IETF Logo Mail Archive

Re: [ietf-dkim] [dmarc-ietf] a slightly less kludge alternative to draft-kucherawy-dmarc-rcpts

Scott Kitterman <ietf-dkim@kitterman.com> Thu, 17 November 2016 21:48 UTC

Return-Path: <ietf-dkim-bounces@mipassoc.org>
X-Original-To: ietfarch-ietf-dkim-archive@ietfa.amsl.com
Delivered-To: ietfarch-ietf-dkim-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51CDC129563 for <ietfarch-ietf-dkim-archive@ietfa.amsl.com>; Thu, 17 Nov 2016 13:48:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.791
X-Spam-Level:
X-Spam-Status: No, score=-1.791 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=kitterman.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kfvE17rv9Cvk for <ietfarch-ietf-dkim-archive@ietfa.amsl.com>; Thu, 17 Nov 2016 13:48:54 -0800 (PST)
Received: from simon.songbird.com (simon.songbird.com [72.52.113.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 59BB3129517 for <ietf-dkim-archive@ietf.org>; Thu, 17 Nov 2016 13:48:54 -0800 (PST)
Received: from simon.songbird.com (simon.songbird.com [127.0.0.1]) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id uAHLmtSn004766; Thu, 17 Nov 2016 13:48:57 -0800
Authentication-Results: simon.songbird.com; dkim=fail reason="verification failed; unprotected key" header.d=kitterman.com header.i=@kitterman.com header.b=TNpux4zV; dkim-adsp=none (unprotected policy); dkim-atps=neutral
Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [208.43.65.50]) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id uAHLmqWQ004762 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <ietf-dkim@mipassoc.org>; Thu, 17 Nov 2016 13:48:53 -0800
Received: from [10.131.191.53] (unknown [166.177.187.215]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id 892D9C40454; Thu, 17 Nov 2016 15:47:52 -0600 (CST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=201409; t=1479419272; bh=uaE+xjx8Lp4JvfSvp1AIyscBFOhkiMi7HKCss8hFuP8=; h=In-Reply-To:References:Subject:From:Date:To:From; b=TNpux4zVRkm+hDqD2df/eE779baBCTbu5Vdp7sbsU2aIrdbsL9EGAiGunvwR3rpuJ U/a8ytYyyu2f0SzKUjTgIQkvFpjPlmp9Md7IGACMzAXLr3ythtmK9oLIPHPItNMASv LWkXFn8z1xr/8+O5VN/a8vJJs1Xj/zpmO+I6eBoI=
User-Agent: K-9 Mail for Android
In-Reply-To: <CAL0qLwZ42=GFDRm7H0qQ_7bczY8CPQaEuSUfgFEbO_Y5+5YvqA@mail.gmail.com>
References: <alpine.OSX.2.11.1611142158000.21738@ary.local> <01Q7ASDZFS6C011WUX@mauve.mrochek.com> <CAL0qLwazAg2UJvGAr+nx8R_xEbc4xV0ttPEWFKUD69u6xXaMhA@mail.gmail.com> <CAL0qLwaMzy=qeW5XYZ_txPaiYE27Oof+C5V1uRANvv-_cayOcQ@mail.gmail.com> <CY1PR00MB0107389F8FE73F140849A19996BE0@CY1PR00MB0107.namprd00.prod.outlook.com> <2736ea21-69e6-83b1-3b59-377c032290b5@dcrocker.net> <CY1PR00MB01072F4EB32969888104C45196BE0@CY1PR00MB0107.namprd00.prod.outlook.com> <CAL0qLwbdNVwT-xiCmxyhSqKcp4-hCA1COHKh0wdYrYEekzZ=XA@mail.gmail.com> <3009defcc6dc9043823618dbc338460d@xmail.mwn.de> <CAL0qLwbvqABZGsm2Hp20y8wgvQTKvPn+EBKiS37eMrp+9NemjA@mail.gmail.com> <da2e49df90980fe460d1effd7734ef42@xmail.mwn.de> <CAL0qLwbA6Vjqpi5hGOtbpLV9FwgDO3VVA=Q5GgAU9F0qOsQCNQ@mail.gmail.com> <63a2bfc52a81eb569a0af5e1699390d9@xmail.mwn.de> <CAL0qLwZ42=GFDRm7H0qQ_7bczY8CPQaEuSUfgFEbO_Y5+5YvqA@mail.gmail.com>
MIME-Version: 1.0
From: Scott Kitterman <ietf-dkim@kitterman.com>
Date: Thu, 17 Nov 2016 15:47:51 -0600
To: Ietf Dkim <ietf-dkim@mipassoc.org>
Message-ID: <841FD99A-B871-470E-8520-A6B05124F4DF@kitterman.com>
Subject: Re: [ietf-dkim] [dmarc-ietf] a slightly less kludge alternative to draft-kucherawy-dmarc-rcpts
X-BeenThere: ietf-dkim@mipassoc.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id: IETF DKIM Discussion List <ietf-dkim.mipassoc.org>
List-Unsubscribe: <http://mipassoc.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=unsubscribe>
List-Archive: <http://mipassoc.org/pipermail/ietf-dkim/>
List-Post: <mailto:ietf-dkim@mipassoc.org>
List-Help: <mailto:ietf-dkim-request@mipassoc.org?subject=help>
List-Subscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=subscribe>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: ietf-dkim-bounces@mipassoc.org
Sender: ietf-dkim <ietf-dkim-bounces@mipassoc.org>


On November 17, 2016 2:57:00 PM CST, "Murray S. Kucherawy" <superuser@gmail.com> wrote:
>On Thu, Nov 17, 2016 at 9:51 PM, Michael Storz <Michael.Storz@lrz.de>
>wrote:
>
>>
>> Thanks, I see. That means the recipient is bound to the message and
>an
>> attacker cannot delete or change the new tags. Great solution, I like
>it,
>> though I do not like the consequences when this extension will go
>into
>> production.
>>
>>
>You may not need to worry about that.  We've reached a point where I
>think
>we can legitimately say, "We took a serious look, and this is the best
>we
>could come up with.  It has some pretty ugly side effects.  Are you
>sure
>you can't just stop signing spam?"  And absent a compelling answer to
>that
>question, there's no need to roll this out even as an experiment.

That's great to hear.

You might suggest (if it's someone that does DMARC p=reject) that if they can manage to stop signing reasonably likely (FSVO reasonable) spam they'll get roughly what the proposed protocol change would have provided for that mail without having to wait for the world to upgrade.  Direct mail would still pass DMARC due to SPF.

Scott K
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html

v2.23.0 | Report a Bug | By Email