IETF Logo Mail Archive

Re: [ietf-dkim] [dmarc-ietf] a slightly less kludge alternative to draft-kucherawy-dmarc-rcpts

Michael Storz <Michael.Storz@lrz.de> Wed, 23 November 2016 16:37 UTC

Return-Path: <ietf-dkim-bounces@mipassoc.org>
X-Original-To: ietfarch-ietf-dkim-archive@ietfa.amsl.com
Delivered-To: ietfarch-ietf-dkim-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 58D02129F46 for <ietfarch-ietf-dkim-archive@ietfa.amsl.com>; Wed, 23 Nov 2016 08:37:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.791
X-Spam-Level:
X-Spam-Status: No, score=-1.791 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=lrz.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1Z8NSLdN-YCv for <ietfarch-ietf-dkim-archive@ietfa.amsl.com>; Wed, 23 Nov 2016 08:37:20 -0800 (PST)
Received: from simon.songbird.com (simon.songbird.com [72.52.113.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CAFC7129F44 for <ietf-dkim-archive@ietf.org>; Wed, 23 Nov 2016 08:37:20 -0800 (PST)
Received: from simon.songbird.com (simon.songbird.com [127.0.0.1]) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id uANGbIE5004867; Wed, 23 Nov 2016 08:37:20 -0800
Authentication-Results: simon.songbird.com; dkim=fail reason="verification failed; unprotected key" header.d=lrz.de header.i=@lrz.de header.b=Gp8eCX+t; dkim-adsp=none (unprotected policy); dkim-atps=neutral
Received: from postout2.mail.lrz.de (postout2.mail.lrz.de [129.187.255.138]) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id uANGbEnU004863 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <ietf-dkim@mipassoc.org>; Wed, 23 Nov 2016 08:37:16 -0800
Received: from lxmhs52.srv.lrz.de (localhost [127.0.0.1]) by postout2.mail.lrz.de (Postfix) with ESMTP id 3tP7JF6hQhzyjv for <ietf-dkim@mipassoc.org>; Wed, 23 Nov 2016 17:36:13 +0100 (CET)
Authentication-Results: postout.lrz.de (amavisd-new); dkim=pass (2048-bit key) reason="pass (just generated, assumed good)" header.d=lrz.de
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=lrz.de; h= user-agent:message-id:references:in-reply-to:subject:subject :from:from:date:date:content-transfer-encoding:content-type :content-type:mime-version:received:received:received; s= postout; t=1479918973; bh=xHzUADNRMYDBz/xcmVbPKzZMtZLgpcE8PNJJvO 7xnGU=; b=Gp8eCX+t13QOG0YRmyGlj9Sw65wlgN1wlFoBHxDbKzBcROcfm9SPgp AL901VQKXvuxyka+FYK9jZca/lHnjdPN0vabFBZkULOS4u5RZ14EYhPCZR18QHT1 5/fF0Io8Fl4ZKk8bYqgOLCz/zFRiZ98pShz4Spp2lGaQBdvHxa8P7flQs83a0vHi wtuM0GH63V/71PpnlLLh/9V13YxwQTaBuw+ar4O7m14bN0L6MVzcYKM4RtZKHEfD Os0C7pKO3prxL8ab2MMHDsMGmJ3EFWpI/+0YqWEFgjuKhYCyNqdZ+wWEhtNS2itq RFaLLS4ediIRTJ/ZCmKbzF+1i4LpiTSQ==
X-Virus-Scanned: by amavisd-new at lrz.de in lxmhs52.srv.lrz.de
Received: from postout2.mail.lrz.de ([127.0.0.1]) by lxmhs52.srv.lrz.de (lxmhs52.srv.lrz.de [127.0.0.1]) (amavisd-new, port 20024) with LMTP id PHiOeQmmZTNQ for <ietf-dkim@mipassoc.org>; Wed, 23 Nov 2016 17:36:13 +0100 (CET)
Received: from roundcube.lrz.de (roundcube.lrz.de [IPv6:2001:4ca0:0:103::81bb:ff93]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by postout2.mail.lrz.de (Postfix) with ESMTPSA id 3tP7JF0BsVzyjh for <ietf-dkim@mipassoc.org>; Wed, 23 Nov 2016 17:36:13 +0100 (CET)
Received: from badwlrz-clmst04.ws.lrz.de ([129.187.15.169]) by roundcube.lrz.de with HTTP (HTTP/1.1 POST); Wed, 23 Nov 2016 17:36:12 +0100
MIME-Version: 1.0
Date: Wed, 23 Nov 2016 17:36:12 +0100
From: Michael Storz <Michael.Storz@lrz.de>
To: Ietf Dkim <ietf-dkim@mipassoc.org>
In-Reply-To: <alpine.OSX.2.11.1611221112240.31864@ary.qy>
References: <alpine.OSX.2.11.1611142158000.21738@ary.local> <CAL0qLwazAg2UJvGAr+nx8R_xEbc4xV0ttPEWFKUD69u6xXaMhA@mail.gmail.com> <CAL0qLwaMzy=qeW5XYZ_txPaiYE27Oof+C5V1uRANvv-_cayOcQ@mail.gmail.com> <CY1PR00MB0107389F8FE73F140849A19996BE0@CY1PR00MB0107.namprd00.prod.outlook.com> <2736ea21-69e6-83b1-3b59-377c032290b5@dcrocker.net> <CY1PR00MB01072F4EB32969888104C45196BE0@CY1PR00MB0107.namprd00.prod.outlook.com> <CAL0qLwbdNVwT-xiCmxyhSqKcp4-hCA1COHKh0wdYrYEekzZ=XA@mail.gmail.com> <3009defcc6dc9043823618dbc338460d@xmail.mwn.de> <CAL0qLwbvqABZGsm2Hp20y8wgvQTKvPn+EBKiS37eMrp+9NemjA@mail.gmail.com> <da2e49df90980fe460d1effd7734ef42@xmail.mwn.de> <CAL0qLwbA6Vjqpi5hGOtbpLV9FwgDO3VVA=Q5GgAU9F0qOsQCNQ@mail.gmail.com> <63a2bfc52a81eb569a0af5e1699390d9@xmail.mwn.de> <CAL0qLwZ42=GFDRm7H0qQ_7bczY8CPQaEuSUfgFEbO_Y5+5YvqA@mail.gmail.com> <b92d042d6be905ffd4bc43ea510571c2@xmail.mwn.de> <alpine.OSX.2.11.1611190918490.1508@ary.qy> <4dca1c28f61e89a1f5c2690e4786a38b@xmail.mwn.de> <alpine.OSX.2.11.1611221112240.31864@ary.qy>
Message-ID: <247ab64ac04ee698d4c5099a0f0c4820@xmail.mwn.de>
X-Sender: Michael.Storz@lrz.de
User-Agent: Roundcube Webmail/1.2.0
Subject: Re: [ietf-dkim] [dmarc-ietf] a slightly less kludge alternative to draft-kucherawy-dmarc-rcpts
X-BeenThere: ietf-dkim@mipassoc.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id: IETF DKIM Discussion List <ietf-dkim.mipassoc.org>
List-Unsubscribe: <http://mipassoc.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=unsubscribe>
List-Archive: <http://mipassoc.org/pipermail/ietf-dkim/>
List-Post: <mailto:ietf-dkim@mipassoc.org>
List-Help: <mailto:ietf-dkim-request@mipassoc.org?subject=help>
List-Subscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=subscribe>
Content-Transfer-Encoding: base64
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Errors-To: ietf-dkim-bounces@mipassoc.org
Sender: ietf-dkim <ietf-dkim-bounces@mipassoc.org>

Am 2016-11-22 17:14, schrieb John R. Levine:
>>> I'm with Murray -- why is this a problem?  Single recipient has been
>>> the de-facto standard for years, and unless you are extremely
>>> bandwidth constrained, it's faster.
>> 
>> No, it's not faster, see my answer to Murray. It's wasting a lot of 
>> ressources.
> 
> People who've measured say the elapsed time is faster, and the extra
> bytes on the wire don't matter.  This is an old argument, and not one
> you're going to win.

Could it be, that we are talking about different things? I have no idea 
what these people measured. I can only talk for my site. Splitting all 
my internal traffic into single-recipient emails would mean an increase 
of 55%. If our mail servers would receive only single-recipient emails 
from the internet the traffic would increase by 13%. The processing of 
an email generates directly real cost in form of electricity and cooling 
etc. which has to be payed with real money. Processing all these 
additional traffic will give me no advantage but cost me real money. We 
try to avoid wasting ressources, Green IT is an important thing at our 
site, see http://www.lrz.de/wir/green-it_en/

> 
>> John, did you read my email? The whole text is about how the leakage 
>> of the BCCs can be prevented and the feature of a multi-recipient 
>> email be preserved. If you see an error in the algorithm, please 
>> explain.
> 
> See previous messages, particularly the ones from Ned Freed.  Any sort
> of multi-recipient signing is subject to guessing attacks.

Since this approach uses Neds alternative 0) b) for the BCC recipients 
no information about BCCs is leaked. This is the part where 
single-recipient emails are needed. But all other recipients can be put 
together into one email because their addresses are already recorded in 
the various header fields.

> 
> This isn't saying that signing the recipient is a good idea, but
> signing them individually is no worse than signing them together and
> avoids the leakage.
> 
> Regards,
> John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for 
> Dummies",
> Please consider the environment before reading this e-mail. 
> https://jl.ly

Michael
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html

v2.23.0 | Report a Bug | By Email