[dmarc-ietf] Proposal to Enhance Email Trustworthiness via RFC 8617 Modification - ARC
Alessandro Bertoldi BCS <alessandro@bertoldicybersecurity.com> Sun, 21 April 2024 14:59 UTC
Return-Path: <alessandro@bertoldicybersecurity.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 894FEC14F68A for <dmarc@ietfa.amsl.com>; Sun, 21 Apr 2024 07:59:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.084
X-Spam-Level:
X-Spam-Status: No, score=-7.084 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_TVD_FUZZY_SECURITIES=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (bad RSA signature)" header.d=bertoldicybersecurity.com header.b="NREikMsR"; dkim=pass (2048-bit key) header.d=bertoldicybersecurity.com header.b="OAkBD3kg"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qG00EJvKAXKt for <dmarc@ietfa.amsl.com>; Sun, 21 Apr 2024 07:59:34 -0700 (PDT)
Received: from out13-94.antispamcloud.com (out13-94.antispamcloud.com [185.201.17.94]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 81A46C14F5F9 for <dmarc@ietf.org>; Sun, 21 Apr 2024 07:59:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=bertoldicybersecurity.com; s=mail; h=Content-Type:MIME-Version:To:From: Message-ID:Subject:Date:reply-to:sender:cc:bcc:in-reply-to:references: content-transfer-encoding; bh=3RrdE+6IsJCHmDO6yZPlzUJZw2qnGNHW//MEUJFONzg=; b=NREikMsR4XCpfb4yMZmGAZbmfL0wTOgfiEUvD3WNily/U6kjK5pYi8QgsGo94+tZJ5qh/0EIiE MgL1Ia7RmiFccnx6hRyvaPpNv6ZI23vSIy3zfJxorCsT0Qy5nROaaJsk+/+/nQkgjjKSkHdGu8TnU H0vQGMXdnsFwBet0GQ6IEPRVXIVBVCACOheFBoESsHuoNdLmuNOtJ9RQkxdYoBTDBX7oPWL3fz1tW 1PUVfi3PDbNDGSxCtyIfELa2wln4PSGXmLyDMtjy7eATVMi+fDvi/Xl//ZZLMS/JC6FCdE7gfX8sA zaSm8/3+19c35TWULVlQWA/rjb0jvX04xkf9g==;
Received: from mail-de-01.intactmail.pro ([54.36.235.115]) by mx298.antispamcloud.com with esmtpsa (TLSv1.3:TLS_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <alessandro@bertoldicybersecurity.com>) id 1ryYf8-00Db64-P3 for dmarc@ietf.org; Sun, 21 Apr 2024 16:59:32 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=bertoldicybersecurity.com; s=mail; h=from:subject:date:message-id:to:mime-version:content-type; bh=SSrnyyXp1X2Frjoy1o10SvY8GAJkNm2zkWNwgv57nhs=; b=OAkBD3kgEZZofRkTdSUkmogPdDcPnLQjGhG8t6ZB88VT20GG3d1Lpoo/QSmRoGCfhdRzUJ6ZKs5Ph eeblllDtQxu4SaS4N8xlTJFvh1Zmr5yDn8+HRk8cQzaB8Km5UnpFpxtWuI12FhZeg9V3ajhMrxyKHz Pd7gH7oSEzvuMETQmFZscnErjXrOwFXIlqps9pAAFO4vHSlWtKjOHiuqfcRSeYEz9APDa20ALeyV3/ 00bpvkg3kb6QZ+V5F6MMlvslVuTctUJVRjDnto3akPT05KUiKoAepQYrsRnGUqAgpmVbn9RTgAddT2 onubSA2Gn+sai2vNAJ+0PvYIOsuR8gQ==
X-Footer: YmVydG9sZGljeWJlcnNlY3VyaXR5LmNvbQ==
Received: from localhost ([127.0.0.1]) by mail-de-01.intactmail.pro with ESMTPSA for dmarc@ietf.org; Sun, 21 Apr 2024 16:59:20 +0200
Date: Sun, 21 Apr 2024 16:58:35 +0200
Importance: Normal
X-Priority: 3
Thread-Index: AdqT/ChswRmc4W9FSTSn1YBu5mu3ow==
Message-ID: <d9456c99-a748-4719-b531-7a5b1c934ed1@bertoldicybersecurity.com>
X-Mailer: Kerio Outlook Connector (Offline Edition) (10.0.4.7941 T0)
From: Alessandro Bertoldi BCS <alessandro@bertoldicybersecurity.com>
To: dmarc@ietf.org
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=-n2HlvRupuldVXmuwkAtG"
X-Originating-IP: 54.36.235.115
X-IntactMail-Domain: bertoldicybersecurity.com
X-IntactMail-Username:
Authentication-Results: antispamcloud.com; auth=pass (login) smtp.auth=@bertoldicybersecurity.com
X-IntactMail-Outgoing-Class: unsure
X-IntactMail-Outgoing-Evidence: Combined (0.27)
X-Recommended-Action: accept
X-Filter-ID: Pt3MvcO5N4iKaDQ5O6lkdGlMVN6RH8bjRMzItlySaT/5XjqYQ56RgwErvdIYxx0PPUtbdvnXkggZ 3YnVId/Y5jcf0yeVQAvfjHznO7+bT5w++dpIZsYAU88QlgowNnDsfYzfQXcfqmra3dmoHS4ygnUf KO8JnJJ5gW5SA8ATMoNWuRWrkPihq53YqAd1ENNqEaR2Qq0IwzFPN7Dvst/5JpDuckKa9zdAPrkL ygxjFoLD1Sp6QgWm5fd3wIP5+MJSJDyGFXqXClYAZ2r7cPFe//wOGAM+ynD+JOz65SjcnuODwIE7 VKe+bqpcdCns72R1jZLbiJgv/xSVi6oXTzGUG1kGmkkmkXBUxcWkbwA4DrhXQFOX0czP0M0FvfyK B99w4dd/7cFr9iElQ10kGjyk4d4FtjUJtNE/cV0wSLHZldwtChAJ8MhPXbXvhZAyklffRAwX31WV Y5lWjWxuGSRuxRfiiXKDnS3cS+VcIvEFMphhKzy27dJ+eI97x1+KvbnG5YE5enyccp7RH4WQio3u GW7Kd+BtU7mmXHCxPtdenFQhEWyJzIkwSFAW0Pw8uiKeltK+MtP+Q+MOaQQT+Vn8BIlSPGIn6LIh 6vfZt6Tuc+uVfVL7ygxIxIEhQBgsu7ia6J1fhOzjF0b4LXcjJZ5lonPy9K14J/TtMIknoqDJ/CLt 0fnX+PAfC9OCwTUpNwqVixOpCDHd96kWTseETuLsSgc8b8InzZOiQgGhwehk3EKFAaJyGPWuuU+U aQ1KMWwvRG8T7pwXmr9SGGqjIis3WMHwQ2V/uWBCN/9T8JbkJGw18EX5/IZLPuUkhgwHbcOkJeW/ 3u56vNXdOum1kS9j9bziROTgqAcEf7/gaWQEMdGFvmscdg8zb/ATZbMmlZ/lOwjdPeGyGz1UuW6C eNSf289XGkKIuOFnH49c/yebU7cJxqmGJP+Vn2gZAkSVS8S00TQrHNlFI9KuHALQmgWq5DYGdNMU Zfn/IjgrL7Vklxsapzkfg8Rkd6gj93otYV/ffbPsszAsZ2iL0UxDmP11Bdb5qBDj0hfFV4jb6uap P1lYguETsTLz0uwnU/YcPrJnDYRwdcApCRgD1N4QACDtdw==
X-Report-Abuse-To: spam@quarantine14.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/vBlJXec_4sU0ZXj-EE0FUPK9Q8c>
Subject: [dmarc-ietf] Proposal to Enhance Email Trustworthiness via RFC 8617 Modification - ARC
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Apr 2024 14:59:38 -0000
Dear IETF Community, I hope this email finds you well. My name is Alessandro Bertoldi, and I am writing to you as an enthusiastic cybersecurity professional and the owner of a small, local email service provider. I have been following the development of email authentication protocols with great interest, particularly the work done on SPF, DKIM, DMARC, and the Authenticated Received Chain (ARC) protocol. As someone who is passionate about ensuring the trustworthiness and security of email communications, I have thoroughly studied RFC 8617 and believe that ARC has the potential to significantly enhance email authentication under certain circumstances. Introduction: This proposal seeks to refine RFC 8617, which governs the Authenticated Received Chain (ARC), to bolster email authentication and trust management. ARC's reliance on intermediaries for maintaining authentication across hops, while beneficial under certain conditions, engenders a dependency on third-party entities. These entities can modify message headers and affix ARC signatures, all without the originating domain's oversight, potentially undermining the system's integrity. Identified Issues: * Dependency on Intermediaries: ARC's framework mandates trust in intermediaries not necessarily under the originating domain's purview, casting doubts on the authentication process's security and integrity. * Absence of a Verifiable Trust Chain: Contrary to DNSSEC-like mechanisms, ARC lacks a transparent trust chain back to the origin, hampering efforts to independently ascertain the original authentication's legitimacy. * Lack of a Standardized Trusted Server List: The current implementation of ARC relies on large providers like Google and Microsoft to maintain lists of trusted servers, which may not be accessible or suitable for smaller providers or self-hosted servers. Furthermore, the criteria and priorities used by these major providers to compile their trusted server lists may not always align perfectly with the needs of smaller or niche providers, raising concerns about transparency and impartiality. Proposed Modifications: We suggest an amendment to RFC 8617 to empower the ARC sequence initiation right from the email's point of departure and to establish a standardized trusted server list. The modification encompasses: * Crystallization of Initial Authentication State: Document the initial SPF, DKIM, and DMARC authentication status as the email exits the originating server, detailing the evidence necessary for authenticity verification. * Documentation of Alterations: Mandate that any intermediary altering the message should annotate the specific changes made, thereby creating a verifiable chain of alterations leading back to the source. * Facilitation of Independent Verification: Introduce a facility allowing recipients to independently verify the ARC's trust chain, thereby eliminating undue reliance on intermediary trust. * Establishment of a Standardized Trusted Server List: * Major email providers will maintain a publicly accessible list of trusted servers, regularly updated and serving as a reference for smaller providers and self-hosted servers. * The list will adhere to a minimum set of standards, including categorization based on authentication capabilities and a machine-readable format for easy integration. * To ensure transparency and impartiality, the process of compiling and maintaining these lists should involve input from a wide range of stakeholders, including smaller providers. Mechanisms should be in place for providers to contribute data, provide feedback, and appeal decisions related to the trusted server lists. * Implementation Guidelines for Smaller Providers: * Smaller providers and self-hosted servers can choose to rely on the standardized trusted server list, with the flexibility to supplement it based on their specific requirements. * ARC implementations for smaller providers will include functionality to fetch and cache the trusted server list, compare intermediary authentication results against the list, and assign trust levels accordingly. Implementation Details Draft: While the full specification of the proposed modifications will require further discussion and refinement with the IETF community, here is a high-level overview of key implementation aspects to be addressed: * Standardized Trusted Server List: * JSON format with mandatory fields (hostname, IP, authentication capabilities, trust score, last update) * HTTPS REST API for access with rate limiting * Daily updates and high availability ensured by list maintainers * ARC Header Fields Extensions: * New structured fields for initial SPF, DKIM, DMARC status * Additional "ARC-Modifications" field to log changes by intermediaries * Specification of required syntax and semantics * Independent Verification Procedure: * Recursive validation of ARC Sets starting from the outermost one * Public key retrieval and signature verification for each ARC-Seal * Signer trustworthiness check against the trusted list or local reputation * Alignment check between ARC-Authentication-Results and initial status * Modification audit based on ARC-Modifications vs. actual content * Failure handling via informational tagging and DMARC re-evaluation * Implementation Guidelines for Smaller Providers: * MTA plugins and configuration templates for Postfix, Exim, Sendmail * Trusted list fetching, caching, and processing scripts * Testing and deployment best practices and checklists * Staged migration plan with monitoring and rollback capabilities * Success Metrics: * ARC adoption rate among trusted servers * Percentage of messages with valid ARC chains * DMARC pass rate impact * Qualitative feedback via participant surveys * Expected Benefits: * Empowerment of Domain Owners: This amendment aims to curtail reliance on intermediaries for authentication handling, mitigating unauthorized message alterations' security risks. Domain owners gain enhanced control over their message security. * Establishment of a Verifiable Trust Chain: By documenting the authentication outset and successive adjustments, a level of transparency and verifiability hitherto absent in ARC is achieved. This promotes easier origin identification and transit modifications' verification. * Broadened Inclusivity: The proposed hybrid approach, involving a standardized trusted server list with input from major providers as well as smaller operators, ensures that the system caters to the needs of the entire email ecosystem. By providing guidelines and tools for implementation, this proposal democratizes ARC adoption and enables entities of all scales to benefit from enhanced authentication capabilities. * Improved Consistency and Reliability: The introduction of a standardized trusted server list ensures a consistent reference point for all providers, enhancing interoperability and reducing fragmentation in ARC implementations. Conclusion: Our proposal aims to advance the ARC framework towards a more secure, transparent, and verifiably trustworthy email ecosystem, drawing parallels with DNSSEC's principles. By incorporating a standardized trusted server list and allowing for a hybrid approach that balances the inputs of major providers with the needs of smaller operators, we seek to create an inclusive and robust authentication system. The proposed modifications, including crystallization of initial authentication state, documentation of alterations, independent verification mechanisms, and implementation guidelines, work together to provide a comprehensive upgrade to the existing ARC protocol. Recognizing the collaborative nature of this endeavor, we invite the IETF community to deliberate on and assess this approach to enhance email authentication. We look forward to engaging in constructive discussions, refining the proposal, and working towards a more secure and trustworthy email ecosystem for all. Best regards, Alessandro Bertoldi "Empowering your business with cutting-edge cybersecurity solutions, safeguarding your digital assets and ensuring a seamless, secure experience for your customers." BertoldiCybersecurity Alessandro Bertoldi Owner T. +39 0185 799079 M. +39 348 5130136 E-Mail alessandro@bertoldicybersecurity.com www.bertoldicybersecurity.com
- [dmarc-ietf] Proposal to Enhance Email Trustworth… Alessandro Bertoldi BCS
- Re: [dmarc-ietf] Proposal to Enhance Email Trustw… John R. Levine
- [dmarc-ietf] R: Proposal to Enhance Email Trustwo… Alessandro Bertoldi BCS
- Re: [dmarc-ietf] Proposal to Enhance Email Trustw… Murray S. Kucherawy
- Re: [dmarc-ietf] Proposal to Enhance Email Trustw… Alessandro Vesely