IETF Logo Mail Archive

Re: [ietf-822] Aptness of DKIM for MLs

Alessandro Vesely <vesely@tana.it> Fri, 06 June 2014 10:44 UTC

Return-Path: <vesely@tana.it>
X-Original-To: ietf-822@ietfa.amsl.com
Delivered-To: ietf-822@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 34F341A0456 for <ietf-822@ietfa.amsl.com>; Fri, 6 Jun 2014 03:44:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.155
X-Spam-Level:
X-Spam-Status: No, score=0.155 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DC_GIF_UNO_LARGO=2.176, DC_IMAGE_SPAM_HTML=0.81, DC_IMAGE_SPAM_TEXT=0.242, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.651, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3Bas0CV7DCXe for <ietf-822@ietfa.amsl.com>; Fri, 6 Jun 2014 03:44:45 -0700 (PDT)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB2A31A0438 for <ietf-822@ietf.org>; Fri, 6 Jun 2014 03:44:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=beta; t=1402051472; bh=2yWadm3zJGQPzCtSlizcfAIEO7+0wyUkNpgeTn+luxo=; l=35377; h=Date:From:To:CC:References:In-Reply-To; b=fjjdahu6TCQwecwEIfFCNjXaUrMIZjges4b4iiS9esMwLxgoERPdbIGnWeICSJJoS nh+ffmSkMPaRQA8kzLINaHMqkMQlx6F8mwuhZpFQIcpnnAs/GmaWcPfah9ynKD6fAe vBrVvNnyQ8BC8woQ6V1KZu1W2JcsmUTf9oJQRk9Y=
Authentication-Results: tana.it; auth=pass (details omitted)
Received: from [172.25.197.88] (pcale.tana [172.25.197.88]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k) by wmail.tana.it with ESMTPA; Fri, 06 Jun 2014 12:44:32 +0200 id 00000000005DC044.0000000053919B90.0000030F
Message-ID: <53919B90.8000003@tana.it>
Date: Fri, 06 Jun 2014 12:44:32 +0200
From: Alessandro Vesely <vesely@tana.it>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.5.0
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="=_north-783-1402051472-0001-2"
To: Douglas Otis <doug.mtview@gmail.com>
References: <20140506171238.28535.qmail@joyce.lan> <536A05B2.9060805@tana.it> <6.2.5.6.2.20140508104525.0c42ac38@resistor.net> <536CAC9C.6080807@tana.it> <E3F12910-586E-4A55-9394-8146FCB5FABF@gmail.com>
In-Reply-To: <E3F12910-586E-4A55-9394-8146FCB5FABF@gmail.com>
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf-822/fD9qI1DTpqpzLzbhOSP0yyyPwtI
Cc: ietf-822@ietf.org
Subject: Re: [ietf-822] Aptness of DKIM for MLs
X-BeenThere: ietf-822@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion of issues related to Internet Message Format \[RFC 822, RFC 2822, RFC 5322\]" <ietf-822.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-822>, <mailto:ietf-822-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-822/>
List-Post: <mailto:ietf-822@ietf.org>
List-Help: <mailto:ietf-822-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-822>, <mailto:ietf-822-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Jun 2014 10:44:46 -0000

Hi,

On Thu 05/Jun/2014 20:34:06 +0200 Doug Otis wrote:
> On May 9, 2014, at 3:23 AM, Alessandro Vesely <vesely@tana.it> wrote:
>>
>> To recap, assume a domain has a DB of (user, mailing list) pairs which
>> defines ML traffic.  Messages to ML are then sent in separate SMTP
>> transactions and weakly signed.  MLMs sign those messages in turn,
>> using strong signatures.  Verifiers derive the validity of MLM domains
>> by comparing d= against To: or Cc: mailboxes.
>>
>> Besides minor refinements, the major bar is to build that DB.  I
>> proposed to do it manually for starting, and then find out how to
>> automate its maintenance.
> 
> How can sending domains select the signature scheme?  For example,
> often there are other destinations cc'd.

An MTA can sign the message differently for different recipients.  If
all recipients are trusted, there is no need to do so.

> Conveying an alignment exception method to all parties is the
> intent behind TPA-Labels.  This avoids the need to apply weak
> signatures that can be maliciously replayed.  After all, DKIM does
> not constrain possible recipients.

Agreed.  I added TPA-Labels to the picture I posted on the ietf list
on May 14.  All three methods serve the same purpose, but they have
different pros and cons.  Roughly, TPA-Labels can aggregate domains
into federations, so they seem to be better for well established
lists.  Weak signatures provide for per-message control at the sender,
and are compatible with vanilla DKIM at the receiver.  For redundancy,
a sender can apply both of them at the same time.

> Good mailing lists are fairly keen at confirming subscriptions and
> do not represent a source of abuse.

Confirming subscriptions is part of the "manual process" in the
picture.  That seems to be the most difficult problem at this time.
DMARC reports can hardly be used to create a DB, IMHO.  However, a
sender could use reports from trusted receivers to verify it (that's
the yellow question mark in the picture).  Just mumbling...

> If a spear-phishing problem is confronted, authorizations could
> require an ORA header be added. An easy feature to add to this
> scheme.

If the spear-phisher can authenticate, I don't see how a possibly
spoofed ORA can help the receiver.

Ale

v2.23.0 | Report a Bug | By Email