IETF Logo Mail Archive

Re: [ietf-dkim] [dmarc-ietf] a slightly less kludge alternative to draft-kucherawy-dmarc-rcpts

Alessandro Vesely <vesely@tana.it> Thu, 17 November 2016 10:29 UTC

Return-Path: <ietf-dkim-bounces@mipassoc.org>
X-Original-To: ietfarch-ietf-dkim-archive@ietfa.amsl.com
Delivered-To: ietfarch-ietf-dkim-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 82C2D1294D4 for <ietfarch-ietf-dkim-archive@ietfa.amsl.com>; Thu, 17 Nov 2016 02:29:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.791
X-Spam-Level:
X-Spam-Status: No, score=-1.791 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=tana.it
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sWIteZukyxAr for <ietfarch-ietf-dkim-archive@ietfa.amsl.com>; Thu, 17 Nov 2016 02:29:14 -0800 (PST)
Received: from simon.songbird.com (simon.songbird.com [72.52.113.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE160129874 for <ietf-dkim-archive@ietf.org>; Thu, 17 Nov 2016 02:29:13 -0800 (PST)
Received: from simon.songbird.com (simon.songbird.com [127.0.0.1]) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id uAHATCAJ010845; Thu, 17 Nov 2016 02:29:14 -0800
Authentication-Results: simon.songbird.com; dkim=fail reason="verification failed; unprotected key" header.d=tana.it header.i=@tana.it header.b=M5ITMwNH; dkim-adsp=unknown (unprotected policy); dkim-atps=neutral
Received: from wmail.tana.it (nobody@wmail.tana.it [62.94.243.226]) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id uAHAT7Cr010841 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for <ietf-dkim@mipassoc.org>; Thu, 17 Nov 2016 02:29:09 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=beta; t=1479378490; bh=qUPcpV2xsbdhpsRevuce14HXHL7UI9uaNCwpUbBc87c=; l=4477; h=To:References:Cc:From:Date:In-Reply-To; b=M5ITMwNHbv6Q03LTVaB0/aGja6VsdXrzgK3HWMCbXaqOApp0XTECOLUEgtqh4UleV QhqIsQuYNL4DjRI2o5BMIVSvv3hJBzKDz8sJUelsDORLF6zjMM2FcseDONSIr3H4g6 wO1sfOLY9T7GUqjGLvFPs5aeEunUVELKDMFw3BuI=
Authentication-Results: tana.it; auth=pass (details omitted)
Received: from [172.25.197.88] (pcale.tana [172.25.197.88]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k) by wmail.tana.it with ESMTPA; Thu, 17 Nov 2016 11:28:10 +0100 id 00000000005DC044.00000000582D863A.00002231
To: "Murray S. Kucherawy" <superuser@gmail.com>
References: <alpine.OSX.2.11.1611142158000.21738@ary.local> <01Q7ASDZFS6C011WUX@mauve.mrochek.com> <CAL0qLwazAg2UJvGAr+nx8R_xEbc4xV0ttPEWFKUD69u6xXaMhA@mail.gmail.com> <CAL0qLwaMzy=qeW5XYZ_txPaiYE27Oof+C5V1uRANvv-_cayOcQ@mail.gmail.com> <CY1PR00MB0107389F8FE73F140849A19996BE0@CY1PR00MB0107.namprd00.prod.outlook.com> <2736ea21-69e6-83b1-3b59-377c032290b5@dcrocker.net> <CY1PR00MB01072F4EB32969888104C45196BE0@CY1PR00MB0107.namprd00.prod.outlook.com> <CAL0qLwbdNVwT-xiCmxyhSqKcp4-hCA1COHKh0wdYrYEekzZ=XA@mail.gmail.com> <a149d183-fe6f-b89d-c8ac-6686460b8603@tana.it> <CAL0qLwY_wZPS4pJSNv3bqxedmvsqFd3bTcT=Mo6NAvt8r-_e2A@mail.gmail.com> <0ac51f28-4f55-fbfe-5db6-b7e04c4f5d54@tana.it> <CAL0qLwb+KKRowmncEx=0ZKgJ10PfFGLwX2r7vY7RtvVf9fL6-A@mail.gmail.com>
From: Alessandro Vesely <vesely@tana.it>
Message-ID: <90bef39d-4882-4018-7815-5ef2af70f9ea@tana.it>
Date: Thu, 17 Nov 2016 11:28:10 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Icedove/45.4.0
MIME-Version: 1.0
In-Reply-To: <CAL0qLwb+KKRowmncEx=0ZKgJ10PfFGLwX2r7vY7RtvVf9fL6-A@mail.gmail.com>
Cc: "ietf-dkim@mipassoc.org" <ietf-dkim@mipassoc.org>, Terry Zink <tzink@exchange.microsoft.com>
Subject: Re: [ietf-dkim] [dmarc-ietf] a slightly less kludge alternative to draft-kucherawy-dmarc-rcpts
X-BeenThere: ietf-dkim@mipassoc.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id: IETF DKIM Discussion List <ietf-dkim.mipassoc.org>
List-Unsubscribe: <http://mipassoc.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=unsubscribe>
List-Archive: <http://mipassoc.org/pipermail/ietf-dkim/>
List-Post: <mailto:ietf-dkim@mipassoc.org>
List-Help: <mailto:ietf-dkim-request@mipassoc.org?subject=help>
List-Subscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=subscribe>
Content-Transfer-Encoding: base64
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Errors-To: ietf-dkim-bounces@mipassoc.org
Sender: ietf-dkim <ietf-dkim-bounces@mipassoc.org>

On Wed 16/Nov/2016 21:12:45 +0100 Murray S. Kucherawy wrote:
> On Thu, Nov 17, 2016 at 3:47 AM, Alessandro Vesely <vesely@tana.it> wrote:
>
>>>> That way it will stay dormant until someone gets hurt and has to activate
>>>> it, at which time it may cause more damage than improvement.  A loose
>>>> cannon.
>>>
>>> The document makes that risk clear, or so I thought.
>>
>> You mean Section 5?
>
> Yes.

Well, if its title were *Incompatibility with Current Infrastructure*, I would 
agree there is a statement on the risk of disrupting how DKIM works.

>>>> Finally, if you stick to one recipient per message, why do you rack your
>>>> brains about encryption?  I suggest adding a Disclosed-BCC:
>>>
>>> I don't follow.  There's no additional encryption going on here.
>>
>> I mean the SHA transformation.  Cleartext is obviously easier to
>> understand and debug.
>
> I wouldn't say a salted hash qualifies as "racking my brains".  The idea is
> to make it difficult to see who the envelope recipient is simply by
> looking.  A one-way transformation forces an interloper to make guesses and
> try to confirm, and the salt guarantees that your email address does not
> always hash to the same thing.  It's not perfect security by any means, but
> it's a cheap way to limit what gets leaked.  This too is spelled out in
> Section 7.

"To make guesses" is not the specified implementation.  Section 4.2 says 
envelop recipient must match exactly.  This requirement not only forces 
single-recipient mode, but also rules out verifiers which run after acceptance 
or after alias expansion.  An incredibly narrow scope, overall.

If instead you really allow some guessing, as mentioned in Section 7, you may 
rehabilitate a range of verifiers, but undoubtedly do so at the cost of full 
scale brains racking.

>>> Adding a "Disclosed-BCC" field guarantees disclosure, rather than only
>>> disclosing if the MDA adds a Delivered-To.  I don't think we should make
>>> that worse.
>>
>> So long as you disclose it to the very recipient, there is no worry.  NDNs
>> customarily report SMTP chit-chat in cleartext, betraying users who attempt
>> to hide their real address behind a dot-forward.  Log files are plenty of
>> envelope citations.  Received: fields feature a FOR clause which is not
>> deprecated for single recipient messages.  We're not worsening anything.
>
> If you hand me a printed copy of a message without the envelope, and the
> Received didn't use the (non-standard) "for" clause, I cannot be certain it
> was delivered to whatever the To and Cc say, if they're even present.

I don't think I'm with you.  You seem to mean you don't know if, say, Terry 
actually received a copy of this.  For example, one might arrange social 
engineering by adding CC:'s to your boss, the press, the police, et cetera, 
none of which corresponds to the envelope.  Is that concern part of the problem 
at hand?

> It may have gone only to an envelope recipient that isn't visible.  That
> is, if there was a Bcc, it's not revealed to me.  If you insist on using
> "for" or "Disclosed-Bcc", that information is guaranteed to be exposed, and
> I can see who that secret recipient was.

Invisible recipients may come from BCCs or other sources.  When you get the 
message, you may want to know why it was delivered to you, and, yes, "for" or 
"Disclosed-Bcc" let you know that.  Why should that info be kept secret?

> By contrast, including these tags at most reveals to me that there was a
> Bcc, but I have to do some complex (though these days, cheap) math to guess
> whether a specific address was in there.  If I never make the correct
> guess, the secret is never revealed.

I fail to see why that would be an advantage:

The address is likely shorter than its hash.

In general, it would be nice to have a standard means to tell recipients on 
what grounds a message was delivered to their mailboxes.  For example, was it a 
role address or a personal one?  If the message body is ambiguous (e.g. short 
messages) knowing the original recipient address may help.

In the scenario you are proposing, only mailbox providers know the envelope, 
and can verify if that was what the sending domain signed.  Final recipients 
--the actual subjects-- cannot access that info.  That picture looks unfair. 
Indeed, in some countries providers may seem to be legally bound to reveal the 
envelope address upon subject request (IANAL).

Ale
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html

v2.23.0 | Report a Bug | By Email