Re: (DMARC) We've been here before, was Why mailing lists

Theodore Ts'o <tytso@mit.edu> Fri, 18 April 2014 15:42 UTC

Return-Path: <tytso@thunk.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6B651A03CA for <ietf@ietfa.amsl.com>; Fri, 18 Apr 2014 08:42:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.173
X-Spam-Level:
X-Spam-Status: No, score=-2.173 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RP_MATCHES_RCVD=-0.272, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t9s6eu1A8SzP for <ietf@ietfa.amsl.com>; Fri, 18 Apr 2014 08:42:02 -0700 (PDT)
Received: from imap.thunk.org (imap.thunk.org [IPv6:2600:3c02::f03c:91ff:fe96:be03]) by ietfa.amsl.com (Postfix) with ESMTP id 7728E1A022A for <ietf@ietf.org>; Fri, 18 Apr 2014 08:42:02 -0700 (PDT)
Received: from root (helo=closure.thunk.org) by imap.thunk.org with local-esmtp (Exim 4.80) (envelope-from <tytso@thunk.org>) id 1WbAvN-00035U-F9; Fri, 18 Apr 2014 15:41:57 +0000
Received: by closure.thunk.org (Postfix, from userid 15806) id CBD60580598; Fri, 18 Apr 2014 11:41:56 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=thunk.org; s=ef5046eb; t=1397835716; bh=Lx+I59O3+Hq51CTG1aXLTzSkuljbY2ATc2WXgcCdKm0=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=uYv3/EQGiHLRMy95Ss+DvcaDYEG9ervILlybFsN5lTGGZy/djJDjV5Xt2l66+a+P7 OlxRjAL56wVLw5if2h73dyuoVljObg8IZ/FrhssKUGRkwmq+xZ3n1fG5Rx8NQ0nrOv /4oHWT8iEe+si+keu8qV60viV44kLnY43uirdzzE=
Date: Fri, 18 Apr 2014 11:41:56 -0400
From: Theodore Ts'o <tytso@mit.edu>
To: "Murray S. Kucherawy" <superuser@gmail.com>
Subject: Re: (DMARC) We've been here before, was Why mailing lists
Message-ID: <20140418154156.GB31301@thunk.org>
References: <20140417181815.8A5871ACD1@ld9781.wdf.sap.corp> <9451.1397772992@sandelman.ca> <CAL0qLwa0a4nDAdCHkkMJdeemsj+cezcmH3+59CvhF8q7B72ryg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAL0qLwa0a4nDAdCHkkMJdeemsj+cezcmH3+59CvhF8q7B72ryg@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Mail-From: tytso@thunk.org
X-SA-Exim-Scanned: No (on imap.thunk.org); SAEximRunCond expanded to false
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/gp3fPqE2d7ePaP2TQ1lvjNfJZt8
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, Pete Resnick <presnick@qti.qualcomm.com>, John R Levine <johnl@taugh.com>, "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Apr 2014 15:42:07 -0000

On Fri, Apr 18, 2014 at 08:20:55AM -0700, Murray S. Kucherawy wrote:
> 
> http://tools.ietf.org/html/draft-kucherawy-dmarc-base-04#section-15.1
> 
> One of the key points about DMARC's design is that it's concerned
> specifically with From:.  The reason is that the content of From: is what's
> typically shown to the recipient by MUAs.  If DMARC keyed off Sender:
> instead, then this would work:
> 
> MAIL FROM: haha@badguy.example.com
> 
> From: security@paypal.com
> Sender: haha@badguy.example.com
> DKIM-Signature: v=1; d=badguy.example.com; ...
> 
> If DMARC pays attention to Sender: in favor of From:, then this passes, but
> what the user is shown that the message is from security@paypal.com with a
> DMARC pass.  Not good.

So what happens if MUA's, because users don't want to see the "From: "
line when it's been reset to a mailing list address, ends up showing
the users what they want, which is the original sender of the mailing
list post?  It doesn't matter how or where we encode this information,
whether it's in a comment in the rewritten From: field, or in a
"X-Really-From: " header, or in the body of the message.  If there's a
convention, whether it is in a standard or de facto, there **will** be
cases when the users really want the original From header, and then
what will the DMARC promoters do then?

Try to ram through DMARC II that forces alignment of the
"X-Really-From: " header, or whatever else we end up using?

		  	     	      	      	  - Ted