Re: DMARC: perspectives from a listadmin of large open-source lists

Miles Fidelman <mfidelman@meetinghouse.net> Wed, 16 April 2014 04:20 UTC

Return-Path: <mfidelman@meetinghouse.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65AD21A0049 for <ietf@ietfa.amsl.com>; Tue, 15 Apr 2014 21:20:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.881
X-Spam-Level:
X-Spam-Status: No, score=-0.881 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MISSING_HEADERS=1.021, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rh9Xv5ygSXUd for <ietf@ietfa.amsl.com>; Tue, 15 Apr 2014 21:20:23 -0700 (PDT)
Received: from server1.neighborhoods.net (server1.neighborhoods.net [207.154.13.48]) by ietfa.amsl.com (Postfix) with ESMTP id 89DB01A006B for <ietf@ietf.org>; Tue, 15 Apr 2014 21:20:23 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by server1.neighborhoods.net (Postfix) with ESMTP id 02E07CC0A1 for <ietf@ietf.org>; Wed, 16 Apr 2014 00:20:18 -0400 (EDT)
X-Virus-Scanned: by amavisd-new-2.6.2 (20081215) (Debian) at neighborhoods.net
Received: from server1.neighborhoods.net ([127.0.0.1]) by localhost (server1.neighborhoods.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id lHdXK2RQZ8RG for <ietf@ietf.org>; Wed, 16 Apr 2014 00:20:09 -0400 (EDT)
Received: from new-host.home (pool-173-76-155-14.bstnma.fios.verizon.net [173.76.155.14]) by server1.neighborhoods.net (Postfix) with ESMTPSA id 0750ECC09F for <ietf@ietf.org>; Wed, 16 Apr 2014 00:20:08 -0400 (EDT)
Message-ID: <534E04F8.805@meetinghouse.net>
Date: Wed, 16 Apr 2014 00:20:08 -0400
From: Miles Fidelman <mfidelman@meetinghouse.net>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:28.0) Gecko/20100101 Firefox/28.0 SeaMonkey/2.25
MIME-Version: 1.0
CC: "ietf@ietf.org list" <ietf@ietf.org>
Subject: Re: DMARC: perspectives from a listadmin of large open-source lists
References: <20140414024956.26078.qmail@joyce.lan> <534B524F.4050206@dcrocker.net> <alpine.BSF.2.00.1404132327560.26258@joyce.lan> <E0B7196CB2603B80BBEC21AF@JcK-HP8200.jck.com> <alpine.BSF.2.00.1404132346420.26386@joyce.lan> <1EBDF5239EEE5202D3837D25@JcK-HP8200.jck.com> <534B9760.90301@dougbarton.us> <6C80882F19CCEDFE15E987CA@JcK-HP8200.jck.com> <534BEF75.5060804@bbiw.net> <534DB093.5020507@qti.qualcomm.com> <763CF376-1776-489A-A97E-FB65E77214BF@me.com>
In-Reply-To: <763CF376-1776-489A-A97E-FB65E77214BF@me.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/LiCG_m3N8S1VxWz0_6mwUdBpus8
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Apr 2014 04:20:27 -0000

Sabahattin Gucukoglu wrote:
> On 15 Apr 2014, at 23:20, Pete Resnick <presnick@qti.qualcomm.com> wrote:
> That suffers the same problems as X-O-A-R: you have to know when to trust the intermediate.  In the absence of that knowledge, any message transformation is invisible to the recipient, and potentially malicious.  You would have to invent a scheme for identifying transformations, so users could verify them against the original sender's signature.
>
> DMARC has put *ALL* the trust into the From: field.  That is very unfortunate, but it seems to be the DMARC peoples' idea of a foolproof, user-visible identifier.
>

First off, with xoar, you don't have to trust the intermediary.  If one 
removes DMARC's alignment mechanism - you can validate that a message 
originated from a yahoo address by dint of the crypto signature - as 
long as you don't modify any of the fields that get signed.  Now if you 
want to allow modification of the subject field (e.g., adding a tag) 
and/or the body (e.g., adding header and footer) - then you might have 
to be a little cleverer, perhaps by providing information about the 
diffs in extra headers and doing a few comparisons at the receiving end 
(subject tag = *****<original-signed-subject>).

It's worth noting that way back in 1999, the folks who designed HTTP 1.1 
designed an authentication scheme that works through proxies. They took 
the time to actually acknowledge mechanisms that were in use (i.e., 
caching proxies) and design mechanisms that could work in concert with 
them (and yes, in some cases the proxies have to do new things).  Those 
involved in DMARC, seemingly, did not take the same care to respect the 
infrastructure.

Miles Fidelman


-- 
In theory, there is no difference between theory and practice.
In practice, there is.   .... Yogi Berra