Re: [dmarc-ietf] ARC-Seal is meaningless security theatre
Bron Gondwana <brong@fastmailteam.com> Fri, 11 August 2017 23:54 UTC
Return-Path: <brong@fastmailteam.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CBFC6132350 for <dmarc@ietfa.amsl.com>; Fri, 11 Aug 2017 16:54:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmailteam.com header.b=KzLBn7GW; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=VzF9yK/Q
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jTMq8A3qHPOz for <dmarc@ietfa.amsl.com>; Fri, 11 Aug 2017 16:54:07 -0700 (PDT)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9DEB6132335 for <dmarc@ietf.org>; Fri, 11 Aug 2017 16:54:07 -0700 (PDT)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id F056620C01 for <dmarc@ietf.org>; Fri, 11 Aug 2017 19:54:06 -0400 (EDT)
Received: from web4 ([10.202.2.214]) by compute6.internal (MEProxy); Fri, 11 Aug 2017 19:54:06 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= fastmailteam.com; h=content-transfer-encoding:content-type:date :from:in-reply-to:message-id:mime-version:references:subject:to :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=QseEUcgjP9SwUAfIO rKEp+JAirvv4+PfLSjjLR+HJk4=; b=KzLBn7GWCiyQ45UOUhgL9XJxfhYI9Uzp3 OOleTFxB/BhXm6YDHm4FHfhzQfjN12CwiOvVG1TyekCUOpdDfxOSjyBXzsv6p6+0 r+qgPXGCgUAFz25FHu5JmBwQ7rrczopjWeERY1y0iZjHE94H7tqF3OmyC7HYAmNY t6mKUG/SkTI4PjpORNJ7nJ7qGW5Xgc1E5+XHrHnMf2R6jFM9lECmMmxS1bOte26R fd3n2AogJdPRousuAnl5gDpWKI6TGihLHsX+A4auyEpL8zm9yygAnN+s1L1Qn1G0 BApr2GOjxP4IPKlZz6qfh38gDs56UdXU5xjvl0dk4zs0KSLH7LfxA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=QseEUc gjP9SwUAfIOrKEp+JAirvv4+PfLSjjLR+HJk4=; b=VzF9yK/QVGDwAY/YzX3qwe xWUFUdGpkWTSQOKBb9nfxsNO49Xazpak2GE3VGSDcz+5WOLdIVtAQPFJCZXWjPeb yYyr5Te55MJS9MH8HNGY8LJkHrQ1B90+aZ2FNeuZ4tJ6dDaslxqNhvIN2Bn/IhVm 0mp5PFF/4/lelDgFX6Hfmf/m6a2wBjwvPJLIZpApZWIMVPR8LdqOLXR4LYwDYaP9 xvpRiLuTTyEK0a1jCoydAkosRGqVGiB0JlDS2WPrw5tqCCaD+y+JNqYjwSPKGLFk pttq1bWGLJj7DncAv7F/Ial+apF0mbm4H0zeuNCB69QCojAtBkRHnVIMzcupST2g ==
X-ME-Sender: <xms:nkOOWfWlc7Dwp9CeFXJ9xVJ6n30t7bOtwBRv56VlNmprjGS2iDhOiA>
Received: by mailuser.nyi.internal (Postfix, from userid 99) id B5D60BAB71; Fri, 11 Aug 2017 19:54:06 -0400 (EDT)
Message-Id: <1502495646.4099176.1070896040.2B09B1F8@webmail.messagingengine.com>
From: Bron Gondwana <brong@fastmailteam.com>
To: dmarc@ietf.org
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_150249564640991763"
X-Mailer: MessagingEngine.com Webmail Interface - ajax-33d44821
References: <1502083287.2191248.1065195288.7CDC7FF3@webmail.messagingengine.com> <CABuGu1oTMbuLd4yTwecu5sKFnsmH+HiwT1FG=JpySYHzpMTx_w@mail.gmail.com> <1502200759.3946686.1066841264.607B4D0B@webmail.messagingengine.com> <2720431.u3G7bbkkxK@kitterma-e6430> <1502317564.1935379.1068588344.040173AF@webmail.messagingengine.com> <a08c7590-ded3-1642-4ffc-07848b3c6cd2@gmail.com> <e14f2130-6f00-4ef1-485b-850a4cc1c48c@gmail.com>
Date: Sat, 12 Aug 2017 09:54:06 +1000
In-Reply-To: <e14f2130-6f00-4ef1-485b-850a4cc1c48c@gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/wMiY7L25oVnksOwJxuJJf1fz0vs>
Subject: Re: [dmarc-ietf] ARC-Seal is meaningless security theatre
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Aug 2017 23:54:12 -0000
On Sat, 12 Aug 2017, at 03:22, Dave Crocker wrote: I'm just picking out the key quote here: > On 8/7/2017 4:22 PM, Seth Blank wrote: >> When validating an ARC signed message, one verifies the latest AMS >> (which must validate), and *the entire chain* of ARC Seals, not only>> the latest. This guarantees you a list of all message signatories - >> the chain of custody we're talking about. Yes, I follow this bit, but then... >> When evaluating the chain for final receipt, there are two states to>> worry about as a matter of local policy: 1) you trust all the >> signatories on the chain 2) there is an untrusted signatory on the >> chain Which is why it's a bad idea to sign if you're not modifying, because then everybody has to trust you or their chain breaks, even though you didn't do anything which required signing. >> In state #1, you're done - if you trust the signatories then you >> trust they're not playing games with the AMS and AAR contents or >> manipulating the message in malicious ways. Now you can make a >> delivery decision as local policy dictates. Agree. >> In state #2, you're also done - if you don't trust all the >> signatories, then there are a multitude of routes for the message to>> be garbage, including but not limited to everything you've outlined >> above. Agree. >> The critical thing about the ARC Seal is that it guarantees this >> behavior in state #1 - if you trust all the d= values in the ARC >> Seals, they all validate, and you have cv=pass, then you know for >> certain everyone who has manipulated the message (and maybe some who>> handled but did not modify). In state #1, you don't need a chain of ARC Seal. You just need each site to sign their own AAR and each AAR to include "arc=pass" for the previous AMS. You trust the sites, so you trust them to verify the ARC status on ingress. So ARC Seal isn't adding anything other than complexity. I'm not saying "ARC Seal doesn't work in case #1" - I'm saying "ARC Seal is security theater in state #1". It's overly complex and adding no value. >> Without the ARC Seal this determination is not possible and there is>> no way to evaluate the ARC chain for delivery as a final receiver. And this is the crux of our disagreement. Seth thinks it's necessary to do more than signing a statement that you believed the message was authenticated when you got it, in a way that the next hop can verify your signature over your own Authentication Results plus the content of the message. I disagree. I'm proposing exactly the same stragety DKIM uses, just with series of signed "chain of custody" statements rather than the DKIM signature having to align with the sender domain. What has no value is a chain of ARC-Seal that has to stretch right back to the start, because all that is doing is signing its own crypto and some headers that can be trivially transplanted from another message. If this list allows messages with attachments, you'll see a copy of "signedforgery.txt" which has me pretending to be Kurt with the complex test message he gave me in Prague. I've forged the Subject and Body, and then Sealed it as brong.net. brong@zula:~/src/mail-dkim$ perl arc.pl < signedforgery.txt pass ARC-Seal: v=7 pass ARC-Message-Signature: v=7 pass ARC-Seal: v=6 pass ARC-Message-Signature: v=6 fail (message has been altered) ARC-Seal: v=5 pass ARC-Message-Signature: v=5 fail (message has been altered) ARC-Seal: v=4 pass ARC-Message-Signature: v=4 fail (message has been altered) ARC-Seal: v=3 pass ARC-Message-Signature: v=3 fail (message has been altered) ARC-Seal: v=2 pass ARC-Message-Signature: v=2 fail (message has been altered) ARC-Seal: v=1 pass ARC-Message-Signature: v=1 fail (message has been altered) The fact that there is an intact chain of ARC-Seal is pointless here. And as I have (hopefully successfully) argued above, if all the sites are trusted and they each successfully cryptographically authenticate the previous sender (or SPF at the first hop), you need is the AMS. ARC- Seal does nothing. Bron. -- Bron Gondwana, CEO, FastMail Pty Ltd brong@fastmailteam.com
- [dmarc-ietf] ARC-Seal is meaningless security the… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Tim Draegen
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… John Levine
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Scott Kitterman
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen (b)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… MH Michael Hammer (5304)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen (b)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen (b)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen (b)
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… mhammer@americangreetings.com
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Kurt Andersen
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Seth Blank
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Brandon Long
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Dave Crocker
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Murray S. Kucherawy
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Bron Gondwana
- Re: [dmarc-ietf] ARC-Seal is meaningless security… Hector Santos