IETF Logo Mail Archive

Re: [ietf-dkim] [dmarc-ietf] a slightly less kludge alternative to draft-kucherawy-dmarc-rcpts

Michael Storz <Michael.Storz@lrz.de> Fri, 18 November 2016 11:48 UTC

Return-Path: <ietf-dkim-bounces@mipassoc.org>
X-Original-To: ietfarch-ietf-dkim-archive@ietfa.amsl.com
Delivered-To: ietfarch-ietf-dkim-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 763B6129591 for <ietfarch-ietf-dkim-archive@ietfa.amsl.com>; Fri, 18 Nov 2016 03:48:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.791
X-Spam-Level:
X-Spam-Status: No, score=-1.791 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=lrz.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fna1Sgjt4UpC for <ietfarch-ietf-dkim-archive@ietfa.amsl.com>; Fri, 18 Nov 2016 03:48:21 -0800 (PST)
Received: from simon.songbird.com (simon.songbird.com [72.52.113.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4FC341294F3 for <ietf-dkim-archive@ietf.org>; Fri, 18 Nov 2016 03:48:21 -0800 (PST)
Received: from simon.songbird.com (simon.songbird.com [127.0.0.1]) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id uAIBmCVJ009487; Fri, 18 Nov 2016 03:48:14 -0800
Authentication-Results: simon.songbird.com; dkim=fail reason="verification failed; unprotected key" header.d=lrz.de header.i=@lrz.de header.b=GghwESw+; dkim-adsp=none (unprotected policy); dkim-atps=neutral
Received: from postout2.mail.lrz.de (postout2.mail.lrz.de [129.187.255.138]) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id uAIBm8Ec009481 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <ietf-dkim@mipassoc.org>; Fri, 18 Nov 2016 03:48:10 -0800
Received: from lxmhs52.srv.lrz.de (localhost [127.0.0.1]) by postout2.mail.lrz.de (Postfix) with ESMTP id 3tKx723p60zySZ for <ietf-dkim@mipassoc.org>; Fri, 18 Nov 2016 12:47:10 +0100 (CET)
Authentication-Results: postout.lrz.de (amavisd-new); dkim=pass (2048-bit key) reason="pass (just generated, assumed good)" header.d=lrz.de
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=lrz.de; h= user-agent:message-id:references:in-reply-to:subject:subject :from:from:date:date:content-transfer-encoding:content-type :content-type:mime-version:received:received:received; s= postout; t=1479469629; bh=wpl1JKb6DgXetSIn9qA8XV52NY1maA8Jq/3pmd 8oFIk=; b=GghwESw+wwSN0RcVuyIoYbPowhwxmzjcPZl+S7dnKAq4HS8KElzgZK uXbfkpDR6f6R8NRYStneO7OcMXrnIWUEozyKuDxPHEaoIiiYrxkKg2Ej/eapKMJT V3HFvnta6eOriYUdGetFKFmjG2D4kceZM1oi7m8WUqLYhTLNrubsKurrAAf4Fx1Z xSD5rCzS72OPPfruhFD890INuiHkgZP29BNtSp8rK0ns3s7O/YaGkiKyGFnfrgPD QZFpsiK87phMdYfLzeqWI7BxMaIM/CGGcNFi0mosSFzIg+GN9oScjubYdoCA7SxG Ka0htZ+UjHkIUeYDrpMNTQFq+ORru40w==
X-Virus-Scanned: by amavisd-new at lrz.de in lxmhs52.srv.lrz.de
Received: from postout2.mail.lrz.de ([127.0.0.1]) by lxmhs52.srv.lrz.de (lxmhs52.srv.lrz.de [127.0.0.1]) (amavisd-new, port 20024) with LMTP id nfMdd8cD9VbB for <ietf-dkim@mipassoc.org>; Fri, 18 Nov 2016 12:47:09 +0100 (CET)
Received: from roundcube.lrz.de (roundcube.lrz.de [IPv6:2001:4ca0:0:103::81bb:ff93]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by postout2.mail.lrz.de (Postfix) with ESMTPSA id 3tKx715977zyRc for <ietf-dkim@mipassoc.org>; Fri, 18 Nov 2016 12:47:09 +0100 (CET)
Received: from 2001:4ca0:0:f03b::4 by roundcube.lrz.de with HTTP (HTTP/1.1 POST); Fri, 18 Nov 2016 12:47:09 +0100
MIME-Version: 1.0
Date: Fri, 18 Nov 2016 12:47:09 +0100
From: Michael Storz <Michael.Storz@lrz.de>
To: Ietf Dkim <ietf-dkim@mipassoc.org>
In-Reply-To: <CAL0qLwZ42=GFDRm7H0qQ_7bczY8CPQaEuSUfgFEbO_Y5+5YvqA@mail.gmail.com>
References: <alpine.OSX.2.11.1611142158000.21738@ary.local> <01Q7ASDZFS6C011WUX@mauve.mrochek.com> <CAL0qLwazAg2UJvGAr+nx8R_xEbc4xV0ttPEWFKUD69u6xXaMhA@mail.gmail.com> <CAL0qLwaMzy=qeW5XYZ_txPaiYE27Oof+C5V1uRANvv-_cayOcQ@mail.gmail.com> <CY1PR00MB0107389F8FE73F140849A19996BE0@CY1PR00MB0107.namprd00.prod.outlook.com> <2736ea21-69e6-83b1-3b59-377c032290b5@dcrocker.net> <CY1PR00MB01072F4EB32969888104C45196BE0@CY1PR00MB0107.namprd00.prod.outlook.com> <CAL0qLwbdNVwT-xiCmxyhSqKcp4-hCA1COHKh0wdYrYEekzZ=XA@mail.gmail.com> <3009defcc6dc9043823618dbc338460d@xmail.mwn.de> <CAL0qLwbvqABZGsm2Hp20y8wgvQTKvPn+EBKiS37eMrp+9NemjA@mail.gmail.com> <da2e49df90980fe460d1effd7734ef42@xmail.mwn.de> <CAL0qLwbA6Vjqpi5hGOtbpLV9FwgDO3VVA=Q5GgAU9F0qOsQCNQ@mail.gmail.com> <63a2bfc52a81eb569a0af5e1699390d9@xmail.mwn.de> <CAL0qLwZ42=GFDRm7H0qQ_7bczY8CPQaEuSUfgFEbO_Y5+5YvqA@mail.gmail.com>
Message-ID: <b92d042d6be905ffd4bc43ea510571c2@xmail.mwn.de>
X-Sender: Michael.Storz@lrz.de
User-Agent: Roundcube Webmail/1.2.0
Subject: Re: [ietf-dkim] [dmarc-ietf] a slightly less kludge alternative to draft-kucherawy-dmarc-rcpts
X-BeenThere: ietf-dkim@mipassoc.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id: IETF DKIM Discussion List <ietf-dkim.mipassoc.org>
List-Unsubscribe: <http://mipassoc.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=unsubscribe>
List-Archive: <http://mipassoc.org/pipermail/ietf-dkim/>
List-Post: <mailto:ietf-dkim@mipassoc.org>
List-Help: <mailto:ietf-dkim-request@mipassoc.org?subject=help>
List-Subscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=subscribe>
Content-Transfer-Encoding: base64
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Errors-To: ietf-dkim-bounces@mipassoc.org
Sender: ietf-dkim <ietf-dkim-bounces@mipassoc.org>

Am 2016-11-17 21:57, schrieb Murray S. Kucherawy:
> On Thu, Nov 17, 2016 at 9:51 PM, Michael Storz <Michael.Storz@lrz.de>
> wrote:
> 
>> Thanks, I see. That means the recipient is bound to the message and
>> an attacker cannot delete or change the new tags. Great solution, I
>> like it, though I do not like the consequences when this extension
>> will go into production.
> 
> You may not need to worry about that.  We've reached a point where I
> think we can legitimately say, "We took a serious look, and this is
> the best we could come up with.  It has some pretty ugly side effects.
>  Are you sure you can't just stop signing spam?"  And absent a
> compelling answer to that question, there's no need to roll this out
> even as an experiment.
> 
> -MSK

Thanks Murray. My concern was, that a change to DMARC would give people 
the possibility to switch this optional extension to a mandatory one 
which has dramatic consequences at the moment. And I agree this change 
to DMARC should not be done at least in the near future.

However, for the extension itself we should carefully evaluate the 
positive and negative aspects.

Normal DKIM-Signatures give us a way to check if the body and/or header 
of an email has been changed on the way from the signer to the verifier. 
The new extension extends this to the recipients of the email. A change 
means the email was either relayed (now indirect mail) or replayed. I 
think this is a new valuable information for an anti-spam-system. 
However, we have not discussed how this gets propagated from the 
verifier to the consumer of the information.

The negative side of the proposal is the requirement to split all 
multi-recipient-emails to single-recipient-emails, which is a show 
stopper for me. But I don't think this requirement is needed. I would 
allow a list of recipients and have a paragraph which states:

===
Every compliant implementation of this extension MUST check if the 
signing of the message as is would result in the leakage of hidden BCC 
recipients. The check has to be done in the following way:

- Collect the set of visible recipients from the header fields

   * From
   * Sender
   * Reply-To
   * To
   * CC
   * Resent-From
   * Resent-Sender
   * Resent-To
   * Resent-CC

- For each address from the set of envelope recipients check if the 
address is included in the set of visible recipients.

   If not, then either

   * refuse to sign with this extension or
   * split the message and sign and send a single-recipient-copy of the 
message with this recipient
===

If the submission MTA already enforces the handling of bcc recipients as 
described in https://tools.ietf.org/search/rfc5322#section-3.6.3 the 
signing can always be done.

Depending on an underlying policy from the administrator the "refuse to 
sign with this extension" could mean

- to sign without the extension
- wave the message through without signing
- to reject the message with an error like "Configuration error: DKIM 
signing this message would leak BCC recipients"

This check and the resulting split action is RFC 5322 compliant. However 
it would need to use the second variant of the bcc handling with the 
single-bcc-recipient-email.

In this multi-recipient scenario the hashing of the recipient makes 
sense. It protects against passive attacks (just looking at the header) 
but not against active attacks.

How about this?

Michael
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html

v2.23.0 | Report a Bug | By Email