[dmarc-ietf] Question regarding RFC 8617

"Weist, Bill" <William.Weist@iqvia.com> Mon, 04 November 2019 17:17 UTC

Return-Path: <William.Weist@iqvia.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A16F120824 for <dmarc@ietfa.amsl.com>; Mon, 4 Nov 2019 09:17:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tVlJnVMN-9qN for <dmarc@ietfa.amsl.com>; Mon, 4 Nov 2019 09:17:39 -0800 (PST)
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (mail-eopbgr760090.outbound.protection.outlook.com [40.107.76.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 39725120BB4 for <dmarc@ietf.org>; Mon, 4 Nov 2019 09:17:38 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=E6Nk/TdD3bvzfesKr0fqGPSP+lb+oEQoHWNLQE5qhPiIWzrSXJIrIDa2g9vieduiuwqQqScxp/VGGpW1PNaHzWVadN2zT+tK8JMGc9BRRYAm1q3jYvNDQ+4BJOuyKcXe+Djer/ZnupZv+cMb8Zkz8Pp9PWQsJBAMZgVmOnzNUnpXPkJt25vRph6JA0bykNoLImvXreZmL8OaGswaTc7KdUon3mJVuBVrUchpagOry+NvMoV4CzfWaw/01u9/YQkPETy7nuyWCQziR5MPur43IETrwpZR5fjLNCN4okKS0ZWUOu/QYZLgTz26adGgbddp+Cu/5n2ZlCSSzGp44p2d5w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DoJ7L4lhi/eiZEE37b7KKDEbEuWMLTE3/+1ZDhuxY84=; b=KMmUXUmHP4u+IdIpRi3KPK0F60HbtyT0wyQPSt7nmhC2XNdf07BHLazW7j70p62byUN42/6CE2TWkoPgMKjryFgzgsy0UKMTyUBlU5AnbpdA9GjEEJ3Vwq8QUHMwkPaM7L+EaXoaSWwcuLwDdxLmh1x6maP1rAu458etdp5iv9ddRcw2qJe/9RTtwrP7SVqb7PG+DgrzbUSc0sLl3Ccf3yybzFPYOEoSmzXpkLwt5OmgxL+GTekdhkCobkgj2foB0ZTj8mJHtGDeyu7BmLSc+FJG3sigRenvlX23/l0Se3NH0MlbQXp8tjhOBwSyRdpo61KEANkFBX7KmlI6Jo7NkA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=iqvia.com; dmarc=pass action=none header.from=iqvia.com; dkim=pass header.d=iqvia.com; arc=none
Received: from BN7PR05MB4163.namprd05.prod.outlook.com (52.132.217.155) by BN7PR05MB4323.namprd05.prod.outlook.com (52.135.249.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2430.16; Mon, 4 Nov 2019 17:17:36 +0000
Received: from BN7PR05MB4163.namprd05.prod.outlook.com ([fe80::64ec:6de1:44c6:c7b8]) by BN7PR05MB4163.namprd05.prod.outlook.com ([fe80::64ec:6de1:44c6:c7b8%6]) with mapi id 15.20.2430.013; Mon, 4 Nov 2019 17:17:35 +0000
From: "Weist, Bill" <William.Weist@iqvia.com>
To: "dmarc@ietf.org" <dmarc@ietf.org>
Thread-Topic: Question regarding RFC 8617
Thread-Index: AdWTMguQWnkvj8CtSAGz9qIfZtaWOQ==
Date: Mon, 4 Nov 2019 17:17:35 +0000
Message-ID: <BN7PR05MB416368F6F754F6B6E0095648FA7F0@BN7PR05MB4163.namprd05.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.0.700.9
dlp-reaction: no-action
authentication-results: spf=none (sender IP is ) smtp.mailfrom=William.Weist@iqvia.com;
x-originating-ip: [192.69.82.131]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 2073f4fb-4256-48a7-29a2-08d7614ae2fe
x-ms-traffictypediagnostic: BN7PR05MB4323:
x-ms-exchange-purlcount: 1
x-microsoft-antispam-prvs: <BN7PR05MB4323BF1337F3A405EEE12E35FA7F0@BN7PR05MB4323.namprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 0211965D06
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(396003)(39860400002)(346002)(136003)(366004)(376002)(51744003)(189003)(199004)(8936002)(8676002)(54896002)(7066003)(1730700003)(6916009)(14444005)(256004)(606006)(71200400001)(99286004)(102836004)(74316002)(14454004)(45080400002)(99936001)(7696005)(26005)(7736002)(71190400001)(478600001)(861006)(66066001)(81156014)(81166006)(7116003)(2351001)(5024004)(6506007)(316002)(86362001)(33656002)(6306002)(55016002)(5640700003)(5660300002)(3846002)(6116002)(790700001)(76116006)(66946007)(2501003)(966005)(66446008)(64756008)(66556008)(66476007)(66616009)(476003)(186003)(236005)(486006)(25786009)(733005)(9686003)(6436002)(2906002)(52536014); DIR:OUT; SFP:1102; SCL:1; SRVR:BN7PR05MB4323; H:BN7PR05MB4163.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: iqvia.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: AAWDouhLSjQVqDGS1+qVEEx4WV4HnKMVwYovoj+ppxq1fjy0A7UcAGuCHosHaUOV4TX6jSlHkqsF9Bxg+itY8x//ygOsszD1RufnrRcTKhhVmtgVqEh+EanAtQw+2TUCgZqSkK8C4D1APLtSc5P5aTQrYMeA58BpuPBK7deY8gzuu7UJyIdLyELKKKoKbYNJTbB5MgXW0Ny24wScPCu7zrbAyBZJORWlMjFJLeA4xRylfwBe3B1zj+eSr7+MqmJQGD2mCHiXIJ+CXnoZCMsuYSkgu2O1d6LYW9+X/TIIp1M7313nRyL+rimQI8Y81uF8kraWWrxIGDD5VDUW5HwCh5VHaIAMkrQmtXZrqDii/kv6v7VFjF3JhzaSD7lkS9b5bT52rbrQW24wwfVo5TtPt9gaX2azrakIaDs0wa7k1d5ihT7Rm2OMU64zRjsHz2ZUdVyEsaXAKdhEwf+fO17sgqC1KtqbFKIgPTIQpXtIxaU=
x-ms-exchange-transport-forked: True
Content-Type: multipart/related; boundary="_004_BN7PR05MB416368F6F754F6B6E0095648FA7F0BN7PR05MB4163namp_"; type="multipart/alternative"
MIME-Version: 1.0
X-OriginatorOrg: iqvia.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2073f4fb-4256-48a7-29a2-08d7614ae2fe
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Nov 2019 17:17:35.6988 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5989ece0-f90e-40bf-9c79-1a7beccdb861
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: xbdTwAld4d3Io4eNGgDLFUAPa4JkcLw7m0K0NT5QcQpO2l+u8WLEBUgmEhptZYXeQydVNDyoLWSt11kVszmPng==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR05MB4323
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/w5PIid3HMCKP6xfzCrjWr-JdK4Q>
X-Mailman-Approved-At: Wed, 06 Nov 2019 07:30:19 -0800
Subject: [dmarc-ietf] Question regarding RFC 8617
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Nov 2019 19:22:56 -0000

DOI:  10.17487/RFC8617

The inclusion of the address headers in the signature, and possibly the Subject, is an issue:

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=;

If a downstream server needs to modify either of these two values, the signature check fails.

It is my understanding that the Authenticated Received Check signature is to validate the chain of possession.  As such, in my opinion, the signature should only include immutable references.

In my opinion, there is value in NOT requiring headers to be stripped by downstream servers, thus maintaining the custody chain from origination to destination.

Thank you for your time and attention,

William M. Weist
Enterprise Architect I - Global Messaging - Mobile and Presence
CIO Team - End User Computing
[IQVIA logo_96dpi_100pxheight]
Learn more<http://www.iqvia.com/> about IQVIA(tm)

400 Campus Drive
Collegeville, PA 19426
USA

O: +1 610 244 2646 | M: +1 484 904 8244



________________________________________
IMPORTANT - PLEASE READ: This electronic message, including its attachments, is CONFIDENTIAL and may contain PROPRIETARY or LEGALLY PRIVILEGED or PROTECTED information and is intended for the authorized recipient of the sender. If you are not the intended recipient, you are hereby notified that any use, disclosure, copying, or distribution of this message or any of the information included in it is unauthorized and strictly prohibited. If you have received this message in error, please immediately notify the sender by reply e-mail and permanently delete this message and its attachments, along with any copies thereof, from all locations received (e.g., computer, mobile device, etc.). To the extent permitted by law, we may monitor electronic communications for the purposes of ensuring compliance with our legal and regulatory obligations and internal policies. We may also collect email traffic headers for analyzing patterns of network traffic and managing client relationships. For further information see: https://www.iqvia.com/about-us/privacy/privacy-policy. Thank you.