IETF Logo Mail Archive

Re: [ietf-dkim] [dmarc-ietf] a slightly less kludge alternative to draft-kucherawy-dmarc-rcpts

"Murray S. Kucherawy" <superuser@gmail.com> Wed, 23 November 2016 21:50 UTC

Return-Path: <ietf-dkim-bounces@mipassoc.org>
X-Original-To: ietfarch-ietf-dkim-archive@ietfa.amsl.com
Delivered-To: ietfarch-ietf-dkim-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F18A712950D for <ietfarch-ietf-dkim-archive@ietfa.amsl.com>; Wed, 23 Nov 2016 13:50:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.589
X-Spam-Level:
X-Spam-Status: No, score=-1.589 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, DKIM_SIGNED=0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (body has been altered)" header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2O6KSkKJMYqq for <ietfarch-ietf-dkim-archive@ietfa.amsl.com>; Wed, 23 Nov 2016 13:50:05 -0800 (PST)
Received: from simon.songbird.com (simon.songbird.com [72.52.113.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1193F12948F for <ietf-dkim-archive@ietf.org>; Wed, 23 Nov 2016 13:50:05 -0800 (PST)
Received: from simon.songbird.com (simon.songbird.com [127.0.0.1]) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id uANLoAEa017354; Wed, 23 Nov 2016 13:50:12 -0800
Authentication-Results: simon.songbird.com; dkim=fail reason="verification failed; unprotected key" header.d=gmail.com header.i=@gmail.com header.b=j9nHctTG; dkim-adsp=none (unprotected policy); dkim-atps=neutral
Received: from mail-ua0-f172.google.com (mail-ua0-f172.google.com [209.85.217.172]) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id uANLo6PW017349 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT) for <ietf-dkim@mipassoc.org>; Wed, 23 Nov 2016 13:50:08 -0800
Received: by mail-ua0-f172.google.com with SMTP id b35so27944494uaa.3 for <ietf-dkim@mipassoc.org>; Wed, 23 Nov 2016 13:49:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=K67Cbuhysq9oq+k2Ybs5nwjG+VRYRo3sCQYcYz7owsY=; b=j9nHctTGxEsSMsd7mWGoLyuVI3WylhfTV04C2FN6TUDaFM6OIfvTkzUZ/9Sd4c/85s b2oVU1KcooOjqPCq20UQx/4FM4qL7e9/ZupIpX8ZzkjGemUJJQg6Czn0uEcMcu7V0eLv yT7OURc1SciCyfgQLQqJv/io65lZjT7JQjsQoR1Fb8kHmDNPaUjBhC8sGb4m1RGYSuvk orezkSjo4UT9QnFT5Ww3cqagdKIhyIyFQRdWYumFzmsQOy8mvABrKaNcotBWNxg8agXU ZgeW7e0gQ+WdYB8NMpfAvF5QPdssGphWM4NYzrxpSjWIDaFLUBtDb5qC82qwLSf6l9IC VifA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=K67Cbuhysq9oq+k2Ybs5nwjG+VRYRo3sCQYcYz7owsY=; b=iCgUdiSLbe4oqixBnGNEE257ueAqud2h+P9WDgGuCxQomxbsSwzdPgH4ScenYjVjv4 YavQSNSAA57rHuHcQN8S8CHuhOqwOLwkzcEKgxS3yczYacC1msPi02EtiBpCsCvOlYGe tVl1Sw1hXoubR1w/wKp5hF147h91GYJfTOn1eiJRiN59Gkw8vGj+eY4UiPy9xHESuY4F iqp4Oe0T7GDD6LvrOID3PwkWMS8he6hnpF14xOM3zmvMItgDvE8HSjzFcMRdzTuo/Ptp 50X+J9dSKkmQ8ZfyvKwWQZ/hE0zz+k9wbCh2bxEBtFoYA8YOpxE2ytgDW3QsRiZaLhkw p5KA==
X-Gm-Message-State: AKaTC00uPXYioMB+nWfaN31ruaQa2ud+d03nkW2aE2lohk0eVEMn95CItSwrus/PedEQZ0vsU4VbdZqY4qf09g==
X-Received: by 10.159.48.145 with SMTP id j17mr3068334uab.43.1479937741558; Wed, 23 Nov 2016 13:49:01 -0800 (PST)
MIME-Version: 1.0
Received: by 10.103.91.21 with HTTP; Wed, 23 Nov 2016 13:48:58 -0800 (PST)
In-Reply-To: <ddedacca04d4114472b70e13528081ae@xmail.mwn.de>
References: <alpine.OSX.2.11.1611142158000.21738@ary.local> <01Q7ASDZFS6C011WUX@mauve.mrochek.com> <CAL0qLwazAg2UJvGAr+nx8R_xEbc4xV0ttPEWFKUD69u6xXaMhA@mail.gmail.com> <CAL0qLwaMzy=qeW5XYZ_txPaiYE27Oof+C5V1uRANvv-_cayOcQ@mail.gmail.com> <CY1PR00MB0107389F8FE73F140849A19996BE0@CY1PR00MB0107.namprd00.prod.outlook.com> <2736ea21-69e6-83b1-3b59-377c032290b5@dcrocker.net> <CY1PR00MB01072F4EB32969888104C45196BE0@CY1PR00MB0107.namprd00.prod.outlook.com> <CAL0qLwbdNVwT-xiCmxyhSqKcp4-hCA1COHKh0wdYrYEekzZ=XA@mail.gmail.com> <3009defcc6dc9043823618dbc338460d@xmail.mwn.de> <CAL0qLwbvqABZGsm2Hp20y8wgvQTKvPn+EBKiS37eMrp+9NemjA@mail.gmail.com> <da2e49df90980fe460d1effd7734ef42@xmail.mwn.de> <CAL0qLwbA6Vjqpi5hGOtbpLV9FwgDO3VVA=Q5GgAU9F0qOsQCNQ@mail.gmail.com> <63a2bfc52a81eb569a0af5e1699390d9@xmail.mwn.de> <CAL0qLwZ42=GFDRm7H0qQ_7bczY8CPQaEuSUfgFEbO_Y5+5YvqA@mail.gmail.com> <b92d042d6be905ffd4bc43ea510571c2@xmail.mwn.de> <CAL0qLwb4SDWk0K+iLppnA5L66dac1s4JjEUwF5-Te2ba+JkHCg@mail.gmail.com> <ddedacca04d4114472b70e13528081ae@xmail.mwn.de>
From: "Murray S. Kucherawy" <superuser@gmail.com>
Date: Wed, 23 Nov 2016 13:48:58 -0800
Message-ID: <CAL0qLwZb_pE-bK1AHxzjnBOaeCMgsERf1AKNpBHn42zAWVcw2Q@mail.gmail.com>
To: Michael Storz <Michael.Storz@lrz.de>
Cc: Ietf Dkim <ietf-dkim@mipassoc.org>
Subject: Re: [ietf-dkim] [dmarc-ietf] a slightly less kludge alternative to draft-kucherawy-dmarc-rcpts
X-BeenThere: ietf-dkim@mipassoc.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id: IETF DKIM Discussion List <ietf-dkim.mipassoc.org>
List-Unsubscribe: <http://mipassoc.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=unsubscribe>
List-Archive: <http://mipassoc.org/pipermail/ietf-dkim/>
List-Post: <mailto:ietf-dkim@mipassoc.org>
List-Help: <mailto:ietf-dkim-request@mipassoc.org?subject=help>
List-Subscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1229674669042627727=="
Errors-To: ietf-dkim-bounces@mipassoc.org
Sender: ietf-dkim <ietf-dkim-bounces@mipassoc.org>

On Tue, Nov 22, 2016 at 7:45 AM, Michael Storz <Michael.Storz@lrz.de> wrote:


>
>> The negative side of the proposal is the requirement to split all
>>> multi-recipient-emails to single-recipient-emails, which is a show
>>> stopper for me.
>>>
>>
>> That's curious; why?
>>
>
> Because SMTP is defined as a multi-recipient transport. If this extension
> would require a mandatory split of every message, then this has to be
> discussed at IETF-SMTP because the semantics of SMTP are changed. It is a
> big difference if the implementation of a mta decides to split all messages
> on arrival or if some ISPs decide to send only singe-recipient emails, or
> if a protocol extension requires mandatory splitting.
>

As I understand it, the vast majority of mail you receive is very likely
single-recipient, and the vast majority of what you send is probably the
same.  Operationally this wouldn't change much.  On my personal machine,
the distribution looks like this so far today:

  23 nrcpts=0,
 319 nrcpts=1,
  17 nrcpts=2,

So forcing 100% of those messages to be single-recipient would add 17 more
messages, or just under 5% of today's flow so far.  I don't have immediate
access to data from a larger source.

SMTP is not "defined" as a multi-recipient transport.  It supports that as
an option but doesn't require it.  At best this proposal establishes a
required profile of its use, but doesn't change any protocol fundamentals.
MTAs would not have to be reimplemented, though the things that pass
messages to the MSA might.

If a sender splits all emails because of some local advantage the sender
> forces the receiver to waist a lot of ressources for nothing. Instead of
> one message going through anti-spam several messages must be processed. For
> example, we are runnig amavisd+spamassassin in pre-queue mode to be able to
> reject spam on arrival (legal reasons). Splitting means we have to provide
> more ressources for parallel connections and/or to limit the number of
> connections per ip address or network which results in delayed messages.


That's true, but it doesn't change the SMTP model directly.  And given the
fact that statistically the vast majority of your mail is already
single-recipient, the cost you're concerned about here will likely be
minimal.  Or do you have contrary data?

I don't buy this argument. I would assume that every program which
> manipulates an email will use a library for this.
>

I don't think that's a valid assumption.  OpenDKIM happens to have the one
you cited, but in a pure sense no DKIM implementation actually needs it.
In fact OpenDKIM doesn't even really need it anymore now that it no longer
supports ADSP.  I should actually drop it.


> How high is the probability that a new sender or recipient header field
> will be registered? And even if that's the case, that's not a big problem.
> The program would treat the addresses as BCCs until the administrator
> changes the config to use the additional field or an update of the program
> would incorporate this field.
>

Betting on who will do what in the future hasn't served us well in the
past.  Either way, I'm talking about the standards here.  RFC6376 did a
more hand-wavy job of listing, for example, which header fields to sign
than RFC4871 did, because we can't predict what sorts of header fields
might be registered later.  Instead, we talked about the general theory of
what should be signed versus which specific fields are in and which are out.

-MSK

_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html

v2.23.0 | Report a Bug | By Email