Re: dmarc damage, was gmail users read on... [bozo subtopic]
Wei Chuang <weihaw@google.com> Sun, 14 September 2014 07:36 UTC
Return-Path: <weihaw@google.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B24D41A029D for <ietf@ietfa.amsl.com>; Sun, 14 Sep 2014 00:36:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.03
X-Spam-Level:
X-Spam-Status: No, score=-3.03 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-1.652, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QWoDcwLW-d_C for <ietf@ietfa.amsl.com>; Sun, 14 Sep 2014 00:36:24 -0700 (PDT)
Received: from mail-qa0-x232.google.com (mail-qa0-x232.google.com [IPv6:2607:f8b0:400d:c00::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B1C7D1A0296 for <ietf@ietf.org>; Sun, 14 Sep 2014 00:36:24 -0700 (PDT)
Received: by mail-qa0-f50.google.com with SMTP id dc16so2565159qab.37 for <ietf@ietf.org>; Sun, 14 Sep 2014 00:36:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=MDLQltveOxjRqUx4E07SSEIyVJEWZzM5Y1RA7VJOhNQ=; b=WcPIIHy/9BgzwlGuXrrPT2e8xeJesB8+kyoSGt0NPQf9N17GlV/2zABOrrVkeNQRW8 aMr9Dmlvdtal+eUzNB+0ZDbj4gNxjkc7V2IwO38ENZlo1fNikX9CKYN5lbpm6cYttKeN T0cg4qEPUZPMekhLmeu9HV4OmyoZtDgRbtMrrFHj/emUTIQR48hcJmNkNfSMIWuWc5SR HdBHq5npFo7E9Fhs8EyWJr/E/+efFTEkbh0BGjQKqMahedpwKZE90NcbsZrW6hxhvhnt 7tBwoxFcUrcAwmMMGVnkeoyGsbJjzRUG188eVImkgPIAABuEsOunwAZ+zwVq3YYRJpdI nwzA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=MDLQltveOxjRqUx4E07SSEIyVJEWZzM5Y1RA7VJOhNQ=; b=Sgl8uaiq/lpTJvmlKfx/ObZCVQL6o3GDVMq7QK/Oau5rKjkauYctcjJ7rttz0TdwlN 342nWXxTPNnwDJJToKLcZ1Jj9HyKOz0Wpd8bFoIRsO4vKo6kVqKs6vuLSuKeOANiBv8I jQgST9D8rid+CzzJQGhZob/hJS9D55f0TMVBpZ7dxHvTwDCLUxCN1Cru8zUJyIwhXKCI KKXw04UeAG5pcKwlFxEN3dWMTMyU+YrXk9RU6T9j5WmG/8wv9pOH+Vp8AczPzu+6BTJQ Z5cU80NPRIJc5wJnnqg14GPdUyVzl17r6WO0anJS5a+GJmP4O5E9VqNMH778CZy/Rj+D lTZA==
X-Gm-Message-State: ALoCoQml8AE7+enM3E+AMwfsE+7/Nu7pBzXv3B4d/5FOxuediqNw7WPvLZCh+H0lIJeve5cafft6
X-Received: by 10.140.49.71 with SMTP id p65mr28779781qga.54.1410680183616; Sun, 14 Sep 2014 00:36:23 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.229.116.71 with HTTP; Sun, 14 Sep 2014 00:36:02 -0700 (PDT)
In-Reply-To: <CAL0qLwbT-o_iVfauZ02OQnvyU9m-ZY_k2RA=D1B1ehxbHCnyYg@mail.gmail.com>
References: <20140911202058.3327.qmail@joyce.lan> <541208F6.1010302@dougbarton.us> <bb48b8f170074ddeb25cbb213f613892@DM2PR0301MB0655.namprd03.prod.outlook.com> <CE39F90A45FF0C49A1EA229FC9899B0525E804C0@USCLES544.agna.amgreetings.com> <CAAFsWK0os6Var4K9g+MLvhR5__4bGfH+kg-0uQh7ZE5V6A-fxg@mail.gmail.com> <54132CE9.1010907@dougbarton.us> <CAL0qLwbT-o_iVfauZ02OQnvyU9m-ZY_k2RA=D1B1ehxbHCnyYg@mail.gmail.com>
From: Wei Chuang <weihaw@google.com>
Date: Sun, 14 Sep 2014 00:36:02 -0700
Message-ID: <CAAFsWK1YHS0F3SuxOgUmJ+PtQw-0+zWEb1XPi52WnyEHet-UTg@mail.gmail.com>
Subject: Re: dmarc damage, was gmail users read on... [bozo subtopic]
To: "Murray S. Kucherawy" <superuser@gmail.com>
Content-Type: multipart/alternative; boundary="001a11351c363ca21205030193b1"
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/eGaLRgC9cjNGxnRffgvgiAvf1Ss
Cc: "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Sep 2014 07:36:26 -0000
On Fri, Sep 12, 2014 at 3:16 PM, Murray S. Kucherawy <superuser@gmail.com> wrote: > On Fri, Sep 12, 2014 at 10:27 AM, Doug Barton <dougb@dougbarton.us> wrote: > >> On 9/12/14 10:20 AM, Wei Chuang wrote: >> >>> I also just wanted to bring another high level idea to the table- rather >>> than discuss which work arounds to mandate (and all have problems), why >>> not revisit the authentication methods? In particular the current DKIM >>> method, while very powerful in the security sense, is very restrictive. >>> >> >> Because the large mail vendors have already spoken, and they like the way >> that SPF/DKIM/DMARC work. Spending more time talking about how we think >> they SHOULD work is wasted effort. > > I doubt my personal view are going to change any opinions here, but if you could put yourselves in the mindset of the engineers trying to fight phishing attacks at large scale that were damaging the reputation of their service you might see things differently. I wouldn't say those large vendors like SPF/DKIM/DMARC per se and I think its rather that they were the IETF sanctioned tools that they had at that moment to mitigate what sounds like a nasty attack. From that perspective, having a better set of tools that don't cause collateral damage would be pretty useful in the future as the adversaries launching those attacks are getting more and more sophisticated. (Again this is just my personal opinion) > > What's "the current DKIM method" and how is it restrictive? > Current is just referring to RFC6376. I just describe it this way to differentiate it because I later go onto mention draft-kucherawy-dkim-list-canon-00 and a concept I pitched early in the DMARC WG list which are essentially proposed improvements on DKIM. My notion of restrictive got chopped off in the above reply snippet- but it was: "Any changes to the signed message parts will cause the authentication to fail. For example if a mailing lists modifies the subject or body even if done so in some sanctioned way, it will fail DKIM.". These above two proposed authentication methods allow for the signature verification of the original message despite modification by some intermediate email proxy e.g. mailing-list. -Wei
- gmail users read on... Brian E Carpenter
- Re: gmail users read on... Rich Kulawiec
- Re: gmail users read on... Andrew G. Malis
- Re: gmail users read on... Ross Finlayson
- Re: gmail users read on... Michael Richardson
- Re: gmail users read on... Mary Barnes
- RE: gmail users read on... l.wood
- Re: gmail users read on... Ross Finlayson
- Re: gmail users read on... Ted Faber
- Re: gmail users read on... Tim Bray
- Re: gmail users read on... TJ
- Re: gmail users read on... Ross Finlayson
- Re: gmail users read on... Riccardo Bernardini
- Re: gmail users read on... Paul Hoffman
- Re: gmail users read on... TJ
- Re: gmail users read on... Ted Faber
- Re: gmail users read on... joel jaeggli
- Re: gmail users read on... Phillip Hallam-Baker
- Re: gmail users read on... [technical subtopic] Brian E Carpenter
- Re: gmail users read on... [bozo subtopic] Brian E Carpenter
- Re: gmail users read on... [bozo subtopic] Andrew G. Malis
- Re: gmail users read on... [bozo subtopic] Hector Santos
- Re: gmail users read on... [bozo subtopic] Antonio Prado
- Re: gmail users read on... [bozo subtopic] Joe Abley
- Re: gmail users read on... [bozo subtopic] Doug Barton
- Re: dmarc damage, was gmail users read on... [boz… John Levine
- Re: dmarc damage, was gmail users read on... [boz… John C Klensin
- Re: dmarc damage, was gmail users read on... [boz… Doug Barton
- Re: dmarc damage, was gmail users read on... [boz… Doug Barton
- Re: dmarc damage, was gmail users read on... [boz… John Levine
- Re: dmarc damage, was gmail users read on... [boz… John C Klensin
- Re: dmarc damage, was gmail users read on... [boz… Nico Williams
- RE: dmarc damage, was gmail users read on... [boz… Christian Huitema
- Re: dmarc damage, was gmail users read on... [boz… George Michaelson
- Re: dmarc damage, was gmail users read on... [boz… John Levine
- Re: dmarc damage, was gmail users read on... [boz… Miles Fidelman
- Re: dmarc damage, was gmail users read on... [boz… Dave Crocker
- Re: dmarc damage, was gmail users read on... [boz… Theodore Ts'o
- Re: dmarc damage, was gmail users read on... [boz… Donald Eastlake
- Re: dmarc damage, was gmail users read on... [boz… Viktor Dukhovni
- RE: dmarc damage, was gmail users read on... [boz… MH Michael Hammer (5304)
- Re: dmarc damage, was gmail users read on... [boz… Wei Chuang
- Re: dmarc damage, was gmail users read on... [boz… Doug Barton
- Re: dmarc damage, was gmail users read on... [boz… Dave Crocker
- RE: dmarc damage, was gmail users read on... [boz… MH Michael Hammer (5304)
- Re: dmarc damage, was gmail users read on... [boz… Doug Barton
- Re: dmarc damage, was gmail users read on... [boz… Nico Williams
- Re: dmarc damage, was gmail users read on... [boz… Murray S. Kucherawy
- Re: dmarc damage, was gmail users read on... [boz… Murray S. Kucherawy
- Re: dmarc damage, was gmail users read on... [boz… Murray S. Kucherawy
- Re: dmarc damage, was gmail users read on... [boz… Sabahattin Gucukoglu
- Re: dmarc damage, was gmail users read on... [boz… John Levine
- Re: dmarc damage, was gmail users read on... [boz… John C Klensin
- Re: dmarc damage, was gmail users read on... [boz… Wei Chuang
- Re: dmarc damage, was gmail users read on... [boz… Wei Chuang
- Re: gmail users read on... Hector Santos
- Re: dmarc damage, was gmail users read on... [boz… Hector Santos
- Re: dmarc damage, was gmail users read on... [boz… Scott Kitterman
- Re: dmarc damage, was gmail users read on... [boz… Hector Santos
- Re: dmarc damage, was gmail users read on... [boz… Hector Santos
- Re: dmarc damage, was gmail users read on... [boz… Hector Santos
- Re: dmarc damage, was gmail users read on... [boz… Dave Crocker
- Re: gmail users read on... George Michaelson
- Re: dmarc damage, was gmail users read on... [boz… David Morris
- Re: dmarc damage, was gmail users read on... [boz… John Levine
- Re: dmarc damage, was gmail users read on... [boz… Rich Kulawiec
- Re: dmarc damage, was gmail users read on... [boz… Rich Kulawiec