IETF Logo Mail Archive

Re: [ietf-dkim] [dmarc-ietf] a slightly less kludge alternative to draft-kucherawy-dmarc-rcpts

"Murray S. Kucherawy" <superuser@gmail.com> Wed, 16 November 2016 20:13 UTC

Return-Path: <ietf-dkim-bounces@mipassoc.org>
X-Original-To: ietfarch-ietf-dkim-archive@ietfa.amsl.com
Delivered-To: ietfarch-ietf-dkim-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1949B1294FB for <ietfarch-ietf-dkim-archive@ietfa.amsl.com>; Wed, 16 Nov 2016 12:13:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.089
X-Spam-Level:
X-Spam-Status: No, score=-1.089 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, DKIM_SIGNED=0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_SORBS_SPAM=0.5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V0J56u5FsZ3l for <ietfarch-ietf-dkim-archive@ietfa.amsl.com>; Wed, 16 Nov 2016 12:13:48 -0800 (PST)
Received: from simon.songbird.com (simon.songbird.com [72.52.113.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 268B61294EE for <ietf-dkim-archive@ietf.org>; Wed, 16 Nov 2016 12:13:48 -0800 (PST)
Received: from simon.songbird.com (simon.songbird.com [127.0.0.1]) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id uAGKDo4I011416; Wed, 16 Nov 2016 12:13:51 -0800
Authentication-Results: simon.songbird.com; dkim=fail reason="verification failed; unprotected key" header.d=gmail.com header.i=@gmail.com header.b=fi/FVkC5; dkim-adsp=none (unprotected policy); dkim-atps=neutral
Received: from mail-yw0-f171.google.com (mail-yw0-f171.google.com [209.85.161.171]) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id uAGKDl1M011412 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT) for <ietf-dkim@mipassoc.org>; Wed, 16 Nov 2016 12:13:49 -0800
Received: by mail-yw0-f171.google.com with SMTP id t125so136428024ywc.1 for <ietf-dkim@mipassoc.org>; Wed, 16 Nov 2016 12:12:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=CMrrzgRL2FbLc2WiTOaMRV7ZfGKBraRm761xMi4rHjk=; b=fi/FVkC5B2NaBh6G762In21qH2uuDEp90/SjkGR84mc3mTApTJB+f+j7MXxbPYAVhI uCtppc3yYOj8i7lAD8dnWmRjdZvzVN45yskFM7PDfvJlWLpDvT3/WAjgo00VNr1PueGM 5L2tzee1xdpegojAJozY/hnPEbvyz4fTuqzjTeLO4LRPv++ypHKjvAhV7u6Qlrh/aJyd cc5rcSAFn9tQzQJRFu+KeViRXnQE8l6NPYDLco2OUgX0OHofGRJjEtmo1Z1hz07csulN c246cJREVvJmKOD6N9U76e5yhWz22S2dLbyoNciofgbywVS3wo6w8fx5DX4L0vAXeqep awAw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=CMrrzgRL2FbLc2WiTOaMRV7ZfGKBraRm761xMi4rHjk=; b=P0/5wqwaAqOivBL9guU3ABXAEwWktvb9+VqeOyr4JzsKWKMvfMAIYfg0vmq6omu+BU 5h+ENm77Hyb9yumsWC/pcG890kLt1tzD9DLe0DwIFkMPtply5IwrEWnQ3PnV7DEsq+4Y 6GHKA1jaijmfk0Th9gMBjmDe6FH0UlMttJBl/fXbxEc7uEQ33bkwtlRZ6FZcBcu6H6jk WMfiF5Uf5q4X7O7VWTnTbbVz9FU8/BGaO48ntOjgl5ZEjV+m3Ir8rH+4EFq7xbMzsroq 3SnFgcbXyxIDsngZ//RmVRKX/CqluxCtBAPRbVc5G/No/R20OCaWidr6mHx8JY7oRHLp 9F5g==
X-Gm-Message-State: ABUngvexBoTQRLlrIz+DhkVTzXSZfqnbkXPSIEB6EooyGR/2JbbA15ndjhuSZKP+eYnJP/Lcbew+VE3v6EpynQ==
X-Received: by 10.129.77.68 with SMTP id a65mr5269315ywb.287.1479327166651; Wed, 16 Nov 2016 12:12:46 -0800 (PST)
MIME-Version: 1.0
Received: by 10.37.111.130 with HTTP; Wed, 16 Nov 2016 12:12:45 -0800 (PST)
In-Reply-To: <0ac51f28-4f55-fbfe-5db6-b7e04c4f5d54@tana.it>
References: <alpine.OSX.2.11.1611142158000.21738@ary.local> <01Q7ASDZFS6C011WUX@mauve.mrochek.com> <CAL0qLwazAg2UJvGAr+nx8R_xEbc4xV0ttPEWFKUD69u6xXaMhA@mail.gmail.com> <CAL0qLwaMzy=qeW5XYZ_txPaiYE27Oof+C5V1uRANvv-_cayOcQ@mail.gmail.com> <CY1PR00MB0107389F8FE73F140849A19996BE0@CY1PR00MB0107.namprd00.prod.outlook.com> <2736ea21-69e6-83b1-3b59-377c032290b5@dcrocker.net> <CY1PR00MB01072F4EB32969888104C45196BE0@CY1PR00MB0107.namprd00.prod.outlook.com> <CAL0qLwbdNVwT-xiCmxyhSqKcp4-hCA1COHKh0wdYrYEekzZ=XA@mail.gmail.com> <a149d183-fe6f-b89d-c8ac-6686460b8603@tana.it> <CAL0qLwY_wZPS4pJSNv3bqxedmvsqFd3bTcT=Mo6NAvt8r-_e2A@mail.gmail.com> <0ac51f28-4f55-fbfe-5db6-b7e04c4f5d54@tana.it>
From: "Murray S. Kucherawy" <superuser@gmail.com>
Date: Thu, 17 Nov 2016 05:12:45 +0900
Message-ID: <CAL0qLwb+KKRowmncEx=0ZKgJ10PfFGLwX2r7vY7RtvVf9fL6-A@mail.gmail.com>
To: Alessandro Vesely <vesely@tana.it>
Cc: "ietf-dkim@mipassoc.org" <ietf-dkim@mipassoc.org>, Terry Zink <tzink@exchange.microsoft.com>
Subject: Re: [ietf-dkim] [dmarc-ietf] a slightly less kludge alternative to draft-kucherawy-dmarc-rcpts
X-BeenThere: ietf-dkim@mipassoc.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id: IETF DKIM Discussion List <ietf-dkim.mipassoc.org>
List-Unsubscribe: <http://mipassoc.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=unsubscribe>
List-Archive: <http://mipassoc.org/pipermail/ietf-dkim/>
List-Post: <mailto:ietf-dkim@mipassoc.org>
List-Help: <mailto:ietf-dkim-request@mipassoc.org?subject=help>
List-Subscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0269581514271871813=="
Errors-To: ietf-dkim-bounces@mipassoc.org
Sender: ietf-dkim <ietf-dkim-bounces@mipassoc.org>

On Thu, Nov 17, 2016 at 3:47 AM, Alessandro Vesely <vesely@tana.it> wrote:

>
> That way it will stay dormant until someone gets hurt and has to activate
>>> it, at which time it may cause more damage than improvement.  A loose
>>> cannon.
>>>
>>
>> The document makes that risk clear, or so I thought.
>>
>
> You mean Section 5?
>

Yes.


>
> Finally, if you stick to one recipient per message, why do you rack your
>>> brains about encryption?  I suggest adding a Disclosed-BCC: header field
>>> with the recipient address in the same 5322.address-list cleartext format
>>> as the other address fields, and sign it FWIW.  It won't break more
>>> privacy
>>> than Delivered-To: does.
>>>
>>
>> I don't follow.  There's no additional encryption going on here.
>>
>
> I mean the SHA transformation.  Cleartext is obviously easier to
> understand and debug.


I wouldn't say a salted hash qualifies as "racking my brains".  The idea is
to make it difficult to see who the envelope recipient is simply by
looking.  A one-way transformation forces an interloper to make guesses and
try to confirm, and the salt guarantees that your email address does not
always hash to the same thing.  It's not perfect security by any means, but
it's a cheap way to limit what gets leaked.  This too is spelled out in
Section 7.


>
> Adding a "Disclosed-BCC" field guarantees disclosure, rather than only
>> disclosing if the MDA adds a Delivered-To.  I don't think we should make
>> that worse.
>>
>
> So long as you disclose it to the very recipient, there is no worry.  NDNs
> customarily report SMTP chit-chat in cleartext, betraying users who attempt
> to hide their real address behind a dot-forward.  Log files are plenty of
> envelope citations.  Received: fields feature a FOR clause which is not
> deprecated for single recipient messages.  We're not worsening anything.
>

If you hand me a printed copy of a message without the envelope, and the
Received didn't use the (non-standard) "for" clause, I cannot be certain it
was delivered to whatever the To and Cc say, if they're even present.  It
may have gone only to an envelope recipient that isn't visible.  That is,
if there was a Bcc, it's not revealed to me.  If you insist on using "for"
or "Disclosed-Bcc", that information is guaranteed to be exposed, and I can
see who that secret recipient was.

By contrast, including these tags at most reveals to me that there was a
Bcc, but I have to do some complex (though these days, cheap) math to guess
whether a specific address was in there.  If I never make the correct
guess, the secret is never revealed.

-MSK

_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html

v2.23.0 | Report a Bug | By Email