Re: [Ietf-dkim] Tolerating Mailing-List Modifications I-D
Wei Chuang <weihaw@google.com> Thu, 13 July 2023 14:39 UTC
Return-Path: <weihaw@google.com>
X-Original-To: ietf-dkim@ietfa.amsl.com
Delivered-To: ietf-dkim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F40CC1782B1 for <ietf-dkim@ietfa.amsl.com>; Thu, 13 Jul 2023 07:39:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.586
X-Spam-Level:
X-Spam-Status: No, score=-17.586 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_MIME_MALF=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gsmVYhcyxaYS for <ietf-dkim@ietfa.amsl.com>; Thu, 13 Jul 2023 07:39:40 -0700 (PDT)
Received: from mail-il1-x12f.google.com (mail-il1-x12f.google.com [IPv6:2607:f8b0:4864:20::12f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 67F24C16B5C8 for <ietf-dkim@ietf.org>; Thu, 13 Jul 2023 07:39:40 -0700 (PDT)
Received: by mail-il1-x12f.google.com with SMTP id e9e14a558f8ab-3458e2c3218so65ab.0 for <ietf-dkim@ietf.org>; Thu, 13 Jul 2023 07:39:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1689259179; x=1689863979; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=vBWXIaoCLwS64WOkS2o7DHAy3ck7Nyb2wh1CBzBOtwM=; b=Fpi0TMb9+7UK7+UEHPYpydte9n+nZsvRcKjEYF1EAcfVC8i8aU+GUIRG0es3yrq6EG UTwhy8j2aA5Dy9elE/CRz78B1nnqutv7vj4Gci9gmg425IZFQ2ZYJFXps9qmV2QYjgiP qdUJ8k8kmQOz36YR6opYtAidQTi+2PoDiybtVz1Wq86BmwUCEBs8LZNNCGS/FgGsfOg4 w/IaHxpFBZ4SCR/LhE9JMCRrNbLxnYDBVeQH8ATSogbl6RKcuQWKg6/yQSaNSxNRkukC xQjR8uUJwrf9NWOlfTuCM+l7gxztbPilRCLo+vmoPv4qeUvV9C0QWoiV21mLTVHmB7oA 7KTA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689259179; x=1689863979; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=vBWXIaoCLwS64WOkS2o7DHAy3ck7Nyb2wh1CBzBOtwM=; b=kj82p7qIqOn/T4lqB209myFB1oUqEwhv6bEJplmdpwhEpPrUe43NbvZorH1R8Qnzd2 I32G1sJbkP5MDpLlhAGwQLlT33taM3u6b19K7zpWmZxcT6hDQLd4dsZPdV2Z1b7D+Oso k6FW95KZ/yl7vXgyyQ3IKE3+N9CqNLLsHQvMeVpXeDAwKGZxipPTZdTqDwQM4s/P2+6v MmqV1jpeNv6uL2cpAVxWXWiQQxA/03k1M2LiprZ70yEcS48zv/q4j8zAr1OCwkG3RJZQ PF0NYd2auIjTxzaUeduhQ2sh1Xzv/ozCBJR19wukiNJCVtwmkMIlteIlj8ceRF70puJh omxg==
X-Gm-Message-State: ABy/qLYChiGXfBXzugmteHDhwMYYrhjwGFP8pLav2GTamjSJqk3TTCNV Y/ExdlELARjMKTQGctkSVEX0Oy4EMXaA6tqmSB2wULfMjF3DZDKIh6Q=
X-Google-Smtp-Source: APBJJlHOrhDVTs2KDz4dBS+DrkJc96dg9nkoiTdYZ+t3rk09ms5+v8YO3erQtQ0OSOWqgEsAdkVDmeSXQ3cEE6h1iqg=
X-Received: by 2002:a05:6e02:ca1:b0:346:1110:4f0 with SMTP id 1-20020a056e020ca100b00346111004f0mr150302ilg.0.1689259178801; Thu, 13 Jul 2023 07:39:38 -0700 (PDT)
MIME-Version: 1.0
References: <CAAFsWK20SojKgKjQB2MEuPh42ac5ta5bOhnHL8xPsidAigSOhQ@mail.gmail.com> <f666878f-9825-bc82-6ec4-2ea491e4f702@tnetconsulting.net> <e40a7d42-5c2a-6a4d-a070-fa0bd11d3572@tana.it>
In-Reply-To: <e40a7d42-5c2a-6a4d-a070-fa0bd11d3572@tana.it>
From: Wei Chuang <weihaw@google.com>
Date: Thu, 13 Jul 2023 07:39:25 -0700
Message-ID: <CAAFsWK1w9U3KU=w4yG_AkqEfZMUevCRknebJuOx7tO3iOQB6zA@mail.gmail.com>
To: Alessandro Vesely <vesely@tana.it>
Cc: ietf-dkim@ietf.org
Content-Type: multipart/alternative; boundary="0000000000004d742c06005f4d0c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-dkim/Xzlplu9HTy0qf9bwfvVwORkO0uM>
Subject: Re: [Ietf-dkim] Tolerating Mailing-List Modifications I-D
X-BeenThere: ietf-dkim@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DKIM List <ietf-dkim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-dkim/>
List-Post: <mailto:ietf-dkim@ietf.org>
List-Help: <mailto:ietf-dkim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Jul 2023 14:39:41 -0000
On Thu, Jul 13, 2023 at 1:29 AM Alessandro Vesely <vesely@tana.it> wrote: > On Thu 13/Jul/2023 05:33:44 +0200 Grant Taylor wrote: > > On 7/12/23 9:26 AM, Wei Chuang wrote: > > > >> Being able to reverse mailing-list message modifications to repair the > >> message and enable digital signature verification, would resolve a > >> significant roadblock for further DMARC deployment. Potentially it > would > >> allow better attribution of which party contributed which content in > the > >> message. I propose some ideas around reversible mailing-list message > >> modifications in: > >> > https://datatracker.ietf.org/doc/html/draft-chuang-mailing-list-modifications-00. > These modifications are: 1) prepending a description string to the Subject > header, 2) rewriting the From header, 3) removing the original > DKIM-Signature and 4) appending a footer to the message body. (Apologies > that -00 draft is still in a rough form) > > > (3) removing the original DKIM-Signature should never be done. If it's > removed > there's no way you can verify it. MLM often rewrite them, which implies > they > won't verify unless computed with the relaxed algorithm. > > > > N.B. I've not read draft-chuang-replay-resistant-arc yet. > > > Me neither. > > > > [...] > > Old: > > > > Subject: This is a test > > > > Change: > > > > s/^Subject:\s+\(.*\)$/Subject: [ietf-dkim] \1/ > > > This would change: > > Subject: Re: [Ietf-dkim] Tolerating Mailing-List Modifications I-D > > to: > > Subject: [ietf-dkim] Re: [Ietf-dkim] Tolerating Mailing-List Modifications > I-D > > > > I absolutely agree that regular expressions have problems and may open > up a can > > of worms. I'm mostly using them as a place holder for something, maybe > a > > dialect of BNF, to describe the change. > > > > I would think that such descriptions of 1) what was changed and 2) how > the > > change was made would be more flexible than specifying specific things > supported. > > > Wei's way to describe the change is probably better implemented by a > post-transformation filter which has the original message available for > comparison and can add all the Prior- headers. That's because MLM often > do > change unwittingly, for example, from: > > Content-Type: text/plain; charset="us-ascii" > > to: > > Content-Type: text/plain; charset="utf-8" > > which is neither necessary nor documented, AFAIK. It breaks signatures if > the > author domain signs Content-Type:. I'm not clear where is the culprit. > Over-signing causes other problems as well. > > > Grant's post arrived to me base64 encoded. I think that's not how it was > sent. > This kind of transformation is easily reversible. However, > reconstructing > quoted-printable is not feasible. > > > For MIME parts, I recall Murray's draft provided for plain single part, > mimw > wrapped and mime added. I never saw adding footers inside multiple parts. > > Agreed. For messages likely to undergo Content-Type encoding changes such as base64, I also suspect the best way to support a reversible footer addition IMHO is to add a new mime-part footer though this might require adding multiple/mixed or multipart/related if I understand correctly. > > Finally, I think there should be some limitations such as the footer being > text/plain and not longer than a few lines, and subject tag being no > longer > than a couple of words. That would likely protect the original intent of > the > message. > > > Not sure how to express that fairly. I figured let the content analysis/spam filter system figure out if excessively long footers of subject are problematic. -Wei
- [Ietf-dkim] Tolerating Mailing-List Modifications… Wei Chuang
- Re: [Ietf-dkim] Tolerating Mailing-List Modificat… Grant Taylor
- Re: [Ietf-dkim] Tolerating Mailing-List Modificat… Alessandro Vesely
- Re: [Ietf-dkim] Tolerating Mailing-List Modificat… Steffen Nurpmeso
- Re: [Ietf-dkim] Tolerating Mailing-List Modificat… Wei Chuang
- Re: [Ietf-dkim] Tolerating Mailing-List Modificat… Wei Chuang
- Re: [Ietf-dkim] Tolerating Mailing-List Modificat… Wei Chuang
- [Ietf-dkim] Tolerating Mailing-List Modifications… Wei Chuang
- Re: [Ietf-dkim] Tolerating Mailing-List Modificat… Michael Thomas