IETF Logo Mail Archive

Re: Suggestion: can we test DEMARC deployment with a mailing list?

Christopher Morrow <morrowc.lists@gmail.com> Fri, 02 May 2014 18:22 UTC

Return-Path: <christopher.morrow@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 558DD1A092E; Fri, 2 May 2014 11:22:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F2XDs-VzUYlC; Fri, 2 May 2014 11:22:28 -0700 (PDT)
Received: from mail-lb0-x22d.google.com (mail-lb0-x22d.google.com [IPv6:2a00:1450:4010:c04::22d]) by ietfa.amsl.com (Postfix) with ESMTP id CF8AB1A0911; Fri, 2 May 2014 11:22:27 -0700 (PDT)
Received: by mail-lb0-f173.google.com with SMTP id u14so974599lbd.18 for <multiple recipients>; Fri, 02 May 2014 11:22:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type:content-transfer-encoding; bh=T7HNnMaUAXs8ZttvrCl2X4d+wT10rQu4jn/fvRkZX5c=; b=bcwLOZpCveBuxTv/CsLnr0/2/UoMRazMOngNMkq6SDNLOiZo1leVS6MhjkXCxV4MCC +IsPk4C+ykdDB+NUuYbSd5CKM4d6Txhkhsy2X2k4MpzkZCHcCGRHPX+QqC5/x7ns9rO1 NkTPuOjnaJr4scjsZdS5IkOr0O6ifv/Qe4jJsNZZ++r4SgPqVKAGJRf1VWmf7A9J3+3c LdSQZpFKqx9O8H+uO/+6Q7mRlHl6MKquzbzGLa33Z3PwdId9xFZjoYQdAX7AJ4xRzdb6 jMvYEcYG/CxGg/RZc1BBmEsPO7WjjV6Tp5Jl0t3TdoHhlTVKBeehHXZ0/XQ9i4gXnmjs bRzA==
MIME-Version: 1.0
X-Received: by 10.112.100.231 with SMTP id fb7mr1323587lbb.56.1399054944722; Fri, 02 May 2014 11:22:24 -0700 (PDT)
Sender: christopher.morrow@gmail.com
Received: by 10.114.95.74 with HTTP; Fri, 2 May 2014 11:22:24 -0700 (PDT)
In-Reply-To: <28671EE8-A8B9-40D1-9268-527A8FFC34AD@cisco.com>
References: <28671EE8-A8B9-40D1-9268-527A8FFC34AD@cisco.com>
Date: Fri, 02 May 2014 14:22:24 -0400
X-Google-Sender-Auth: eWe6S61EkJB_DVeWSVuQR0vBeZo
Message-ID: <CAL9jLaZEbPyOY4BfSAvYpuEP_X_KLEuP8T7gLFT8OMzbkO5hLw@mail.gmail.com>
Subject: Re: Suggestion: can we test DEMARC deployment with a mailing list?
From: Christopher Morrow <morrowc.lists@gmail.com>
To: "Fred Baker (fred)" <fred@cisco.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/QWPi5i02FAQoHoS4RSVoSYO9bwQ
Cc: "dmarc@ietf.org" <dmarc@ietf.org>, IETF <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 May 2014 18:22:29 -0000

On Fri, May 2, 2014 at 2:05 PM, Fred Baker (fred) <fred@cisco.com> wrote:
> We have been having a fairly extended discussion, much of which seems hypothetical - “I don’t like DEMARC because I am worried that ... with mailing lists”. I wonder if we could take a moment to try it and see what happens?
>
> As an example of the case that comes to mind, see attached. It is a message sent to v6ops@ietf.org yesterday. The sender signed it using DKIM, the IETF changed the message (added some trailing text) before forwarding it, the receiver (e.g., Cisco IT) attempted to validate the DKIM signature - and failed.
>

dkim != dmarc (but maybe that wasn't your point)

> It seems to me that we should not approve a procedure that has that effect, at least without some guidance for mail relay administrators. I could imagine two forms of guidance: “obey the end-to-end principle; don’t change the message the originator sent”, or “if you change a signed message, first validate the message you received and discard if that fails, change it, and then sign it yourself, so that a receiver can see who changed it and validate the outcome”.
>
> Could we actually try such guidance in a sandbox, and document appropriate procedures for mailing lists?
>

which mailing list software? or did you mean test a general solution
and document the general solution?

>
>
>

v2.23.0 | Report a Bug | By Email