IETF Logo Mail Archive

Re: dmarc damage, was gmail users read on... [bozo subtopic]

Wei Chuang <weihaw@google.com> Sun, 14 September 2014 07:36 UTC

Return-Path: <weihaw@google.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B24D41A029D for <ietf@ietfa.amsl.com>; Sun, 14 Sep 2014 00:36:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.03
X-Spam-Level:
X-Spam-Status: No, score=-3.03 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-1.652, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QWoDcwLW-d_C for <ietf@ietfa.amsl.com>; Sun, 14 Sep 2014 00:36:24 -0700 (PDT)
Received: from mail-qa0-x232.google.com (mail-qa0-x232.google.com [IPv6:2607:f8b0:400d:c00::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B1C7D1A0296 for <ietf@ietf.org>; Sun, 14 Sep 2014 00:36:24 -0700 (PDT)
Received: by mail-qa0-f50.google.com with SMTP id dc16so2565159qab.37 for <ietf@ietf.org>; Sun, 14 Sep 2014 00:36:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=MDLQltveOxjRqUx4E07SSEIyVJEWZzM5Y1RA7VJOhNQ=; b=WcPIIHy/9BgzwlGuXrrPT2e8xeJesB8+kyoSGt0NPQf9N17GlV/2zABOrrVkeNQRW8 aMr9Dmlvdtal+eUzNB+0ZDbj4gNxjkc7V2IwO38ENZlo1fNikX9CKYN5lbpm6cYttKeN T0cg4qEPUZPMekhLmeu9HV4OmyoZtDgRbtMrrFHj/emUTIQR48hcJmNkNfSMIWuWc5SR HdBHq5npFo7E9Fhs8EyWJr/E/+efFTEkbh0BGjQKqMahedpwKZE90NcbsZrW6hxhvhnt 7tBwoxFcUrcAwmMMGVnkeoyGsbJjzRUG188eVImkgPIAABuEsOunwAZ+zwVq3YYRJpdI nwzA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=MDLQltveOxjRqUx4E07SSEIyVJEWZzM5Y1RA7VJOhNQ=; b=Sgl8uaiq/lpTJvmlKfx/ObZCVQL6o3GDVMq7QK/Oau5rKjkauYctcjJ7rttz0TdwlN 342nWXxTPNnwDJJToKLcZ1Jj9HyKOz0Wpd8bFoIRsO4vKo6kVqKs6vuLSuKeOANiBv8I jQgST9D8rid+CzzJQGhZob/hJS9D55f0TMVBpZ7dxHvTwDCLUxCN1Cru8zUJyIwhXKCI KKXw04UeAG5pcKwlFxEN3dWMTMyU+YrXk9RU6T9j5WmG/8wv9pOH+Vp8AczPzu+6BTJQ Z5cU80NPRIJc5wJnnqg14GPdUyVzl17r6WO0anJS5a+GJmP4O5E9VqNMH778CZy/Rj+D lTZA==
X-Gm-Message-State: ALoCoQml8AE7+enM3E+AMwfsE+7/Nu7pBzXv3B4d/5FOxuediqNw7WPvLZCh+H0lIJeve5cafft6
X-Received: by 10.140.49.71 with SMTP id p65mr28779781qga.54.1410680183616; Sun, 14 Sep 2014 00:36:23 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.229.116.71 with HTTP; Sun, 14 Sep 2014 00:36:02 -0700 (PDT)
In-Reply-To: <CAL0qLwbT-o_iVfauZ02OQnvyU9m-ZY_k2RA=D1B1ehxbHCnyYg@mail.gmail.com>
References: <20140911202058.3327.qmail@joyce.lan> <541208F6.1010302@dougbarton.us> <bb48b8f170074ddeb25cbb213f613892@DM2PR0301MB0655.namprd03.prod.outlook.com> <CE39F90A45FF0C49A1EA229FC9899B0525E804C0@USCLES544.agna.amgreetings.com> <CAAFsWK0os6Var4K9g+MLvhR5__4bGfH+kg-0uQh7ZE5V6A-fxg@mail.gmail.com> <54132CE9.1010907@dougbarton.us> <CAL0qLwbT-o_iVfauZ02OQnvyU9m-ZY_k2RA=D1B1ehxbHCnyYg@mail.gmail.com>
From: Wei Chuang <weihaw@google.com>
Date: Sun, 14 Sep 2014 00:36:02 -0700
Message-ID: <CAAFsWK1YHS0F3SuxOgUmJ+PtQw-0+zWEb1XPi52WnyEHet-UTg@mail.gmail.com>
Subject: Re: dmarc damage, was gmail users read on... [bozo subtopic]
To: "Murray S. Kucherawy" <superuser@gmail.com>
Content-Type: multipart/alternative; boundary="001a11351c363ca21205030193b1"
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/eGaLRgC9cjNGxnRffgvgiAvf1Ss
Cc: "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Sep 2014 07:36:26 -0000

On Fri, Sep 12, 2014 at 3:16 PM, Murray S. Kucherawy <superuser@gmail.com>
wrote:

> On Fri, Sep 12, 2014 at 10:27 AM, Doug Barton <dougb@dougbarton.us> wrote:
>
>> On 9/12/14 10:20 AM, Wei Chuang wrote:
>>
>>> I also just wanted to bring another high level idea to the table- rather
>>> than discuss which work arounds to mandate (and all have problems), why
>>> not revisit the authentication methods?  In particular the current DKIM
>>> method, while very powerful in the security sense, is very restrictive.
>>>
>>
>> Because the large mail vendors have already spoken, and they like the way
>> that SPF/DKIM/DMARC work. Spending more time talking about how we think
>> they SHOULD work is wasted effort.
>
>
I doubt my personal view are going to change any opinions here, but if you
could put yourselves in the mindset of the engineers trying to fight
phishing attacks at large scale that were damaging the reputation of their
service you might see things differently.  I wouldn't say those large
vendors like SPF/DKIM/DMARC per se and I think its rather that they were
the IETF sanctioned tools that they had at that moment to mitigate what
sounds like a nasty attack.  From that perspective, having a better set of
tools that don't cause collateral damage would be pretty useful in the
future as the adversaries launching those attacks are getting more and more
sophisticated.   (Again this is just my personal opinion)


>
> What's "the current DKIM method" and how is it restrictive?
>

Current is just referring to RFC6376.  I just describe it this way to
differentiate it because I later go onto mention
draft-kucherawy-dkim-list-canon-00 and a concept I pitched early in the
DMARC WG list which are essentially proposed improvements on DKIM.

My notion of restrictive got chopped off in the above reply snippet- but it
was: "Any changes to the signed message parts will cause the authentication
to fail.   For example if a mailing lists modifies the subject or body even
if done so in some sanctioned way, it will fail DKIM.".  These above two
proposed authentication methods allow for the signature verification of the
original message despite modification by some intermediate email proxy e.g.
mailing-list.

-Wei

v2.23.0 | Report a Bug | By Email