IETF Logo Mail Archive

Re: [Ietf-dkim] Rechartering

Dave Crocker <dcrocker@bbiw.net> Mon, 28 November 2022 16:34 UTC

Return-Path: <dcrocker@bbiw.net>
X-Original-To: ietf-dkim@ietfa.amsl.com
Delivered-To: ietf-dkim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DEE98C152596 for <ietf-dkim@ietfa.amsl.com>; Mon, 28 Nov 2022 08:34:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=bbiw.net header.b=A0QdOm00; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=m81MpV5G
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KhsRrRRQc8Mp for <ietf-dkim@ietfa.amsl.com>; Mon, 28 Nov 2022 08:34:39 -0800 (PST)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2F170C15258C for <Ietf-dkim@ietf.org>; Mon, 28 Nov 2022 08:34:39 -0800 (PST)
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id B13B25C01AE; Mon, 28 Nov 2022 11:34:36 -0500 (EST)
Received: from mailfrontend1 ([10.202.2.162]) by compute5.internal (MEProxy); Mon, 28 Nov 2022 11:34:36 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bbiw.net; h=cc :cc:content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to; s=fm1; t=1669653276; x=1669739676; bh=1uEAFBdPxq uYzTh8GSBgrfPU1NkaHjbybeOPJi8mGZE=; b=A0QdOm008bimGeJKgBN+YXNug4 sHfg2slFRLsw3222E9443+BI45mSMsUCcVeJHNcF+7qIa53mR4b0KlzD9IMVCbcF 7nqkEuZ8x1u+PP0hBGruOFbWVfTd7tIYUEDZAy2sQjY4w3ZkMlHWnDEkII1LePku gxIzffkwcIkU4xwbyK37FIJ/pbdE8VcNLtsT+Wyy8pHKcbD/17CTNtGgbIpOmTYl OqwH9m2eCjzDYB6rWW0vWz03mVDJnDICXohZqv0d3H3Y6+zVThvIisXaxemxi5I3 YmOPYJFuzPLgma+7/Fbln4a1+KBij2l6N41KZFq//aSapKJtw+afSm9M6gmA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:date:date:feedback-id :feedback-id:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:sender:subject:subject:to:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; t=1669653276; x=1669739676; bh=1uEAFBdPxquYzTh8GSBgrfPU1Nka HjbybeOPJi8mGZE=; b=m81MpV5GCJeVWBemQUuhPK8gTtgkWteDr1DugzMFq+4q pctIo967lIwVUtGA8DMovKtfQESULy0HoZwUHc+slyuC6T2DATQ9tDgArlIEbDet XwM8AFayQMOOmZvABRDc9D3MtuBBDFU84K2hdPQMk+pHKaXhViX/18NeVtbh6lYk FeZNldI67ijkG2dwim1f0FVUoqha3dok6Ui0gddGBOLC7EtsTIgF31k1HazT3sWE KssqZSGIuFnpAd5TU9EiAykO/VZHo57DM6DjKaA/p2KcLwycH0ZszBRIl2rsvCqm CIUKFs3RGE5j+MGVAFNlz3XESIlm8yaYRNLmnksWTg==
X-ME-Sender: <xms:G-OEY4eFpjWjNDHvzMxdF80lXVAEv6qYIG5WMOcw8E6IOQ6LhVMUBg> <xme:G-OEY6NASOaJvYZbbBv-g-UkSTfLxlOIIi8nKULSm2nDNiCZ8fx1KpqdPBxfo2f5D z1BkaSjRGKIRil6FA>
X-ME-Received: <xmr:G-OEY5hPet7QqpMBW0d98CRXaRGMkzYjOGVj1Z2dYQITr8e5N7fhsO2p-XWUbpCKVCMOy7ydbWnHqqcHhXA8qcfMw2GYn-yMDKq63R3g>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvgedrjedvgdeludcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurheptgfkffggfgfuvfevfhfhohgjsegrtd erredtfeejnecuhfhrohhmpeffrghvvgcuvehrohgtkhgvrhcuoegutghrohgtkhgvrhes sggsihifrdhnvghtqeenucggtffrrghtthgvrhhnpeetffffueegvdfhgeegudejvdeuhf fguddtvdeujeffudfgvddvkeejffeludeifeenucffohhmrghinhepsggsihifrdhnvght necuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepuggtrh hotghkvghrsegssghifidrnhgvth
X-ME-Proxy: <xmx:HOOEY9_fmRKiDZLJnEDyu9wJcRarCWp28cdINlXPVH6lXRWFpsUaPg> <xmx:HOOEY0twfirJ2utho1Pq8_XYkFhHep3jus7ofF8eNtCigJJoOqaqXg> <xmx:HOOEY0HOw8BBb5DRzyShj9gnjZV1Q72mnLwg30DjMjjNezMU5bgRoA> <xmx:HOOEY63HeLbzS39woxE7RAM__9H8UKKqST8WI8fWHMvbkxImNpmv1A>
Feedback-ID: i16d9478d:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 28 Nov 2022 11:34:35 -0500 (EST)
Content-Type: multipart/alternative; boundary="------------d3mveqIjgt09vxSsQtz8BdKP"
Message-ID: <8be10cb2-d0ba-f3f2-9d2c-8890746d2eff@bbiw.net>
Date: Mon, 28 Nov 2022 08:34:34 -0800
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.5.0
To: "Murray S. Kucherawy" <superuser@gmail.com>
Cc: Ietf-dkim@ietf.org
References: <CAL0qLwZQAtLyDoAXgFoaNmsm3CCrLESr=P8foWe_YybWmC=PjA@mail.gmail.com> <3d7deffe-3ace-6411-417f-541f383d1892@dcrocker.net> <CAL0qLwZiSm8iCHG590voh4d6n6KBj1rFT9PWCvVM8hjXRv76Ng@mail.gmail.com>
Content-Language: en-US
From: Dave Crocker <dcrocker@bbiw.net>
Organization: Brandenburg InternetWorking
In-Reply-To: <CAL0qLwZiSm8iCHG590voh4d6n6KBj1rFT9PWCvVM8hjXRv76Ng@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-dkim/GWPydGuV8prxkGF5iTkEOxvXMF4>
Subject: Re: [Ietf-dkim] Rechartering
X-BeenThere: ietf-dkim@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DKIM List <ietf-dkim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-dkim/>
List-Post: <mailto:ietf-dkim@ietf.org>
List-Help: <mailto:ietf-dkim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Nov 2022 16:34:44 -0000

On 11/28/2022 12:14 AM, Murray S. Kucherawy wrote:
> On Sun, Nov 27, 2022 at 6:50 PM Dave Crocker <dhc@dcrocker.net> wrote:
>
>     This does not provide any real understanding of how replay is
>     accomplished.  And since it's easy to explain and doesn't take much
>     text, I'll again encourage including that in the document that
>     defines
>     the nature of the problem we will be working on, namely the charter.
>
>
> Doesn't the "A DKIM-signed message can be re-posted, ..." sentence do 
> that?  I pulled it from your suggested text for that very reason.  
> Maybe add something to the second sentence making clear the roles in 
> the attack?

Your text:

    A DKIM-signed message can be re-posted, to a different set of
    recipients, without
    disturbing the signature's validity.  This can be used to confound
    the engines that
    identify abusive content.

If a reader is sufficiently knowledgeable and thoughtful, this text is 
probably sufficient.

However...

While a charter typically should not do deep tutorials, it does have a 
goal of being useful for a wide audience, such as helping to convince a 
manager that their company should participate.  To that end, a bit of 
hand-holding in the charter can be helpful.

  * What does it take to achieve malicious reposting? Collaborating
    recipient.
  * How does this differ from non-malicious re-posting?  Mostly it
    doesn't, except in scale of repostings.  (And if I have that wrong,
    we should make sure we have solid wg understanding of the
    differences.  And if there is not clear and immediate consensus
    about it, then developing it should be explicitly part of the
    charter, IMO.)
  * How does it 'confound' analysis engines? By using the reputation of
    a good source site and therefore by looking like it is legitimate. 
    (Same parenthetical comments as the previous bullet.)

Hence my text:

    A DKIM-signed message can be re-posted, to additional recipients, in a fashion that retains the original signature. With an author and a recipient collaborating, this can "replay" the message, using the original signer's reputation to propagate email with problematic content -- spam, phishing, and the like.

    Generally, the technical characteristics of this form of abuse match that of legitimate mail, making its detection or prevention challenging. Timestamps and carefully-tailored message signing conventions are appealing approaches to replay mitigation.  Each has significant limitations.



>     > The DKIM working group will produce one or more technical
>     > specifications that
>     > describe the abuse and propose replay-resistant mechanisms that are
>     > compatible
>     > with DKIM's broad deployment.  The working group may produce
>     documents
>     > describing
>     > relevant experimental trials first.
>
>     This draft doesn't include the 'preservation of installed base' cover
>     text that Barry's had and I forgot to include in mine.  I think it's
>     important.
>
>
> I had intended "compatible with DKIM's broad deployment" to cover 
> exactly this.  Should I word it differently?

Looking over it less quickly, your text looks reasonable.

However...

Since this type of text is often important for controlling wg activity, 
I'll raise the question about the possible problem of having the wg 
decide that a significant change (not just addition) is needed that is 
NOT 'compatible'.  Imagine something that is permitted now, but isn't 
used much, and creates problems.  Making it no longer permitted might be 
helpful for dealing with the current problem, but, obviously, is not 
compatible with what is deployed, although actually affecting few 
activities. The challenge, then, is to document the goal of 
compatibility, without absolutely requiring it.

Yours:

    The DKIM working group will produce one or more technical
    specifications that
    describe the abuse and propose replay-resistant mechanisms that are
    compatible
    with DKIM's broad deployment.

Perhaps:

    The DKIM working group will produce one or more technical
    specifications that
    describe the abuse and propose replay-resistant mechanisms. The
    working group will
    seek compatibility with DKIM's broad deployment.


d/

-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net
mast:@dcrocker@mastodon.social

v2.23.0 | Report a Bug | By Email