IETF Logo Mail Archive

Re: [Ietf-dkim] Headers that should not be automatically oversigned in a DKIM signature?

Dave Crocker <dcrocker@bbiw.net> Mon, 05 February 2024 22:03 UTC

Return-Path: <dcrocker@bbiw.net>
X-Original-To: ietf-dkim@ietfa.amsl.com
Delivered-To: ietf-dkim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5944C14F6A0 for <ietf-dkim@ietfa.amsl.com>; Mon, 5 Feb 2024 14:03:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.806
X-Spam-Level:
X-Spam-Status: No, score=-2.806 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=bbiw.net header.b="S/QyOVbc"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="ZPwttKDS"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mq7LE-aG6qif for <ietf-dkim@ietfa.amsl.com>; Mon, 5 Feb 2024 14:02:57 -0800 (PST)
Received: from wout1-smtp.messagingengine.com (wout1-smtp.messagingengine.com [64.147.123.24]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EAE29C14F681 for <ietf-dkim@ietf.org>; Mon, 5 Feb 2024 14:02:56 -0800 (PST)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailout.west.internal (Postfix) with ESMTP id D7DAB3200A67; Mon, 5 Feb 2024 17:02:55 -0500 (EST)
Received: from mailfrontend1 ([10.202.2.162]) by compute2.internal (MEProxy); Mon, 05 Feb 2024 17:02:56 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bbiw.net; h=cc :cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to; s=fm2; t=1707170575; x=1707256975; bh=bJcLIegz+z KCsloOfTlaaqYfe48QZgKtob/ABzjApIg=; b=S/QyOVbcoqKkPwYl27xwkEAIcu QX2L7rq9W4deMIwCCth5hF/8Op5ZbyELgcb7xK4KpUiNLg6BUYX/4jNE1VmXZ2Vo 2yv9CUFwI7RtE2R8LGSRSU0wuhm3iXvtbewkkhEwZep7hpxZQbvefXxZB6LchXzH JkJji4le7a5cvW8zDO0U5+4MAZ/ZPASGJMeXXhO1W7/W0jVjbgEqa8PifT4UTrt2 Njg2c8/cdyKFjRPjXegg7M0f9q3DiGrOr88zmfq3l2mOz3D4e4trzsGI7XRgXJlm +zQtSyflKBvDb+DaPkwRObb0ePl1sbzZGtTBK+pxhOHfLOW2eR2eKjc7ox/g==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm3; t=1707170575; x=1707256975; bh=bJcLIegz+zKCsloOfTlaaqYfe48Q ZgKtob/ABzjApIg=; b=ZPwttKDSvQcPEpFnSvtvFPjSb+gh0gWPz0zrG2ZS4R9N 1FocQjX7coJh5+gpRDr3Dn4u495qGUb+2uZcH1Go4ssJcnUT3H4syLqEVGokhCrr GCaFez0Z5IbWavS0i/HaXQgt1cNndhLxWz5F4TnBRrZSQLf09AfLyE4/k56RypXR dF5OhAEtNR+8/VRoGkMBlgsrYB4w5fwLM0jTtLIASseVGbbeQ6du8ZxELpcG1+hS c/0Qe1HDuCcKyQ6jbAtfPJEvRVwQ8McU4fLKKHNwohUB2ANdgkV4ncdNP9unb9Bk Pgi0n0Bx7znXqnYyvd343UmwdsRcM8jKi30zYPRprA==
X-ME-Sender: <xms:D1vBZRT7b-PyIyQS7Au3Wd7wQDlRWD1GmMVBqAD7-VeCbzMM7ZjA8A> <xme:D1vBZaz7p4j4w4CU2mMYsivykzCWJCP26nt8I0W1xZexM15AlDWU0WYX4nPaLy2MF S5mO25SZ-eoYfTfTw>
X-ME-Received: <xmr:D1vBZW0Ikz0F-_N30dO93vJMQoJCxsUrGRGjK9WkoWJ7A7Oye1bZOs3dS9x5yLx3dqIL304rrIwNPJhkG-siXmWVCMSJ3E7RGNujiSfe>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrfedvuddgieegucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurheptgfkffggfgfuvfevfhfhohgjsegrtderredtvdejnecuhfhrohhmpeffrghv vgcuvehrohgtkhgvrhcuoegutghrohgtkhgvrhessggsihifrdhnvghtqeenucggtffrrg htthgvrhhnpeevhfegfeelleffvdeggeeuheekueelgeffteevuddvvdetteekieefveeh gfelheenucffohhmrghinhepsggsihifrdhnvghtnecuvehluhhsthgvrhfuihiivgeptd enucfrrghrrghmpehmrghilhhfrhhomhepuggtrhhotghkvghrsegssghifidrnhgvth
X-ME-Proxy: <xmx:D1vBZZDwi-COJws_gPSWCEggtzilguNkSllwL1S-4cYhOuw8864E5A> <xmx:D1vBZaiRujbiWzavRK-ByhGrjdyqDNZOoutEVq8mIcEBcysqk3aNPg> <xmx:D1vBZdqQE2SQkbQ-21UdKPaImjaN8WwCS36-CZDj9j5qbz4_1Bb4oQ> <xmx:D1vBZSLmPVVj-Ae1OuxtXqfttnoEl4lMgacqRxjX5kkRqpbwgJ2rUA>
Feedback-ID: i16d9478d:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 5 Feb 2024 17:02:54 -0500 (EST)
Content-Type: multipart/alternative; boundary="------------45TGnNaK0h2r6jzoEfZPCR49"
Message-ID: <33756c23-7ff5-4ce1-a326-270155da4125@bbiw.net>
Date: Mon, 05 Feb 2024 14:02:53 -0800
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: Jim Fenton <fenton@bluepopcorn.net>
Cc: ietf-dkim@ietf.org
References: <20240119192026.DEDFF810437D@ary.qy> <20240120000053.FrDLzS4U@steffen%sdaoden.eu> <3f72e0c3-d245-16f7-57b2-831bfa53efbd@taugh.com> <4F161749-91D6-4E2D-AF70-89C5F172B971@isdg.net> <64f0cfd3-9d86-4d5e-b213-d0e53972c65a@tana.it> <af70d974-b2cb-4ac3-af9f-f0461238ebbb@isdg.net> <0cb52576-67af-4248-9866-5d2e2ef1adfd@tana.it> <8EA4F7EB-CBAF-4CBA-AD3B-03ECC8B05172@isdg.net> <012291f4-5098-4e6b-b9b9-a7e1fd681138@tana.it> <e59bbaa2-945c-4ed8-85b4-3a79ebc8bfbd@dcrocker.net> <20240205212412.Kq4PkTNC@steffen%sdaoden.eu> <1c0a74ed-9366-4e11-9604-eab211a17046@dcrocker.net> <7035E051-7B4D-4CE1-A923-7BE59FC76195@bluepopcorn.net>
From: Dave Crocker <dcrocker@bbiw.net>
Organization: Brandenburg InternetWorking
In-Reply-To: <7035E051-7B4D-4CE1-A923-7BE59FC76195@bluepopcorn.net>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-dkim/r_SuVW5NdY3lWDhhPG5yX3LP2jU>
Subject: Re: [Ietf-dkim] Headers that should not be automatically oversigned in a DKIM signature?
X-BeenThere: ietf-dkim@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DKIM List <ietf-dkim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-dkim/>
List-Post: <mailto:ietf-dkim@ietf.org>
List-Help: <mailto:ietf-dkim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Feb 2024 22:03:01 -0000

On 2/5/2024 1:56 PM, Jim Fenton wrote:
> nd you will also provide citations to refereed research about what you just asserted as well, yes?


Ahh, you want me to prove the negative. That's not exactly how these 
things go.

When someone says something works, the burden of documenting it is on them.

When someone says something does not work, it is sufficient to note that 
we have some decades of efforts and no serious documentation of 
efficacy.  And a very large scale example of it /not/ working, as I noted.

Bottom line: Claiming that we just need to train users better is a way 
of dodging any serious effort to deal with the topic.  The nature of 
human cognition, and the challenges of adequately encoding essential 
security-related information that is effective for 90% of users(*) works 
very aggressively against any claim that this is something that can 
usefully be dealt with by user training.

d/

(*)  When someone talks about 'average' users, one has left off (at 
least) half the user population...

-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net
mast:@dcrocker@mastodon.social

v2.23.0 | Report a Bug | By Email