Re: [marf] Adrian Farrel's No Objection on draft-ietf-marf-as-15: (with COMMENT)

"Murray S. Kucherawy" <msk@cloudmark.com> Wed, 25 April 2012 20:42 UTC

Return-Path: <msk@cloudmark.com>
X-Original-To: marf@ietfa.amsl.com
Delivered-To: marf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4321A21F889F for <marf@ietfa.amsl.com>; Wed, 25 Apr 2012 13:42:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.556
X-Spam-Level:
X-Spam-Status: No, score=-102.556 tagged_above=-999 required=5 tests=[AWL=0.043, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bdkTl3b5xK1Q for <marf@ietfa.amsl.com>; Wed, 25 Apr 2012 13:42:41 -0700 (PDT)
Received: from mail.cloudmark.com (cmgw1.cloudmark.com [208.83.136.25]) by ietfa.amsl.com (Postfix) with ESMTP id 96EA421F8898 for <marf@ietf.org>; Wed, 25 Apr 2012 13:42:41 -0700 (PDT)
Received: from ht1-outbound.cloudmark.com ([72.5.239.25]) by mail.cloudmark.com with bizsmtp id 2LiX1j0010ZaKgw01LiX3m; Wed, 25 Apr 2012 13:42:40 -0700
X-CMAE-Match: 0
X-CMAE-Score: 0.00
X-CMAE-Analysis: v=2.0 cv=VPNfbqzX c=1 sm=1 a=LdFkGDrDWH2mcjCZERnC4w==:17 a=LvckAehuu68A:10 a=Qrv36LpUKT8A:10 a=zutiEJmiVI4A:10 a=IkcTkHD0fZMA:10 a=xqWC_Br6kY4A:10 a=AEDFM0qtAAAA:8 a=48vgC7mUAAAA:8 a=S7-SrpCrxlHfzrctZQUA:9 a=3p4wycy5GqjIVkBUmPoA:7 a=QEXdDO2ut3YA:10 a=jqlaW5bC1iAA:10 a=lZB815dzVvQA:10 a=LdFkGDrDWH2mcjCZERnC4w==:117
Received: from EXCH-MBX901.corp.cloudmark.com ([fe80::addf:849a:f71c:4a82]) by exch-htcas901.corp.cloudmark.com ([fe80::2524:76b6:a865:539c%10]) with mapi id 14.01.0355.002; Wed, 25 Apr 2012 13:42:31 -0700
From: "Murray S. Kucherawy" <msk@cloudmark.com>
To: "adrian@olddog.co.uk" <adrian@olddog.co.uk>, 'The IESG' <iesg@ietf.org>
Thread-Topic: Adrian Farrel's No Objection on draft-ietf-marf-as-15: (with COMMENT)
Thread-Index: AQHNIwXRTxBGS3SrIUOXRS0NLNxzHpar+fwAgAB6MQD//4sbAA==
Date: Wed, 25 Apr 2012 20:42:31 +0000
Message-ID: <9452079D1A51524AA5749AD23E003928102A1B@exch-mbx901.corp.cloudmark.com>
References: <20120425170640.27848.77721.idtracker@ietfa.amsl.com> <9452079D1A51524AA5749AD23E00392810297C@exch-mbx901.corp.cloudmark.com> <073501cd2322$71120900$53361b00$@olddog.co.uk>
In-Reply-To: <073501cd2322$71120900$53361b00$@olddog.co.uk>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.20.2.121]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudmark.com; s=default; t=1335386560; bh=QIHegDMdTdnOgmq2LGLEsCaiP9moxX6iFtjWVYivUHw=; h=From:To:CC:Subject:Date:Message-ID:References:In-Reply-To: Content-Type:Content-Transfer-Encoding:MIME-Version; b=Gi/gVe5j87HvsFS32ckubkmlsi9gfT44dJqHeIdhhDwH8EqoxAhXbiz9nyVakI0+u u8sQcaGmKH//nsIQT6Qrd4v//LLQu2eisqXbmIXk+I5lLkOZCz6wwzWWTRPI+oIU6u z87/Z7vv6yskyCFLoWChQ4in0ZXLCnX3kmjHDspA=
Cc: "draft-ietf-marf-as@tools.ietf.org" <draft-ietf-marf-as@tools.ietf.org>, "marf-chairs@tools.ietf.org" <marf-chairs@tools.ietf.org>, "marf@ietf.org" <marf@ietf.org>
Subject: Re: [marf] Adrian Farrel's No Objection on draft-ietf-marf-as-15: (with COMMENT)
X-BeenThere: marf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Message Abuse Report Format working group discussion list <marf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/marf>, <mailto:marf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/marf>
List-Post: <mailto:marf@ietf.org>
List-Help: <mailto:marf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/marf>, <mailto:marf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Apr 2012 20:42:42 -0000

> -----Original Message-----
> From: Adrian Farrel [mailto:adrian@olddog.co.uk]
> Sent: Wednesday, April 25, 2012 1:32 PM
> To: Murray S. Kucherawy; 'The IESG'
> Cc: marf-chairs@tools.ietf.org; draft-ietf-marf-as@tools.ietf.org;
> marf@ietf.org
> Subject: RE: Adrian Farrel's No Objection on draft-ietf-marf-as-15:
> (with COMMENT)
> 
> Simply (to my reading - which you may ignore if you feel I am not
> reading clearly) that the thought you captured above is not clear.
> 
> I read a rather despairing statement that since DKIM and SPF might not
> be working it is a toss-up whether you have reports being discarded
> because the signature fails or reports being spoofed.
> 
> If this is "state of the art" for email systems then maybe there is
> nothing else to say.
> 
> It struck me, however, that reports are going to be consumed by
> automatic systems. If I get an email where the signature fails, I can
> perform all sorts of human verification of the email and make a
> judgement call on the validity of the email. A software system
> processing reports is less flexible and so more exposed.
> 
> Perhaps the clarity that is needed is the strong hint that "Therefore
> the use of DKIM and/or SPF is RECOMMENDED and it is important to ensure
> that the security infrastructure is working properly."

[Cc'd to the marf list so that they can check my math here]

I'm one of those people that's not a fan of normative language in Security Considerations, so how's this?:

   Perhaps the simplest means of mitigating this threat is to assert
   that these reports should themselves be signed with something like
   DKIM and/or authorized by something like SPF.  Note, however, that if
   there is a problem with the email infrastructure at either end, DKIM
   and/or SPF may result in reports that aren't trusted or even accepted
   by their intended recipients, so it is important to make sure those
   components are properly configured.  Use of both technologies in
   tandem can resolve this concern to agree since they generally have
   disjoint failure modes.

-MSK