Re: [dmarc-ietf] ARC questions
Michael Thomas <mike@mtcc.com> Mon, 23 November 2020 22:04 UTC
Return-Path: <mike@fresheez.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD8723A134F for <dmarc@ietfa.amsl.com>; Mon, 23 Nov 2020 14:04:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.25
X-Spam-Level:
X-Spam-Status: No, score=0.25 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mtcc-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m4Ovpg8xKVtB for <dmarc@ietfa.amsl.com>; Mon, 23 Nov 2020 14:04:27 -0800 (PST)
Received: from mail-pl1-x635.google.com (mail-pl1-x635.google.com [IPv6:2607:f8b0:4864:20::635]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 55E7F3A134D for <dmarc@ietf.org>; Mon, 23 Nov 2020 14:04:27 -0800 (PST)
Received: by mail-pl1-x635.google.com with SMTP id t18so9577040plo.0 for <dmarc@ietf.org>; Mon, 23 Nov 2020 14:04:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mtcc-com.20150623.gappssmtp.com; s=20150623; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language; bh=eQFHYmQy1AiCEsCizLiXazaLaGFTJpUzaVThKvfxj9s=; b=Vk4kpVnvLnhztUDOvbapVl14Pj5hTIu3BuBBFr2GBEt54fIB3yqS8RHb3xib+Slflz vO+oOnbERGJuaPcnqq12+wJytt41qrjChCayuz1Deww7s1w2DJnFMORg8Q9TEQMy/86J uvv+ilaMgfuQMnV903BvLmpecQ7lWLBhp9vjTHS1icTzBK8V9SBsuJZyoR+i2UTpTmfP cH8Y3O5GE5Vmbfbjdafv4upMd/G3oKSA843TLqgE4WbimBYYyzTtrwDBbxbJ/a3/HWgq lDFU4t9fAjAUzTVQIaLDz6FmqTZzOBhiHOc8iqVl37/IA8uv0WxTWyhRVc46vm/ZihlY 8CCA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=eQFHYmQy1AiCEsCizLiXazaLaGFTJpUzaVThKvfxj9s=; b=mxprv1VvCdOnQg17bbjOOSahGpuLcysUWNsXz1oLTOLo9az6QY90iYxjw698MDePLv zW8Nf/PoR8+ZNLfqJ7QvrsGt8FRG1uwWZJK4ijBLDeb6IDGr2opjrhn1rwZR0D1N6svq elki6fAYUrNgLVWDwHRPcKE7o1vx+o7YTFAPwuHnky8gf3c6gPh9luHU1dHpCulCl0wC c6Zm+Xk1NU6WSGoz1EQHa1h5+9sD4gJDPctKA5E++ayi1eal6l8IkJrkhygvehW2ZlbL A4AV7pbKOzl6XGeXTDt38UcVWYNaP4NV8mKhFquPpAc1VXJPcAh1E+wv33lcLMRGMKwK uing==
X-Gm-Message-State: AOAM531zp5vYEFkprSdBLYehYGXO3pO6CBgKCjLpQA2IcfG61RHJT0Gf xwTREJP3kyb2l3KhyWINQiHcxeXzwL6wYw==
X-Google-Smtp-Source: ABdhPJxfGRs8up/z1VPOEAAi8AeKz8QIWsXz52YY+z/CeCibQEdYhnTb8/OydGAeV1RxRi2FwJpJXw==
X-Received: by 2002:a17:902:9a0c:b029:d6:c6a3:66f with SMTP id v12-20020a1709029a0cb02900d6c6a3066fmr1311207plp.52.1606169066342; Mon, 23 Nov 2020 14:04:26 -0800 (PST)
Received: from mike-mac.lan (107-182-37-5.volcanocom.com. [107.182.37.5]) by smtp.gmail.com with ESMTPSA id 85sm2953857pfv.197.2020.11.23.14.04.25 for <dmarc@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 23 Nov 2020 14:04:25 -0800 (PST)
To: dmarc@ietf.org
References: <dcc265f9-a143-5093-eba0-94ee059c7cc7@mtcc.com> <20201122021417.B5E6E27B3E59@ary.qy> <CABuGu1pX=5ZC4RLsv19qrosRN9nCrPdeSk5Xg4O7ViEZit6dnA@mail.gmail.com> <453c4db4-fc62-dc76-5b15-707623d66f9f@mtcc.com> <64f18b-ae8-8c15-3d33-ff2d864c35bc@taugh.com> <884541e6-5076-7f8f-d1d2-d68ea9c5a2bc@mtcc.com> <CABa8R6u_K=KEQv3vmkVwEuYon350NEkd62eOovhq+gv9wonSnA@mail.gmail.com> <f28b76e5-2855-985e-ece5-960aa68e2846@dcrocker.net> <CABa8R6s+CoKv69g+Csu83e+vMac83rm85cFJXE09_H6TiYJB6Q@mail.gmail.com> <40aa3391-84fb-bd2d-92ab-e268c674d4a4@gmail.com> <CABa8R6u42VOJQDoUpdTC_8nAmEE3m0Y+D4xMFyCAaTRfyLj39w@mail.gmail.com> <7dbd9d27-83c9-2dc1-1ab9-8b585c9b87cb@gmail.com>
From: Michael Thomas <mike@mtcc.com>
Message-ID: <36a4b361-67ae-4a3f-b062-24860adfed35@mtcc.com>
Date: Mon, 23 Nov 2020 14:04:24 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.4.3
MIME-Version: 1.0
In-Reply-To: <7dbd9d27-83c9-2dc1-1ab9-8b585c9b87cb@gmail.com>
Content-Type: multipart/alternative; boundary="------------37AF7787E71271789491BC20"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/tiG6-j2Ni19VxvLKQ8Al5QQVyGs>
Subject: Re: [dmarc-ietf] ARC questions
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Nov 2020 22:04:29 -0000
On 11/23/20 12:48 PM, Dave Crocker wrote: >> This recent article also goes into things that DKIM signatures imply: >> https://blog.cryptographyengineering.com/2020/11/16/ok-google-please-publish-your-dkim-secret-keys/ >> <https://blog.cryptographyengineering.com/2020/11/16/ok-google-please-publish-your-dkim-secret-keys/> > > The level of condescension, ignorance, and error throughout that > article is impressive. Given that it was written by someone whose > profession requires extreme care about complex matters, the level of > carelessness in the article is especially unfortunate. > > Conveniently, he put his biggest error in bold font: > > "*DKIM provides a life-long guarantee of email authenticity that > anyone can use to cryptographically verify the authenticity of stolen > emails, even years after they were sent."* > > DKIM does no such thing. > Yeah, that was pretty bad. "DKIM can be used to verify a piece of mail due to operator practices, but there are absolutely no guarantee that a signature will verify in the future due to those same practices." > > ps. making sure that DKIM signature become invalid relatively soon -- > I think that removing the keys is simpler and just as effective as > publishing the private keys -- seems like a reasonable suggestion. > > Stephen Farrell is threatening to write an ID on the subject of publishing private keys. Frankly the stakeholders -- providers and users -- are not very well aligned on when where and why a provider would do such a thing. And writing an ID to say how to invalidate key when just unpublishing old selectors when you rotate keys is an easy second best shows that inertia is the actual issue, not the technical shortcoming. Mike
- [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions John Levine
- Re: [dmarc-ietf] ARC questions John Levine
- Re: [dmarc-ietf] ARC questions Kurt Andersen (b)
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions John R Levine
- Re: [dmarc-ietf] ARC questions Douglas E. Foster
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions John R Levine
- Re: [dmarc-ietf] ARC questions Douglas E. Foster
- Re: [dmarc-ietf] ARC questions Joseph Brennan
- Re: [dmarc-ietf] ARC questions Todd Herr
- Re: [dmarc-ietf] ARC questions Dave Crocker
- Re: [dmarc-ietf] ARC questions Doug Foster
- Re: [dmarc-ietf] ARC questions Dave Crocker
- Re: [dmarc-ietf] ARC questions Todd Herr
- Re: [dmarc-ietf] ARC questions Dave Crocker
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions John R Levine
- Re: [dmarc-ietf] ARC questions Brandon Long
- Re: [dmarc-ietf] ARC questions Dave Crocker
- Re: [dmarc-ietf] ARC questions Brandon Long
- Re: [dmarc-ietf] ARC questions Brandon Long
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions Brandon Long
- Re: [dmarc-ietf] ARC questions Dave Crocker
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions Brandon Long
- Re: [dmarc-ietf] ARC questions Brandon Long
- Re: [dmarc-ietf] ARC questions John R Levine
- Re: [dmarc-ietf] ARC questions Brandon Long
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions John R Levine
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions Dave Crocker
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions John Levine
- Re: [dmarc-ietf] ARC questions John Levine
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions Dave Crocker
- Re: [dmarc-ietf] ARC questions John R Levine
- Re: [dmarc-ietf] ARC questions Dave Crocker
- Re: [dmarc-ietf] ARC questions John R Levine
- Re: [dmarc-ietf] ARC questions Dave Crocker
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions Brandon Long
- Re: [dmarc-ietf] ARC questions Dave Crocker
- Re: [dmarc-ietf] ARC questions John Levine
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions Seth Blank
- Re: [dmarc-ietf] ARC questions Brandon Long
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions Brandon Long
- Re: [dmarc-ietf] ARC questions John R Levine
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions Douglas Foster
- Re: [dmarc-ietf] ARC questions Murray S. Kucherawy
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions Murray S. Kucherawy
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions Murray S. Kucherawy
- Re: [dmarc-ietf] ARC questions Alessandro Vesely
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions John Levine
- Re: [dmarc-ietf] ARC questions Brandon Long
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions John R Levine
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions John R Levine
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions John R Levine
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions John R Levine
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions Michael Thomas
- Re: [dmarc-ietf] ARC questions Benny Pedersen
- Re: [dmarc-ietf] ARC questions Brandon Long
- Re: [dmarc-ietf] ARC questions Brandon Long
- Re: [dmarc-ietf] ARC questions Michael Thomas