mailfrom=mike@fresheez.com spf.helo=mail-pl1-x62a.google.com
> >>> smtp.remote-ip="2607:f8b0:4864:20::62a"; dkim=pass
> >>> header.d=mtcc-com.20150623.gappssmtp.com header.s=20150623
> >>> header.a=rsa-sha256 header.b="vvoZ+Loe"
> >>> Received: from mail-pl1-x62a.google.com
> ([IPV6:2607:f8b0:4864:20::62a])
> >>>   by mail1.iecc.com ([IPV6:2001:470:1f07:1126:33:5370:616d:6d31])
> >>>   with ESMTPS via TCP6 (port 38853/25) id 665297367
> >>>   tls TLS1.3_ECDHE_RSA_AES_128_GCM_AEAD sni mx1.taugh.com; 02 Dec
> >>> 2020 23:30:06 -0000
> >>> Received: by mail-pl1-x62a.google.com with SMTP id 4so91499plk.5
> >>>         for <johnl@taugh.com>om>; Wed, 02 Dec 2020 15:30:05 -0800 (PST)
> >>> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
> >>>         d=mtcc-com.20150623.gappssmtp.com; s=20150623;
> >>> h=subject:to:cc:references:from:message-id:date:user-agent
> >>> :mime-version:in-reply-to:content-transfer-encoding:content-language;
> >>>         bh=frJndGBg4PljdPRXFB1KqYuhqqDFqbuyeJjhznmBtNo=;
> >>> b=vvoZ+Loew2ueICysZfzHi5UwJ3jXLN5dX+kyHN3HI91ZMJWMq7cym6dw1XQ9zaHvar
> >>> KWobHhYgPlIURrzw5+sM1lArZM0+S8zElTI9oJicfts5VpsuYtc3kGzpFO58DlGQMzji
> >>> +Bshah0JzXltImvCLjzUhHXHOLYvfA/Hk9lwY5XD904cTcBo4UfTKvenfFv3yLyBc4k3
> >>> l61UDIWK7HRcdixAnDYx7zJLZaO3qcbPOwkG48uqCoMDIJVhcBndL82W/JflTPy4EB9S
> >>> VydV+ABOODKddInyT2i5+/cTXS1B66NWYHF/Auh1UqRkxB/+H5T//oXYkKWqXolceqkS
> >>>          Y3Nw==
> >>> X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
> >>>         d=1e100.net; s=20161025;
> >>> h=x-gm-message-state:subject:to:cc:references:from:message-id:date
> >>> :user-agent:mime-version:in-reply-to:content-transfer-encoding
> >>>          :content-language;
> >>>         bh=frJndGBg4PljdPRXFB1KqYuhqqDFqbuyeJjhznmBtNo=;
> >>> b=EiCvgdUtIHSRQXtcFgoSdo/YgcWiu1mxFOdlQ/tDw8nd2ipjfcUBNlRSW9ygClV9vu
> >>> TBZpT6xrU/F0xLA6fq9Tt51Z4S1VSgDSOCt1Ut8+oLzyBXkDCjQ3j8rByKqPkRvivOap
> >>> 82rO+tMd5J/4SMAAPGmJ28WAq+E7J4EJknvVu1LUOEiTERnAbmT9ZK/eTEKPjQGx0msa
> >>> GMCKzawKzSfLMvOIqaKoPUmxPyrtEnEUizEPer7/aXZ0pXrUTHQ82984GTYqSdKDoYIS
> >>> T+59dBxbPY9KwT33oih+1slVUSLBEbzUigK3wj4yA/71KTvr76KCUEaU8cYI6/TYcszz
> >>>          2CWA==
> >>> X-Gm-Message-State:
> >>> AOAM530XUwEgBdQ2e02rPshm7iyXROuyhTJeAndRJAFtQO8oX1JUEgsD
> >>>     chdQCnyR1XB3fAEw5oIqGysS4Q==
> >>> X-Google-Smtp-Source:
> >>>
> ABdhPJzQUtiWyUp4dVxdii6hT+h4YBukyVaoJ5846n5Di6IUaEwxKrufF/3Atxm7lejww+dr4k5xIw==
> >>> X-Received: by 2002:a17:90a:c4f:: with SMTP id
> >>> u15mr287214pje.177.1606951804840;
> >>>         Wed, 02 Dec 2020 15:30:04 -0800 (PST)
> >>> Return-Path: <mike@fresheez.com>
> >>> Received: from mike-mac.lan (107-182-42-33.volcanocom.com.
> >>> [107.182.42.33])
> >>>         by smtp.gmail.com with ESMTPSA id
> >>> x7sm158495pfn.85.2020.12.02.15.30.03
> >>>         (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
> >>>         Wed, 02 Dec 2020 15:30:04 -0800 (PST)
> >>> Subject: Re: [dmarc-ietf] ARC questions
> >>> To: John R Levine <johnl@taugh.com>om>, Brandon Long <blong@google.com>
> >>> Cc: IETF DMARC WG <dmarc@ietf.org>
> >>> References: <20201124020453.AFDC027CE5C8@ary.qy>
> >>>  <cd855b53-d9bd-3412-3bd5-dc4b7720dc5c@mtcc.com>
> >>>  <CABa8R6s0bfs87Fu9eOq_R3WH1pngauVXrw3RSPe9iWWCtf3AmQ@mail.gmail.com>
> >>>  <c954eadd-5c85-c0d9-2168-8a42de506b72@mtcc.com>
> >>>  <CABa8R6swzAQLPU=xE2tr1W0J5r+w80BSYu87_ubMwHaUMgmKvA@mail.gmail.com>
> >>>  <1eed8278-4efa-4abc-15e0-2efcf014e82e@mtcc.com>
> >>>  <CABa8R6sEk+dHwHjBCKDgcmeT_Z3FymC5+jzy-GGa=7gJYvOf5A@mail.gmail.com>
> >>>  <446d491b-100a-9813-6463-2294f67bbda7@mtcc.com>
> >>>  <aafa5e78-aff9-8076-b76f-62f5b3a13fc1@taugh.com>
> >>>  <4190de2d-9f17-06d5-6354-30c989eecd4a@mtcc.com>
> >>>  <17d886fd-49fd-28d8-f8e4-7caf2e85919c@taugh.com>
> >>>  <f785884b-2a3d-a6fe-6bb6-ee792d23ff23@mtcc.com>
> >>>  <d5e9dbe-7d83-d3b1-2aa9-3e3562d3e75@taugh.com>
> >>> From: Michael Thomas <mike@mtcc.com>
> >>> Message-ID: <8bc3c7ad-2a42-3eed-524c-8c50b16131c2@mtcc.com>
> >>> Date: Wed, 2 Dec 2020 15:30:01 -0800
> >>> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0)
> >>>  Gecko/20100101 Thunderbird/78.5.0
> >>> MIME-Version: 1.0
> >>> In-Reply-To: <d5e9dbe-7d83-d3b1-2aa9-3e3562d3e75@taugh.com>
> >>> Content-Type: text/plain; charset=utf-8; format=flowed
> >>> Content-Transfer-Encoding: 8bit
> >>> Content-Language: en-US
> >>
> >>
> >
> > Regards,
> > John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for
> > Dummies",
> > Please consider the environment before reading this e-mail.
> https://jl.ly
>
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
>