IETF Logo Mail Archive

Re: [Ietf-dkim] Comments on draft-chuang-dkim-replay-problem

Wei Chuang <weihaw@google.com> Sun, 02 April 2023 20:56 UTC

Return-Path: <weihaw@google.com>
X-Original-To: ietf-dkim@ietfa.amsl.com
Delivered-To: ietf-dkim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5496C151553 for <ietf-dkim@ietfa.amsl.com>; Sun, 2 Apr 2023 13:56:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.596
X-Spam-Level:
X-Spam-Status: No, score=-17.596 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oGOFDtDAsxfT for <ietf-dkim@ietfa.amsl.com>; Sun, 2 Apr 2023 13:56:31 -0700 (PDT)
Received: from mail-wm1-x32c.google.com (mail-wm1-x32c.google.com [IPv6:2a00:1450:4864:20::32c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4CBE3C15154D for <Ietf-dkim@ietf.org>; Sun, 2 Apr 2023 13:56:31 -0700 (PDT)
Received: by mail-wm1-x32c.google.com with SMTP id 5b1f17b1804b1-3ee76561c03so625e9.0 for <Ietf-dkim@ietf.org>; Sun, 02 Apr 2023 13:56:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; t=1680468989; x=1683060989; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=nZccUTt7dwaqr7LPXgdqiNXWKmCAkT+FEQ7N+uFpgMM=; b=EHt+JvmGTqp2m8OQOuwaPWVMtJVymAHPhWBJcuVJxJrf8xp/kleWrDgA86aOHxQriR aX9ECtuVSfZejv02dzjBBRoKMIK0TQ1DjdSrqtK22Z7YCgPxEQOzg66MzpxN/ecXOYBk UwWnLdM5ptg13hAB25j4pYI6lxCn7SLmLB6mMQlyCQLI9mWq2X/ubcob4HanfQVFOOSU 2mLpDjCLX76kDt/ZWFrMA7Har3qlZ3U6lLsGz/2kzQn4H8xhLLjTMbfYTkZnJy81fjAj CrFl89bBB1lwe/WR9sVTp8RfIVSlvIgYbYmqEvUILGCqbZIJSkaJlIMHA8sBKNjxT75I nnFQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1680468989; x=1683060989; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=nZccUTt7dwaqr7LPXgdqiNXWKmCAkT+FEQ7N+uFpgMM=; b=3KsfesyG74A09mldEKAoEbUenhA0uau/VhS1v7bIP6Wr/SoaPv+yrVpK3ROzSng4ec fVRxqYIN50/ikJUSCwre2OhEh+HHSr4eG9+V5x97Wk+GGvStdFGIbLQCjnDWqjQKsiBN twHv6RG6AtnSFOrVRrkONBSa5XmUfdKFzYaPwVo3KiMgl/j/bAcsz4HRdFWEI3V4eqzU D1sNOggH+IxuTdPD4VdVLPi1yJneDRJyqNRK5957rdS/W9VwGW7juJEQcq4UL5OCcMJ/ NofpCC5OMewHOREkCVg9fveHjcyUpjrNAN6M/fwlvhzekWQ5X9Etk0/zirmfzj3m7e2l Ns9g==
X-Gm-Message-State: AAQBX9cojvgCEMA/WphHk11PCDc1AO2Clvjf+jmGx0sojkBggSzjVSb4 lArTalO/p4xFYy7zt5Dc9HSLJeJ/5A8qjqeCdr3abTOQpyIoFcdjK31sGA==
X-Google-Smtp-Source: AKy350ZOU3OPS6wb5CYRQ2zh6qfUjUzGkU45ojGntMzIwiaSxdJb+euk11GlsxoiGJ/0nIyGZRgW8rmWj2yFu7wJsZg=
X-Received: by 2002:a05:600c:1d1a:b0:3f0:4eb7:3b00 with SMTP id l26-20020a05600c1d1a00b003f04eb73b00mr76wms.1.1680468988885; Sun, 02 Apr 2023 13:56:28 -0700 (PDT)
MIME-Version: 1.0
References: <CAL0qLwZj+KRBbjzjuQkxgG=SAgdieZz5JdS+8-hg8LtnqnjoJA@mail.gmail.com> <E0AEA1AB-0A34-4787-85D4-445614967F44@wordtothewise.com>
In-Reply-To: <E0AEA1AB-0A34-4787-85D4-445614967F44@wordtothewise.com>
From: Wei Chuang <weihaw@google.com>
Date: Sun, 02 Apr 2023 13:56:16 -0700
Message-ID: <CAAFsWK3i3OZQ+5KnVKvzFOXj+wL2iw=Ruc25om9ZOYc2ihqCRQ@mail.gmail.com>
To: Laura Atkins <laura@wordtothewise.com>
Cc: Ietf-dkim@ietf.org
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="0000000000002c712205f860ad11"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-dkim/qMnwPBUMaat4LfKurLiP2yjfaV8>
X-Mailman-Approved-At: Mon, 03 Apr 2023 01:05:45 -0700
Subject: Re: [Ietf-dkim] Comments on draft-chuang-dkim-replay-problem
X-BeenThere: ietf-dkim@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DKIM List <ietf-dkim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-dkim/>
List-Post: <mailto:ietf-dkim@ietf.org>
List-Help: <mailto:ietf-dkim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Apr 2023 20:56:35 -0000

A -03 draft is available at
https://www.ietf.org/archive/id/draft-chuang-dkim-replay-problem-03.html.

On Sat, Mar 25, 2023 at 3:18 AM Laura Atkins <laura@wordtothewise.com>
wrote:

>
>
> On 24 Mar 2023, at 16:38, Murray S. Kucherawy <superuser@gmail.com> wrote:
>
> Informal comments only here.  I know a merger with Dave's draft is in
> progress, so some of these may not apply by the time you're done.
>
> Section 1.1:
>
> It feels a little presumptuous to assume any DKIM receiver has also built
> out a reputation system, or has access to one.  I guess it might depend on
> what you consider a reputation system though; are there DNSxLs for DKIM
> domains that are open to the public?  I don't think SpamAssassin carries
> with it a set of domains that should be dropped if they carry valid DKIM
> signatures.  Either way, I think the generalization is peculiar.  At a
> minimum, say "some systems develop reputations" etc.
>
>
> Almost all major filtering systems (public, commercial and private) have
> some sort of reputation engine in them and I’m pretty comfortable talking
> about it. However, your point is well taken. I don’t think, too, that the
> domain is the reputation, DKIM is really about identity. So, what if we
> change the language from “reputation” to “Identity”
>
> Reputation is the idea that a filtering system can make an informed
> judgment about whether a particular email is wanted or unwanted based on
> the previous history of mail with a similar identity. What DKIM (and other
> authentication methods) gives us is a durable and verifiable domain
> identity to anchor the reputation. The DKIM replay attack vector is taking
> advantage of that identity by, essentially, stealing the reputation of a
> known good domain.
>
> Maybe we don’t  need to mention reputation at all, even. Can we add
> something like this to section 1.1 in the edited document:
>
> DKIM authentication allows domains to create a durable identity to attach
> to email. Since its initial proposal it has been widely deployed by systems
> sending and receiving email. Receiving services use the DKIM identity as
> part of their inbound mail handling, and make delivery decisions based on
> the DKIM domain. Email sending services sign customer email with the
> customer’s own domain, but many also sign with their own domain.
>

Added.


>
>
> I think I concur with the suggestion that wa should drop discussion of
> ARC.  This WG, or the DMARC WG, can develop an update to ARC based on the
> outcome here if the community chooses to do so, but I don't think it should
> be part of this WG's premise.
>
>
> Agreed.
>

I believe there's some value in mentioning the susceptibility of ARC to the
same type of attack.  I've dropped the reference to DMARC.


>
>
> Section 1.2:
>
> The opening sentence that emphasizes non-use of RFC 2119, amusingly,
> forces you to include a reference to RFC 2119.  I suggest instead: "This
> document is not normative in any way."
>
> "administratively" should be "administrative functions" or similar.
> ("users" and "services" are nouns, so this should be too.)S
>
> The "List-*" header fields are defined in RFC 4021.
>
> In "trace and operational headers", "headers" should be "header fields".
>
> Are we actually defining new Mail Handling Services here, or rather
> declaring special cases of Originators and Relays?  Do they become Authors
> again after they've handled/filtered a message?
>
> Are we sure SPF and DMARC should be in scope for this work?  SPF feels
> irrelevant, and DMARC feels like a layer violation.  If we want to do so,
> we could refer the reader to the RFCs defining those protocols just to make
> them aware of the bits of the ecosystem, but then I would leave them out of
> the rest of the document.
>
>
> I don’t think either should be in scope, honestly. They may end up being
> part of the solution space, but the issue here is the DKIM domain.
>

The belief was that there's value in describing how DKIM and SPF are used
together in email authentication, and in any case the mentions of SPF have
been reduced.  I propose the -03 draft keeping what's there now to see if
it is helpful.  If not, I can remove all mentions.


>
> Section 2:
>
> "headers" should be "header fields"
>
> "customized by" the ultimate recipient?  or should that be "for"?
>
> Involvement of SPF here doesn't seem to be needed either.  We only need to
> tall the DKIM story.
> I think the notion of folders also exceeds DKIM's scope.  That's a
> handling choice post-DKIM.  It's enough to highlight that a false positive
> is procured by the attacker, to the attacker's benefit.
>
>
> +1
>
> Section 3:
>
> Does including SPF in this part of the discussion contribute to the
> problem statement or muddy it?  This is about DKIM, not about spam handling
> in general.
>
>
> I think it muddies it, honestly.
>
> Section 3.1's "DKIM" bullet talks about signature survival, while Section
> 3.2's "DKIM" bullet talks about who does the signing.  This seems
> dissonant, or at least makes them hard to compare and contrast since they
> talk about different things.
>
>
> Agreed.
>

It's been removed.


>
> Section 4:
>
> Caching known signatures, a con: adds a potentially expensive database
> component to the receiving service, and will require tinkering to figure
> out what cache duration is appropriate to catch replays while not also
> catching legitimate mail.
>
> The "sign for the next hop" proposal could use a language tweak of some
> kind.  I can't quite put my finger on it.  If it's "sign for the next hop"
> at a host level, I have to know that host; today, I just sign and toss it
> in the queue, and my MTA figures out which MX is going to take it, but if I
> have to know which MX that is, I can't sign until connection time;
> milter-based filters at least don't work that way because the integration
> point doesn't allow it.  If it's actually "sign for the next ADMD", that
> problem goes away, but the definition of "ADMD" gets a bit muddy because
> now you have to include in that definition any MX that might be providing
> transparent store-and-forward.
>
>
> Need to think a little more about this.
>
> Section 5 you won't need.
>
> Section 6 can simply say there are no security considerations for a
> problem statement document, though you anticipate some interesting ones in
> documents to follow.  :-)
>
> Lastly, you can drop the "yet" from Section 7.  :-)
>
>
> Thanks.
> laura
>
>
> -MSK
> _______________________________________________
> Ietf-dkim mailing list
> Ietf-dkim@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf-dkim
>
>
> --
> The Delivery Experts
>
> Laura Atkins
> Word to the Wise
> laura@wordtothewise.com
>
> Email Delivery Blog: http://wordtothewise.com/blog
>
>
>
>
>
>
> _______________________________________________
> Ietf-dkim mailing list
> Ietf-dkim@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf-dkim
>

v2.23.0 | Report a Bug | By Email