[dmarc-ietf] An alternative proposal to the known intermediary problem
Dotzero <dotzero@gmail.com> Fri, 26 June 2020 00:05 UTC
Return-Path: <dotzero@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1E293A106E for <dmarc@ietfa.amsl.com>; Thu, 25 Jun 2020 17:05:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zAsae_K-Zps2 for <dmarc@ietfa.amsl.com>; Thu, 25 Jun 2020 17:05:56 -0700 (PDT)
Received: from mail-wm1-x336.google.com (mail-wm1-x336.google.com [IPv6:2a00:1450:4864:20::336]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7A49D3A1078 for <dmarc@ietf.org>; Thu, 25 Jun 2020 17:05:56 -0700 (PDT)
Received: by mail-wm1-x336.google.com with SMTP id q15so7194063wmj.2 for <dmarc@ietf.org>; Thu, 25 Jun 2020 17:05:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=f3lt+w39ktcXY9piduUwiDpCxNvoYWU80GslBt/AruQ=; b=RsNRCkwxq9wTeLIu/cqHJK5ykC0UT+CZhWtumrSF+e6fHKwgkCZBfZTc6Evd6pW+Oh f4AI59gcpi6BtNt48MexKui9jVU2ERS81xc483RSz6WRHNjyfIGt6s5NzxbJg862U4gE 9zPOjJjzTbfeahjbhmPYGXfmls7/nuHBcTVny7yTCBe4VEq9mwOwpjGkRjJbI8hS7joA TxAFlRP/XEqxtplyuAsxJtDhSvXglCn4rht9Sviinv6wULXEEw/i1HFkUJPjbKboQEk8 Ij8HKsYvMn8abLn73zTB9ivTMMNOXV76vfLwnhrXJfUrQDu2rFeYiWe4qjtrMP4tn5U+ QyXQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=f3lt+w39ktcXY9piduUwiDpCxNvoYWU80GslBt/AruQ=; b=Cisu4wHOu/ottKNK7mI1ZS82NRD+hHXkdgatJEOw9SeBsBHErrZzFEkIGi8Eo5JwLR zYD41f7TB8Y9lyH74r9BlkKoNyCpo98SJdoP9IgOUdI3SzOcWaHvhTbJpxDvjb6NIYFR hrHQEqChga9TmHX0DLgnDLEro4jnyVzsosL69fZpxu23n2wmg2DQBB7c4M19GyVwo6XA woraDOVGjqqs/TgYTUItlrWxwD9LlgtCLA84mSdoToKokQHJpaV/oLnNdf0yo/ETf6G5 YQNOfaLCWl8IY+7vVI5Omw7MPJLj196YKNsTG9EidyCj2x8W/cpzRCwsU5RvPOu/0IRZ pesA==
X-Gm-Message-State: AOAM531Y5gbFJaroSk5MNtfh6JkzpkC7L0ZGHF6g5MKqab5WtyQ4PTWI oKsB1Hf6Y/H7Juz6HG2zUe6TPj8gA49JefPPEkEXoJNX
X-Google-Smtp-Source: ABdhPJzzyX4xDo4gFUrlMHEnCD8VlXTohKLi8ASAoY5m2Y/27s+MafCjoax8hr6ahLZRnyzhTk1u0h5z9oasXkqAjeg=
X-Received: by 2002:a1c:6408:: with SMTP id y8mr498516wmb.122.1593129954676; Thu, 25 Jun 2020 17:05:54 -0700 (PDT)
MIME-Version: 1.0
From: Dotzero <dotzero@gmail.com>
Date: Thu, 25 Jun 2020 20:05:43 -0400
Message-ID: <CAJ4XoYeCBh4YCofhZmv+A0336aifX55BLVSdh-u21kKj+GrjAA@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000007956405a8f17994"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/wM97DmQ6-FEgMD7wkEKtk1PdBbU>
Subject: [dmarc-ietf] An alternative proposal to the known intermediary problem
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Jun 2020 00:05:59 -0000
After reading Dave Crocker's proposal, which I consider fundamentally broken, I've given some thought to the issues. 1) Many MLM's do not want to change their current practices yet suffer consequences from DMARC implementations at their subscribers domains. 2) There is a mismatch between the granularity (domain) which DMARC operates at and individual subscriptions to mailing lists. 3) It would be useful for domains with individual users to show authorization for messages by individuals that are likely to flow through intermediaries such as MLMs. Without formulating all the details, what I propose for the groups consideration is a new field which I will call "Intermediary" as a stalking horse. This field would be DKIM signed separately from the current DKIM signing. This would ensure more robust survivability in passing through the intermediary. There would likely need to be some additional elements signed to mitigate against replay attacks using the second signature. Variations on this approach might include: A) Generic signing of "Intermediary". This seems as risky or perhaps more risky to me as signing using the "*l*=" tag. Presumably generic signing should not be used in conjunction with reject. B) Specifying the specific Intermediary in the Intermediary Field. This would indicate that the users domain recognizes that the user uses the intermediary and by policy exempts this use even though it breaks both DKIM and SPF validation. The receiving domain would need to recognize some potential risk of malicious modifications or additions to the message. Benefits of this proposal include: 1) This is an addition to DMARC that does not change the underlying functionality of DMARC for those domains not interested in participating in this extended functionality. 2) It resolves the mismatch in granularity between the domain level and the user level as far as authentication/authorization. 3) It would require no effort on the part of known intermediaries other than not breaking the second signature. Issues: 1) It increases administrative complexity for the originating domain in that it requires the domain to either track user:intermediary relationships or enable users to self approve such relationships ad hoc. 2) A more detailed specification would need to be fleshed out to determine whether this approach would survive likely modifications by known intermediaries. 3) This does not address the issue of modifications by intermediaries not identified in advance and authorized. Feel free to start pulling this apart. This is a proposal for an approach, not a complete proposed solution. Michael Hammer
- [dmarc-ietf] An alternative proposal to the known… Dotzero
- Re: [dmarc-ietf] An alternative proposal to the k… Alessandro Vesely
- Re: [dmarc-ietf] An alternative proposal to the k… Scott Kitterman
- Re: [dmarc-ietf] An alternative proposal to the k… Dotzero
- Re: [dmarc-ietf] An alternative proposal to the k… John Levine
- Re: [dmarc-ietf] An alternative proposal to the k… Hector Santos
- Re: [dmarc-ietf] An alternative proposal to the k… Hector Santos
- Re: [dmarc-ietf] An alternative proposal to the k… John Levine
- Re: [dmarc-ietf] An alternative proposal to the k… Stan Kalisch
- Re: [dmarc-ietf] An alternative proposal to the k… Dotzero
- Re: [dmarc-ietf] An alternative proposal to the k… John R Levine
- Re: [dmarc-ietf] An alternative proposal to the k… John Levine
- Re: [dmarc-ietf] An alternative proposal to the k… Alessandro Vesely
- Re: [dmarc-ietf] An alternative proposal to the k… Jim Fenton
- Re: [dmarc-ietf] An alternative proposal to the k… Hector Santos