On 12/4/20 3:27 PM, Brandon Long wrote:
I'm pretty sure I explained what the X-Google-DKIM-Signature was in
this or related threads. It was
part of the original attempt at ARC, which was
X-Original-Authentication-Results. Adding just
an XOAR header was not sufficient, we had to have reason to trust it,
so we added the signature.
We didn't re-use the existing DKIM-Signature header name because that
header was already used
by DMARC and had a bunch of other uses that we didn't want to use.
DKIM doesn't have to be from the originating domain, and if you look at
my mail headers in this message, you will see there is no originating
domain signature because I changed over to gsuite last year. DMARC would
just ignore all of those non-From domain signatures. I don't see the
problem here.
I don't understand what you mean about "trust". I thought the entire
point of ARC was to deliver the intermediary's auth-res for
consideration to the next hop(s). that could be done with XOAR and DKIM.
If you don't agree, I would appreciate a step-by-step why that is not
the case because I'm just not seeing it.
And if X-Google is legacy, why is it still in your email headers? I have
to say that when I came upon all of this it was definitely a wtf moment.
I imagine that other people less familiar will look at it and have a
FOMO moment.
So yes, that's a way to work around some of the issues if we wanted to
pursue the DKIM+A-R,
just have everyone sign with a different domain that you don't use for
mail. That seems heavier
weight to me, but that would be a single-hop solution. I think we did
discuss this in the early meetings
and found the ARC proposal provided more (multi-hop) and less
complicated (no new domains). There's
also a phishing design challenge when picking a domain to represent
you in a limited way.
The original intent was for mailing lists to always DKIM-resign with the
domain of the mailing list. I expect that that happens today (and if
they don't, ARC is not likely to be adopted either). So that can't
possibly be heavier than adding two new signatures on top of that, since
mailing lists would still have to apply the resigned DKIM signature.
Mike
Brandon
On Wed, Dec 2, 2020 at 6:58 PM Michael Thomas <m...@mtcc.com
<mailto:m...@mtcc.com>> wrote:
if you're trying to make a point about the bloat, you might
actually get
your facts straight. ARC adds an additional DKIM signature and a
Seal. i
have no idea what a X-Google-DKIM-Signature is and is not relevant.
Mike
On 12/2/20 6:55 PM, John R. Levine wrote:
>> PS: you're adding X-Google-DKIM-Signature which nobody knows
what its
>> utility is to your bloat total for dramatic effect.
>
> Um, it was there when your message arrived here. Complain to your
> mail provider.
>
>> On 12/2/20 6:33 PM, John R Levine wrote:
>>> On Wed, 2 Dec 2020, Michael Thomas wrote:
>>>>> But why bother? The IANA header field registry currently
has 419
>>>>> entries. Why is it a crisis if it increases to 422 rather
than 420?
>>>>
>>>> It does a lot more than that:
>>>
>>> We've been through this all before and none of these are
>>> persuasive. For
>>> example:
>>>
>>>> 3) It adds a lot more bloat to the headers
>>>
>>> The message you just sent arrived with 4600 bytes of header (see
>>> below) and under 2K of text. Copies that went through the dmarc
>>> mailing list probably had at least another 1K of header.
>>>
>>> If header bloat were ever an issue, it hasn't been for decades.
>>>
>>> R's,
>>> John
>>> ---- snip ---
>>> Return-Path: <m...@fresheez.com <mailto:m...@fresheez.com>>
>>> X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
gal.iecc.com <http://gal.iecc.com>
>>> X-Spam-Level: X-Spam-Status: No, score=-1.5 required=4.4
>>> tests=BAYES_00,DCC_REPUT_00_12,
>>> DKIM_SIGNED,DKIM_VALID,NICE_REPLY_A,RDNS_NONE,SPF_HELO_NONE
>>> autolearn=no autolearn_force=no version=3.4.4
>>> Delivered-To: jo...@iecc.com <mailto:jo...@iecc.com>
>>> Received: (qmail 70731 invoked by uid 1014); 2 Dec 2020
23:30:07 -0000
>>> Delivered-To: virtual-taugh-jo...@taugh.com
<mailto:virtual-taugh-jo...@taugh.com>
>>> Received: (qmail 70729 invoked from network); 2 Dec 2020
23:30:07 -0000
>>> Authentication-Results: iecc.com <http://iecc.com>; spf=pass
>>> spf.mailfrom=m...@fresheez.com <mailto:m...@fresheez.com>
spf.helo=mail-pl1-x62a.google.com <http://mail-pl1-x62a.google.com>
>>> smtp.remote-ip="2607:f8b0:4864:20::62a"; dkim=pass
>>> header.d=mtcc-com.20150623.gappssmtp.com
<http://mtcc-com.20150623.gappssmtp.com> header.s=20150623
>>> header.a=rsa-sha256 header.b="vvoZ+Loe"
>>> Received: from mail-pl1-x62a.google.com
<http://mail-pl1-x62a.google.com> ([IPV6:2607:f8b0:4864:20::62a])
>>> by mail1.iecc.com <http://mail1.iecc.com>
([IPV6:2001:470:1f07:1126:33:5370:616d:6d31])
>>> with ESMTPS via TCP6 (port 38853/25) id 665297367
>>> tls TLS1.3_ECDHE_RSA_AES_128_GCM_AEAD sni mx1.taugh.com
<http://mx1.taugh.com>; 02 Dec
>>> 2020 23:30:06 -0000
>>> Received: by mail-pl1-x62a.google.com
<http://mail-pl1-x62a.google.com> with SMTP id 4so91499plk.5
>>> for <jo...@taugh.com <mailto:jo...@taugh.com>>; Wed,
02 Dec 2020 15:30:05 -0800 (PST)
>>> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
>>> d=mtcc-com.20150623.gappssmtp.com
<http://mtcc-com.20150623.gappssmtp.com>; s=20150623;
>>> h=subject:to:cc:references:from:message-id:date:user-agent
>>>
:mime-version:in-reply-to:content-transfer-encoding:content-language;
>>> bh=frJndGBg4PljdPRXFB1KqYuhqqDFqbuyeJjhznmBtNo=;
>>>
b=vvoZ+Loew2ueICysZfzHi5UwJ3jXLN5dX+kyHN3HI91ZMJWMq7cym6dw1XQ9zaHvar
>>>
KWobHhYgPlIURrzw5+sM1lArZM0+S8zElTI9oJicfts5VpsuYtc3kGzpFO58DlGQMzji
>>>
+Bshah0JzXltImvCLjzUhHXHOLYvfA/Hk9lwY5XD904cTcBo4UfTKvenfFv3yLyBc4k3
>>>
l61UDIWK7HRcdixAnDYx7zJLZaO3qcbPOwkG48uqCoMDIJVhcBndL82W/JflTPy4EB9S
>>>
VydV+ABOODKddInyT2i5+/cTXS1B66NWYHF/Auh1UqRkxB/+H5T//oXYkKWqXolceqkS
>>> Y3Nw==
>>> X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
>>> d=1e100.net <http://1e100.net>; s=20161025;
>>> h=x-gm-message-state:subject:to:cc:references:from:message-id:date
>>> :user-agent:mime-version:in-reply-to:content-transfer-encoding
>>> :content-language;
>>> bh=frJndGBg4PljdPRXFB1KqYuhqqDFqbuyeJjhznmBtNo=;
>>>
b=EiCvgdUtIHSRQXtcFgoSdo/YgcWiu1mxFOdlQ/tDw8nd2ipjfcUBNlRSW9ygClV9vu
>>>
TBZpT6xrU/F0xLA6fq9Tt51Z4S1VSgDSOCt1Ut8+oLzyBXkDCjQ3j8rByKqPkRvivOap
>>>
82rO+tMd5J/4SMAAPGmJ28WAq+E7J4EJknvVu1LUOEiTERnAbmT9ZK/eTEKPjQGx0msa
>>>
GMCKzawKzSfLMvOIqaKoPUmxPyrtEnEUizEPer7/aXZ0pXrUTHQ82984GTYqSdKDoYIS
>>>
T+59dBxbPY9KwT33oih+1slVUSLBEbzUigK3wj4yA/71KTvr76KCUEaU8cYI6/TYcszz
>>> 2CWA==
>>> X-Gm-Message-State:
>>> AOAM530XUwEgBdQ2e02rPshm7iyXROuyhTJeAndRJAFtQO8oX1JUEgsD
>>> chdQCnyR1XB3fAEw5oIqGysS4Q==
>>> X-Google-Smtp-Source:
>>>
ABdhPJzQUtiWyUp4dVxdii6hT+h4YBukyVaoJ5846n5Di6IUaEwxKrufF/3Atxm7lejww+dr4k5xIw==
>>> X-Received: by 2002:a17:90a:c4f:: with SMTP id
>>> u15mr287214pje.177.1606951804840;
>>> Wed, 02 Dec 2020 15:30:04 -0800 (PST)
>>> Return-Path: <m...@fresheez.com <mailto:m...@fresheez.com>>
>>> Received: from mike-mac.lan (107-182-42-33.volcanocom.com
<http://107-182-42-33.volcanocom.com>.
>>> [107.182.42.33])
>>> by smtp.gmail.com <http://smtp.gmail.com> with ESMTPSA id
>>> x7sm158495pfn.85.2020.12.02.15.30.03
>>> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256
bits=128/128);
>>> Wed, 02 Dec 2020 15:30:04 -0800 (PST)
>>> Subject: Re: [dmarc-ietf] ARC questions
>>> To: John R Levine <jo...@taugh.com <mailto:jo...@taugh.com>>,
Brandon Long <bl...@google.com <mailto:bl...@google.com>>
>>> Cc: IETF DMARC WG <dmarc@ietf.org <mailto:dmarc@ietf.org>>
>>> References: <20201124020453.afdc027ce...@ary.qy>
>>> <cd855b53-d9bd-3412-3bd5-dc4b7720d...@mtcc.com
<mailto:cd855b53-d9bd-3412-3bd5-dc4b7720d...@mtcc.com>>
>>>
<caba8r6s0bfs87fu9eoq_r3wh1pngauvxrw3rspe9iwwctf3...@mail.gmail.com
<mailto:caba8r6s0bfs87fu9eoq_r3wh1pngauvxrw3rspe9iwwctf3...@mail.gmail.com>>
>>> <c954eadd-5c85-c0d9-2168-8a42de506...@mtcc.com
<mailto:c954eadd-5c85-c0d9-2168-8a42de506...@mtcc.com>>
>>>
<CABa8R6swzAQLPU=xe2tr1w0j5r+w80bsyu87_ubmwhaumgm...@mail.gmail.com
<mailto:xe2tr1w0j5r%2bw80bsyu87_ubmwhaumgm...@mail.gmail.com>>
>>> <1eed8278-4efa-4abc-15e0-2efcf014e...@mtcc.com
<mailto:1eed8278-4efa-4abc-15e0-2efcf014e...@mtcc.com>>
>>>
<CABa8R6sEk+dHwHjBCKDgcmeT_Z3FymC5+jzy-GGa=7gjyvo...@mail.gmail.com
<mailto:7gjyvo...@mail.gmail.com>>
>>> <446d491b-100a-9813-6463-2294f67bb...@mtcc.com
<mailto:446d491b-100a-9813-6463-2294f67bb...@mtcc.com>>
>>> <aafa5e78-aff9-8076-b76f-62f5b3a13...@taugh.com
<mailto:aafa5e78-aff9-8076-b76f-62f5b3a13...@taugh.com>>
>>> <4190de2d-9f17-06d5-6354-30c989eec...@mtcc.com
<mailto:4190de2d-9f17-06d5-6354-30c989eec...@mtcc.com>>
>>> <17d886fd-49fd-28d8-f8e4-7caf2e859...@taugh.com
<mailto:17d886fd-49fd-28d8-f8e4-7caf2e859...@taugh.com>>
>>> <f785884b-2a3d-a6fe-6bb6-ee792d23f...@mtcc.com
<mailto:f785884b-2a3d-a6fe-6bb6-ee792d23f...@mtcc.com>>
>>> <d5e9dbe-7d83-d3b1-2aa9-3e3562d3...@taugh.com
<mailto:d5e9dbe-7d83-d3b1-2aa9-3e3562d3...@taugh.com>>
>>> From: Michael Thomas <m...@mtcc.com <mailto:m...@mtcc.com>>
>>> Message-ID: <8bc3c7ad-2a42-3eed-524c-8c50b1613...@mtcc.com
<mailto:8bc3c7ad-2a42-3eed-524c-8c50b1613...@mtcc.com>>
>>> Date: Wed, 2 Dec 2020 15:30:01 -0800
>>> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0)
>>> Gecko/20100101 Thunderbird/78.5.0
>>> MIME-Version: 1.0
>>> In-Reply-To: <d5e9dbe-7d83-d3b1-2aa9-3e3562d3...@taugh.com
<mailto:d5e9dbe-7d83-d3b1-2aa9-3e3562d3...@taugh.com>>
>>> Content-Type: text/plain; charset=utf-8; format=flowed
>>> Content-Transfer-Encoding: 8bit
>>> Content-Language: en-US
>>
>>
>
> Regards,
> John Levine, jo...@taugh.com <mailto:jo...@taugh.com>, Primary
Perpetrator of "The Internet for
> Dummies",
> Please consider the environment before reading this e-mail.
https://jl.ly <https://jl.ly>
_______________________________________________
dmarc mailing list
dmarc@ietf.org <mailto:dmarc@ietf.org>
https://www.ietf.org/mailman/listinfo/dmarc
<https://www.ietf.org/mailman/listinfo/dmarc>
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc