Re: [IETF] DMARC methods in mailman
John C Klensin <john-ietf@jck.com> Tue, 27 December 2016 18:13 UTC
Return-Path: <john-ietf@jck.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4AF8B12948C for <ietf@ietfa.amsl.com>; Tue, 27 Dec 2016 10:13:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MnTPyEfPj68w for <ietf@ietfa.amsl.com>; Tue, 27 Dec 2016 10:13:01 -0800 (PST)
Received: from bsa3.jck.com (static-65-175-133-137.cpe.metrocast.net [65.175.133.137]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C43A41293F4 for <ietf@ietf.org>; Tue, 27 Dec 2016 10:13:01 -0800 (PST)
Received: from hp5.int.jck.com ([198.252.137.153] helo=JcK-HP5.jck.com) by bsa3.jck.com with esmtp (Exim 4.82 (FreeBSD)) (envelope-from <john-ietf@jck.com>) id 1cLwF8-000MNB-3n; Tue, 27 Dec 2016 13:12:58 -0500
Date: Tue, 27 Dec 2016 13:12:53 -0500
From: John C Klensin <john-ietf@jck.com>
To: Theodore Ts'o <tytso@mit.edu>
Subject: Re: [IETF] DMARC methods in mailman
Message-ID: <E663971D38069E9EA13A5072@JcK-HP5.jck.com>
In-Reply-To: <20161227161045.ntov3e3mqvoorn7i@thunk.org>
References: <20161227013401.11378.qmail@ary.lan> <A2F8894E-C983-42F2-9EB9-3E7032615F86@dukhovni.org> <20161227161045.ntov3e3mqvoorn7i@thunk.org>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/JUmrANXj799eaknBZqB-ANQy-fk>
Cc: IETF general list <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Dec 2016 18:13:03 -0000
An observation on this one part of Ted's note... --On Tuesday, December 27, 2016 11:10 AM -0500 Theodore Ts'o <tytso@mit.edu> wrote: > All of the various solutions have downsides, or fit into the > category of, "in the long term, it will allow for easier > phishing, so the people who have inflicted DMARC on e-mail > will have a some other non-standard change that will screw > over mailing lists *again*" --- some of the MUA changes > proposed fall into this latter category; if they are done on a > wide scale, they *will* inspire the big mail providers to > disallow List-ID: or Sender: headers. I think this is one key issue the community keeps losing sight of in this discussion. When a technique is invented that we know how to break or get around and then use it to attack a problem in the hope that the bad guys are too dumb (or just won't bother) to develop and apply the workarounds, we create a few additional problems. First, the "lazy and stupid bad guys" assumption often turns out to be a matter of scale and economics: as long as enough messages (or other attacks) get through, they may not care but, if our technique has a real and significant impact, then, in most cases, the workarounds will be applied. Such application will have at least two bad effects: it will increase the economic and/or operational costs to the good folks and/or victims and it will, in Paul Vixie's words, make the bad guys smarter. Second, even before that transition occurs, it will have an effect that some of us find objectionable on moral grounds -- shifting the risks and impacts to those least able to defend themselves. Both burden-shifting and creating obstacles that encourage more sophisticated behavior by attackers are reasons we have given against weak crypto an ineffective privacy protections, yet we find ourselves embracing similarly-weak techniques in the hope that they will help control spam, phishing, etc., for a while. Sorry, but I don't get the latter as being any more reasonable. john
- Re: [IETF] DMARC methods in mailman John Levine
- Re: DMARC methods in mailman Philip Homburg
- Re: DMARC methods in mailman John Levine
- Re: DMARC methods in mailman Theodore Ts'o
- Re: DMARC methods in mailman Randy Bush
- Re: DMARC methods in mailman Philip Homburg
- Re: DMARC methods in mailman John R Levine
- Re: DMARC methods in mailman S Moonesamy
- Re: DMARC methods in mailman Philip Homburg
- Re: DMARC methods in mailman Philip Homburg
- Re: DMARC methods in mailman Theodore Ts'o
- Re: DMARC methods in mailman S Moonesamy
- Re: DMARC methods in mailman Alexey Melnikov
- DMARC stats for IETF mailing lists (was DMARC met… Alexey Melnikov
- Re: DMARC methods in mailman S Moonesamy
- RE: DMARC methods in mailman Christian Huitema
- Re: DMARC methods in mailman John Levine
- Re: DMARC methods in mailman Randy Bush
- Re: [IETF] DMARC methods in mailman Viktor Dukhovni
- Re: [IETF] DMARC methods in mailman Philip Homburg
- Re: [IETF] DMARC methods in mailman Yoav Nir
- Re: [IETF] DMARC methods in mailman Viktor Dukhovni
- Re: [IETF] DMARC methods in mailman Ted Lemon
- Re: [IETF] DMARC methods in mailman tom p.
- Re: [IETF] DMARC methods in mailman Patrik Fältström
- Re: [IETF] DMARC methods in mailman Philip Homburg
- Re: [IETF] DMARC methods in mailman Theodore Ts'o
- Re: [IETF] DMARC methods in mailman John C Klensin
- Re: [IETF] DMARC methods in mailman Viktor Dukhovni
- Re: [IETF] DMARC methods in mailman John Levine
- Re: [IETF] DMARC methods in mailman Theodore Ts'o
- Re: [IETF] DMARC methods in mailman Viktor Dukhovni
- RE: [IETF] DMARC methods in mailman Christian Huitema
- Re: [IETF] DMARC methods in mailman Viktor Dukhovni
- Re: [IETF] DMARC methods in mailman S Moonesamy
- Re: [IETF] DMARC methods in mailman Dave Crocker
- Re: [IETF] DMARC methods in mailman Theodore Ts'o
- Re: [IETF] DMARC methods in mailman John C Klensin
- Re: [IETF] DMARC methods in mailman Dave Crocker
- RE: [IETF] DMARC methods in mailman Christian Huitema
- Re: [IETF] DMARC methods in mailman Dave Crocker
- Re: [IETF] DMARC methods in mailman Viktor Dukhovni
- Re: [IETF] DMARC methods in mailman Dave Crocker
- Re: [IETF] DMARC methods in mailman Viktor Dukhovni
- Re: [IETF] DMARC methods in mailman Viktor Dukhovni