Re: (DMARC) We've been here before, was Why mailing lists

Theodore Ts'o <tytso@mit.edu> Fri, 18 April 2014 21:04 UTC

Return-Path: <tytso@thunk.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B2011A0468 for <ietf@ietfa.amsl.com>; Fri, 18 Apr 2014 14:04:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.173
X-Spam-Level:
X-Spam-Status: No, score=-2.173 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RP_MATCHES_RCVD=-0.272, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SwBFt2lePn5Q for <ietf@ietfa.amsl.com>; Fri, 18 Apr 2014 14:04:35 -0700 (PDT)
Received: from imap.thunk.org (imap.thunk.org [IPv6:2600:3c02::f03c:91ff:fe96:be03]) by ietfa.amsl.com (Postfix) with ESMTP id 12D8B1A043B for <ietf@ietf.org>; Fri, 18 Apr 2014 14:04:35 -0700 (PDT)
Received: from root (helo=closure.thunk.org) by imap.thunk.org with local-esmtp (Exim 4.80) (envelope-from <tytso@thunk.org>) id 1WbFxV-0005av-GH; Fri, 18 Apr 2014 21:04:29 +0000
Received: by closure.thunk.org (Postfix, from userid 15806) id D61C75801C3; Fri, 18 Apr 2014 17:04:28 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=thunk.org; s=ef5046eb; t=1397855068; bh=0VNnvvK767ayu6WriFwbeJuKrw95nGbSIcfObcPq2sk=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=ne/HooW8E7ENKLIxv8XjPWcoXEcPtDQ5zp5vNsVKVjqQ2bzWCoRTMndhVektvncgm tYIOgfy54+F6+U3t9ajz6q+HsHlb6WAmsgIb4Gux57wNxrVFvn1gBFGpfX7HKQF/Cu EEnkXM/t3EUkZp1zU6w0+/cl3lpel0soVt03TQfA=
Date: Fri, 18 Apr 2014 17:04:28 -0400
From: Theodore Ts'o <tytso@mit.edu>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Subject: Re: (DMARC) We've been here before, was Why mailing lists
Message-ID: <20140418210428.GC23005@thunk.org>
References: <20140417181815.8A5871ACD1@ld9781.wdf.sap.corp> <9451.1397772992@sandelman.ca> <CAL0qLwa0a4nDAdCHkkMJdeemsj+cezcmH3+59CvhF8q7B72ryg@mail.gmail.com> <53518F69.90703@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <53518F69.90703@gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Mail-From: tytso@thunk.org
X-SA-Exim-Scanned: No (on imap.thunk.org); SAEximRunCond expanded to false
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/C0YFUmCEHdd9s0p84QJ2ARvCb00
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, Pete Resnick <presnick@qti.qualcomm.com>, "ietf@ietf.org" <ietf@ietf.org>, John R Levine <johnl@taugh.com>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Apr 2014 21:04:39 -0000

On Sat, Apr 19, 2014 at 08:47:37AM +1200, Brian E Carpenter wrote:
> 
> So, if the From says
> 
> From: goodguy@yahoo.com <haha@badguy.example.com>
> 
> many UAs would show only goodguy@yahoo.com as the sender,
> but badguy could have passed DMARC, no?
> 
> This would not exactly enhance goodguy's reputation,
> or Yahoo's for that matter. I realise it isn't the exploit
> that Yahoo is trying to stop, but it suggests to me that
> DMARC is only plugging one small hole in a very leaky dam.

Iif the problem is trying to protect goodguy or yahoo.com's
reputation, I wonder if a better approach would have been to have
yahoo.com issue all of its users S/MIME certificates, and then had a
DMARC-like policy requesting recipients: "if the e-mail has the From:
field of yahoo.com, and it's not an S/MIME-signed e-mail with a
yahoo.com certificate, reject the e-mail".

After all, we know S/MIME successfully passes through mailing lists,
and if in fact the message was appropriately signed using an S/MIME
cert, it would be quite natural to have the UA's display the
information from the Common Name field of the cert.

That would solve a host of problems, including the hand-wringing
around how S/MIME has lots of deployed users, but very few deployed
certs.

						- Ted