On Wed 02/Dec/2020 03:14:46 +0100 Brandon Long wrote:
On Tue, Dec 1, 2020 at 2:37 AM Alessandro Vesely <ves...@tana.it> wrote:
On Tue 01/Dec/2020 05:56:46 +0100 Brandon Long wrote:
On Thu, Nov 26, 2020 at 12:59 AM Alessandro Vesely <ves...@tana.it> wrote:
On 25/11/2020 20:16, Michael Thomas wrote:
On 11/25/20 11:11 AM, Alessandro Vesely wrote:
On 25/11/2020 19:24, Jesse Thompson wrote:
On 11/25/20 11:30 AM, Alessandro Vesely wrote:
Without resorting to ARC, it is still possible to validate author
domain's signatures directly if the MLM just adds a subject tag
and a footer>>>>>
I agree that ARC isn't really needed to do this (trust the last hop
from the MLM and determine the original authenticity from the MLM's
perspective)>>>>
I didn't mean to trust the MLM. I meant remove the subject tag and
the footer, then the original DKIM signature verifies. See:
https://datatracker.ietf.org/doc/draft-vesely-dmarc-mlm-transform/
When I was at Cisco, with l= and some subject line heuristics I could get
probably like 90+% verification rate across the entire company, a company that
uses external mailing lists a lot. Definitely not 100% though.
DKIM itself is not 100%. You always have lines beginning with "From " or
occasional autoconversions.
l= doesn't cover multipart/alternative nor Content-Transfer-Encoding:
base64. In addition, the DKIM spec discourages its usage and suggests
that "Assessors might wish to ignore signatures that use the tag.">>
Right, some of the other dkim-light or diff concepts we discussed would be
better than using l=
We again got hung up on the 100% solution, though... something that handled
subject-prefix and footer in a transport agnostic way might have worked.
I'm not clear about the meaning of "100%". If an author domain puts no
DKIM signatures, there is no way to verify them. Hence, some compliance of
the author domain has to be required.
The same holds for conditional signatures.
The same holds for MLM transformations.
Yes, by 100% I meant of messages that were already authenticated and
therefore should continue to be authenticated through the relay.
That's ARC. If a message lacks DKIM and was SPF-authenticated, there's no way
it can continue to be authenticated through a relay.
OTOH, mailing lists and relays are two different beasts. For one thing, it is
very unusual for a mailing list to send to another mailing list. Thus, we can
safely specify a non-stackable authentication method.
Some of the conditional signatures of the "include a diff you can remove to
validate the original" attempt seemed to fail on the theory that there were
too many things that couldn't be handled. Ie, if your relay removes
attachments, including them back in a diff kind of breaks the whole point of
that... but how common is that (even less now with Yahoo Groups gone, but
possibly still some av/malware relays still do this).
Not to mention anonymous lists, which remove the OP identity completely. They
are DMARC-proof by themselves, with no additional twists. My draft restricts
footers to text/plain MIME type, to overcome the objection to l=. Hence, if a
list appends HTML parts (e.g. to use <hr>), it doesn't qualify as DMARC-proof.
I think that one issue we've had is that DMARC is very mechanical and
straight-forward, so anything that's fuzzy in response seems more
complicated.
It may seem fuzzy, but it's not. The ietf list (i...@ietf.org), for example,
adds no subject tag and no footer. DKIM signatures should remain valid, then.
Yet, if posters sign Sender:, they fail. I wouldn't call that fuzziness. It
is the very nature of the spec. If you sign Received:, no relay can hold your
signature over.
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
