Re: [ietf-822] WSJ/gmail/ML, was a permission to...
Hector Santos <hsantos@isdg.net> Sun, 04 May 2014 18:58 UTC
Return-Path: <hsantos@isdg.net>
X-Original-To: ietf-822@ietfa.amsl.com
Delivered-To: ietf-822@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0AE331A0185 for <ietf-822@ietfa.amsl.com>; Sun, 4 May 2014 11:58:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.338
X-Spam-Level:
X-Spam-Status: No, score=-99.338 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, J_CHICKENPOX_110=0.6, J_CHICKENPOX_14=0.6, J_CHICKENPOX_16=0.6, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DMXvwa7ZcGRO for <ietf-822@ietfa.amsl.com>; Sun, 4 May 2014 11:58:36 -0700 (PDT)
Received: from winserver.com (catinthebox.net [208.247.131.9]) by ietfa.amsl.com (Postfix) with ESMTP id E584A1A0161 for <ietf-822@ietf.org>; Sun, 4 May 2014 11:58:35 -0700 (PDT)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=6740; t=1399229901; h=Received:Received: Received:Received:Message-ID:Date:From:Organization:To:Subject: List-ID; bh=RFx4Pn9PXwYintb6S3nvAWHsbnI=; b=s1SvMhs2DM4bOh+lpMvr mScWbOpKDs6e1S8wiJHc2Cnsy7HUQxPcpMSotDIP6Ut4pgmz23j89wDeSQEgbUrJ 3VSCns9i29ilfMlLTeRXBez/MJH8njWynCgJC5ejI2PjXcliWSTt8/InHPCq46xk MSsGdTFUc9DFvRCoIyGEVn8=
Received: by winserver.com (Wildcat! SMTP Router v7.0.454.4) for ietf-822@ietf.org; Sun, 04 May 2014 14:58:21 -0400
Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; adsp=pass policy=all author.d=isdg.net asl.d=beta.winserver.com;
Received: from hector.wildcatblog.com (opensite.winserver.com [208.247.131.23]) by winserver.com (Wildcat! SMTP v7.0.454.4) with ESMTP id 2336969888.1.3400; Sun, 04 May 2014 14:33:31 -0400
DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=6740; t=1399228309; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=WjtC8IE h4pfXoHad26cwi5zBQyJOe/gw0aKH/qvc7X0=; b=C4NuOiKN2inJI4djm+SOGcV IQfHCSSzRJXNic9Ds66z/9VCd68hwgz5u1dGUHoRDI2QcpsEgC5DPnISbf19Udmd WbBybMBmXLzqhZ6Y1+UZQ6digCa48TLSPr6IxHxWUnNl2Pl5a71IbHIHGenkAC5G v9814FlnP2QCiY1ihC/Q=
Received: by beta.winserver.com (Wildcat! SMTP Router v7.0.454.4) for ietf-822@ietf.org; Sun, 04 May 2014 14:31:49 -0400
Received: from [192.168.1.2] ([99.121.4.27]) by beta.winserver.com (Wildcat! SMTP v7.0.454.4) with ESMTP id 2356485375.9.15180; Sun, 04 May 2014 14:31:48 -0400
Message-ID: <536687F5.2040503@isdg.net>
Date: Sun, 04 May 2014 14:33:25 -0400
From: Hector Santos <hsantos@isdg.net>
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: Michael Richardson <mcr+ietf@sandelman.ca>
References: <20140418123721.3610.qmail@joyce.lan> <5365357D.2020101@tana.it> <53653C7A.3090304@pscs.co.uk> <53655C13.9070201@isdg.net> <6116.1399163723@sandelman.ca>
In-Reply-To: <6116.1399163723@sandelman.ca>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf-822/BWn5kIr_4IJT90rjlNqdW3pMBnw
Cc: ietf-822@ietf.org, Paul Smith <paul@pscs.co.uk>
Subject: Re: [ietf-822] WSJ/gmail/ML, was a permission to...
X-BeenThere: ietf-822@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion of issues related to Internet Message Format \[RFC 822, RFC 2822, RFC 5322\]" <ietf-822.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-822>, <mailto:ietf-822-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-822/>
List-Post: <mailto:ietf-822@ietf.org>
List-Help: <mailto:ietf-822-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-822>, <mailto:ietf-822-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 04 May 2014 18:58:39 -0000
On 5/3/2014 8:35 PM, Michael Richardson wrote: > So, how in the world does this scale to having thousands of "trusted" mailing > lists? Seriously. We won't know if we don't try it. Of course, there is a management issue, but its doable. Simple but new DNS tools are needed. Surely, DNS is robust enough it. > > and there would be 30,000 ATPS records for all the purported list that > > yahoo says their users are members of. > > okay, but how would they have fit into that _adsp record? It would not fit within a "asl=" tag list of course, but ATPS records would be used for a larger scale. For example, for isdg.net I have the following records: _adsp._domainkey TXT ( "dkim=all; atps=y; asl=ietf.org,beta.winserver.com,santronics.com,isdg.net,winserver.com,megabytecoffee.com,mapurdy.com.au,mipassoc.org,gmail.com,googlegroups.com;" e4qssg6j6f6vggflfwk56n6ppxlbglmu._atps TXT ( "v=atps01; d=megabytecoffee.com;" ) jchjykxmwknbyfge2bg4td6add264olh._atps TXT ( "v=atps01; d=winserver.com;" ) kjshf2duqstols65zbhuytbbyr3zdecf._atps TXT ( "v=atps01; d=gmail.com;" ) n3lsehml2wgbfxov7hsak2qzsubsefhb._atps TXT ( "v=atps01; d=mipassoc.org;" ) pq6xadozsi47rluiq5yohg2hy3mvjyoo._atps TXT ( "v=atps01; d=ietf.org;" ) q42vdaxs6p26zflt3hcvqey3zp5aivxj._atps TXT ( "v=atps01; d=isdg.net;" ) rni5mcktu7c46wfgxg4mhhnv4t62bi3y._atps TXT ( "v=atps01; d=mapurdy.com.au;" ) tudfisabn5dz3vjm2kxcehc5attdbqh6._atps TXT ( "v=atps01; d=santronics.com;" ) Can DNS handle 30,000 for a zone file? No problem. > I sure support the concept, but it seems to me that we need to do this > differently. I agree we should review all the work, the explorations for optimizing and scaling DNS lookup methods, maybe there is better new DNS expectations for "wild cards." I don't think we are ready to switch to a non-DNS lookup solution, but it should be considered if only as a blackbox I/O function. Also, there is also the DKIM signature i= tag value or AUID "Agent or User Identity" which may play a role in DKIM-LIST environments. See comments below about AUID. > I was thinking that a (list) machine, receiving a signed message with > p=reject, would respond with some new 3xx code that would say, "great, I'd > love to help you, but you didn't delegate to me....", and then include > some transactional part that would help the right authorization occur. > Perhaps going back to the *user* to confirm. Yes, it would be one deployment option. The IETF should be documenting the practical possible deployment options for a SMTP REJECT protocol semantic without the lost of security. The alternative options provide the same security protection to the end-user -- no harm, which I think includes: [X] Honor DMARC p=reject by: (o) 550 Reject (_) 250 Accept and Discard (_) 250 Accept and Keep (_) 250 Accept and Quarantine (user junk bin) (_) 250 Accept and Bounce/DSN (_) 250 Accept and Non-Bounce Notification Of course, a restrictive domain could quarantine DMARC failed mail and present it to the user (in a safe way) to get his acknowledgment and/or authorization, thus "learning" a whitelist of resigners. Yahoo decided not to implement or deploy the DMARC p=quarantine mode of operations. > After all, just because mcr@yahoo.com is a subscriber to ietf.org lists, > doesn't mean that frank@yahoo.com wants his email redistributed by ietf.org. The real question is whether there is a security hole with yahoo.com opening up its DMARC policy with trusted 3rd party resigners. Can a bad guy use the trusted ietf.org site to send bad mail purportedly from an uncompromised frank@yahoo.com? User-based policies or user-level granularity designs was always left on the back burner for its obvious design overhead and complexity. It was all very vague how we can use some of those options, and if any, at some local level only. The AUID "Agent or User Identity" DKIM-Signature i= tag value is an example. In DKIM RFC6376 theory, we have two parameters for lookups: DKIM-Signature: ... d=SDID i=AUID where SDID is the signing domain and AUID is the optional sub-domain of the signer domain. This strict SDID/AUID alignment has always been a problem. It could be used for user granularity authorization at some level but it lacked flexibility for a 3rd party policy semantic unless the implementation added the author address as part of the AUID. I have an example of that with our DKIM implementation signer configuration option shown below. The problem was the lost of an "Author Domain Identity" (ADID) in the DKIM equation: From: user.id@ADID DKIM-Signature: ... d=SDID i=AUID And we also now have a possible mail List-ID to consider: List-ID: MLID What are all the relationships between these ADID, SDID, AUID and MLID identities? Maybe that is the abstract question DKIM alludes to by separating SDID and ADID, but we now know the DMARC industry is not wanting to separate the two. Here is what DKIM says about SDID and AUID: 3.11. Relationship between SDID and AUID http://tools.ietf.org/html/rfc6376#section-3.11 How do we scale an authorization system for a 3rd party SDID signer who MAY be related to the ADID, AUID and/or MLID? How do we separate the SDID and AUID to add the ADID? What we did with our DKIM implementation was to offer the following DKIM signer configuration option for setting the i= tag: # USER DEFINED TAGS: # # The UserTags are experimental. They are additional signed "tag=value;" # information added to the signed signature. The tag MUST NOT conflict # with an DKIM standard tag. # # IDENTITY (i=) # # The optional i= tag allows you to add any valid formatted "email address" # (but it doesn't have to exist). It must be the same domain as the signer # or a sub-domain of the signer. Some macros are available: # # {AUTHOR} replace the Author (From:) address # {AUTHOR.DOMAIN} replace the Author (From:) address domain # {SIGNER} replace the signer domain # # example: i= {AUTHOR}.{SIGNER} So as you can see, this was one way to get the ADID into the DKIM equation: DKIM-Signature: ... d=SDID i=ADID.AUID There are a lot of ideas considered, included some CallBack methods where a Message ID (MSGID) can be checked at the source. IBM even has a MSGID call back patent. Whatever the DKIM-LIST resigner solution is, the receiver's DKIM Check Signing Practice (CSP) module process model could be: RESULT = DKIM_CSP(SDID, ADID, AUID, MLID, MSGID) and ultimately, it is the ADID Author Domain that should have the final mail policy say in what is expected and honored for any of this to have a chance to work. -- HLS
- [ietf-822] A permission to re-sign header John Levine
- Re: [ietf-822] A permission to re-sign header Alessandro Vesely
- Re: [ietf-822] A permission to re-sign header John Levine
- Re: [ietf-822] A permission to re-sign header Hector Santos
- Re: [ietf-822] A permission to re-sign header Murray S. Kucherawy
- Re: [ietf-822] A permission to re-sign header John R Levine
- Re: [ietf-822] A permission to re-sign header Murray S. Kucherawy
- Re: [ietf-822] A permission to re-sign header John R Levine
- Re: [ietf-822] A permission to re-sign header Pete Resnick
- Re: [ietf-822] A permission to re-sign header Pete Resnick
- Re: [ietf-822] A permission to re-sign header John R Levine
- Re: [ietf-822] A permission to re-sign header Pete Resnick
- Re: [ietf-822] A permission to re-sign header John R Levine
- Re: [ietf-822] A permission to re-sign header Alessandro Vesely
- Re: [ietf-822] A permission to re-sign header Michael Richardson
- Re: [ietf-822] A permission to re-sign header Michael Richardson
- Re: [ietf-822] A permission to re-sign header Theodore Ts'o
- Re: [ietf-822] A permission to re-sign header Pete Resnick
- Re: [ietf-822] A permission to re-sign header Miles Fidelman
- Re: [ietf-822] A permission to re-sign header John Levine
- Re: [ietf-822] one can re-sign without a permissi… Ned Freed
- Re: [ietf-822] one can re-sign without a permissi… Alessandro Vesely
- Re: [ietf-822] A permission to re-sign header Ned Freed
- Re: [ietf-822] A permission to re-sign header Alessandro Vesely
- Re: [ietf-822] A permission to re-sign header Paul Smith
- Re: [ietf-822] don't need a permission to re-sign… John Levine
- Re: [ietf-822] don't need a permission to re-sign… Ned Freed
- Re: [ietf-822] don't need a permission to re-sign… John R Levine
- Re: [ietf-822] don't need a permission to re-sign… Ned Freed
- Re: [ietf-822] one can re-sign without a permissi… Alessandro Vesely
- Re: [ietf-822] one can re-sign without a permissi… Ned Freed
- Re: [ietf-822] one can re-sign without a permissi… Pete Resnick
- Re: [ietf-822] one can re-sign without a permissi… Douglas Otis
- [ietf-822] We need a DKIM Policy Working Group Hector Santos
- Re: [ietf-822] We need a DKIM Policy Working Group S Moonesamy
- Re: [ietf-822] one can re-sign without a permissi… John Levine
- Re: [ietf-822] one can re-sign without a permissi… John Levine
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Miles Fidelman
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Alessandro Vesely
- Re: [ietf-822] one can re-sign without a permissi… Douglas Otis
- Re: [ietf-822] one can re-sign without a permissi… Pete Resnick
- Re: [ietf-822] one can re-sign without a permissi… Alessandro Vesely
- Re: [ietf-822] one can re-sign without a permissi… Paul Smith
- Re: [ietf-822] one can re-sign without a permissi… John R Levine
- Re: [ietf-822] one can re-sign without a permissi… Hector Santos
- Re: [ietf-822] one can re-sign without a permissi… Douglas Otis
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Alessandro Vesely
- Re: [ietf-822] one can re-sign without a permissi… Hector Santos
- [ietf-822] WSJ/gmail/ML, was a permission to... Alessandro Vesely
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… John R Levine
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Paul Smith
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Rolf E. Sonneveld
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Hector Santos
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Michael Richardson
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Paul Smith
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Alessandro Vesely
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Miles Fidelman
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… John R Levine
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… John Levine
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Arnt Gulbrandsen
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… John Levine
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Ned Freed
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Dave Crocker
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Ned Freed
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… John R Levine
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… John R Levine
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Arnt Gulbrandsen
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Bart Schaefer
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Hector Santos
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… John Levine
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Michael Richardson
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Michael Richardson
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… John Levine
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Ned Freed
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Michael Richardson
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Michael Richardson
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Russ Allbery
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Brandon Long
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Brandon Long
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Arnt Gulbrandsen
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Alessandro Vesely
- Re: [ietf-822] one can re-sign without a permissi… Paul Smith
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Hector Santos
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… John R Levine
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Ned Freed
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… S Moonesamy
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Russ Allbery
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Hector Santos
- Re: [ietf-822] one can re-sign without a permissi… Brandon Long
- Re: [ietf-822] one can re-sign without a permissi… Murray S. Kucherawy
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Miles Fidelman
- Re: [ietf-822] one can re-sign without a permissi… John R Levine
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Ned Freed
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… S Moonesamy
- Re: [ietf-822] one can re-sign without a permissi… John Levine
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Miles Fidelman
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Scott Kitterman
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Russ Allbery
- Re: [ietf-822] one can re-sign without a permissi… Murray S. Kucherawy
- Re: [ietf-822] one can re-sign without a permissi… John R Levine
- Re: [ietf-822] one can re-sign without a permissi… Hector Santos
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… S Moonesamy
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Paul Smith
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Alessandro Vesely
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Miles Fidelman
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… John Levine
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… John Levine
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Brandon Long
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Brandon Long
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Russ Allbery
- [ietf-822] Aptness of DKIM for MLs Alessandro Vesely
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Alessandro Vesely
- Re: [ietf-822] Aptness of DKIM for MLs S Moonesamy
- Re: [ietf-822] Aptness of DKIM for MLs Alessandro Vesely
- Re: [ietf-822] Aptness of DKIM for MLs S Moonesamy
- Re: [ietf-822] Aptness of DKIM for MLs Hector Santos
- Re: [ietf-822] Aptness of DKIM for MLs Douglas Otis
- Re: [ietf-822] Aptness of DKIM for MLs Alessandro Vesely
- Re: [ietf-822] Aptness of DKIM for MLs Douglas Otis
- Re: [ietf-822] WSJ/gmail/ML, was a permission to.… Douglas Otis
- Re: [ietf-822] Aptness of DKIM for MLs Alessandro Vesely
- Re: [ietf-822] one can re-sign without a permissi… Douglas Otis