Re: [IETF] DMARC methods in mailman

John C Klensin <john-ietf@jck.com> Tue, 27 December 2016 18:13 UTC

Return-Path: <john-ietf@jck.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4AF8B12948C for <ietf@ietfa.amsl.com>; Tue, 27 Dec 2016 10:13:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MnTPyEfPj68w for <ietf@ietfa.amsl.com>; Tue, 27 Dec 2016 10:13:01 -0800 (PST)
Received: from bsa3.jck.com (static-65-175-133-137.cpe.metrocast.net [65.175.133.137]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C43A41293F4 for <ietf@ietf.org>; Tue, 27 Dec 2016 10:13:01 -0800 (PST)
Received: from hp5.int.jck.com ([198.252.137.153] helo=JcK-HP5.jck.com) by bsa3.jck.com with esmtp (Exim 4.82 (FreeBSD)) (envelope-from <john-ietf@jck.com>) id 1cLwF8-000MNB-3n; Tue, 27 Dec 2016 13:12:58 -0500
Date: Tue, 27 Dec 2016 13:12:53 -0500
From: John C Klensin <john-ietf@jck.com>
To: Theodore Ts'o <tytso@mit.edu>
Subject: Re: [IETF] DMARC methods in mailman
Message-ID: <E663971D38069E9EA13A5072@JcK-HP5.jck.com>
In-Reply-To: <20161227161045.ntov3e3mqvoorn7i@thunk.org>
References: <20161227013401.11378.qmail@ary.lan> <A2F8894E-C983-42F2-9EB9-3E7032615F86@dukhovni.org> <20161227161045.ntov3e3mqvoorn7i@thunk.org>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/JUmrANXj799eaknBZqB-ANQy-fk>
Cc: IETF general list <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Dec 2016 18:13:03 -0000

An observation on this one part of Ted's note...

--On Tuesday, December 27, 2016 11:10 AM -0500 Theodore Ts'o
<tytso@mit.edu> wrote:

> All of the various solutions have downsides, or fit into the
> category of, "in the long term, it will allow for easier
> phishing, so the people who have inflicted DMARC on e-mail
> will have a some other non-standard change that will screw
> over mailing lists *again*" --- some of the MUA changes
> proposed fall into this latter category; if they are done on a
> wide scale, they *will* inspire the big mail providers to
> disallow List-ID: or Sender: headers.

I think this is one key issue the community keeps losing sight
of in this discussion.  When a technique is invented that we
know how to break or get around and then use it to attack a
problem in the hope that the bad guys are too dumb (or just
won't bother) to develop and apply the workarounds, we create a
few additional problems.  First, the "lazy and stupid bad guys"
assumption often turns out to be a matter of scale and
economics: as long as enough messages (or other attacks) get
through, they may not care but, if our technique has a real and
significant impact, then, in most cases, the workarounds will be
applied.  Such application will have at least two bad effects:
it will increase the economic and/or operational costs to the
good folks and/or victims and it will, in Paul Vixie's words,
make the bad guys smarter.  Second, even before that transition
occurs, it will have an effect that some of us find
objectionable on moral grounds -- shifting the risks and impacts
to those least able to defend themselves.

Both burden-shifting and creating obstacles that encourage more
sophisticated behavior by attackers are reasons we have given
against weak crypto an ineffective privacy protections, yet we
find ourselves embracing similarly-weak techniques in the hope
that they will help control spam, phishing, etc., for a while.
Sorry, but I don't get the latter as being any more reasonable.

   john