On Fri 04/Dec/2020 23:45:47 +0100 Brandon Long wrote:
On Wed, Dec 2, 2020 at 3:11 AM Alessandro Vesely <ves...@tana.it> wrote:
On Wed 02/Dec/2020 03:14:46 +0100 Brandon Long wrote:
On Tue, Dec 1, 2020 at 2:37 AM Alessandro Vesely <ves...@tana.it> wrote:
On Tue 01/Dec/2020 05:56:46 +0100 Brandon Long wrote:
On Thu, Nov 26, 2020 at 12:59 AM Alessandro Vesely <ves...@tana.it> wrote:
On 25/11/2020 20:16, Michael Thomas wrote:
On 11/25/20 11:11 AM, Alessandro Vesely wrote:
On 25/11/2020 19:24, Jesse Thompson wrote:
On 11/25/20 11:30 AM, Alessandro Vesely wrote:
Without resorting to ARC, it is still possible to validate
author domain's signatures directly if the MLM just adds a
subject tag and a footer >>>>>>>>>
I agree that ARC isn't really needed to do this (trust the
last hop from the MLM and determine the original
authenticity from the MLM's perspective) >>>>>>>>
I didn't mean to trust the MLM. I meant remove the subject
tag and the footer, then the original DKIM signature verifies.
See:
https://datatracker.ietf.org/doc/draft-vesely-dmarc-mlm-transform/ >>>>>>>
When I was at Cisco, with l= and some subject line heuristics I
could get probably like 90+% verification rate across the entire
company, a company that uses external mailing lists a lot.
Definitely not 100% though. >>>>>>
DKIM itself is not 100%. You always have lines beginning with
"From " or occasional autoconversions. >>>>>>
l= doesn't cover multipart/alternative nor
Content-Transfer-Encoding: base64. In addition, the DKIM spec
discourages its usage and suggests that "Assessors might wish to
ignore signatures that use the tag." >>>>>
Right, some of the other dkim-light or diff concepts we discussed
would be better than using l= >>>>>
We again got hung up on the 100% solution, though... something that
handled subject-prefix and footer in a transport agnostic way might
have worked. >>>>
I'm not clear about the meaning of "100%". If an author domain puts
no DKIM signatures, there is no way to verify them. Hence, some
compliance of the author domain has to be required. >>>>
The same holds for conditional signatures.
The same holds for MLM transformations.
Yes, by 100% I meant of messages that were already authenticated and
therefore should continue to be authenticated through the relay. >>
That's ARC. If a message lacks DKIM and was SPF-authenticated, there's
no way it can continue to be authenticated through a relay. >>
OTOH, mailing lists and relays are two different beasts. For one thing,
it is very unusual for a mailing list to send to another mailing list.
Thus, we can safely specify a non-stackable authentication method. >
mailing list to mailing list mail is very common in GSuite, but maybe we're
a special case. Part of that was that aliases were moved to the mailing
list infra (which is definitely more of an "our problem" than everyone), but
we also see common usage where companies make groups matching their
hierarchy (the all company group goes to all department groups which go to
all local groups etc). We also see some where announce groups mix contrib
groups, etc. Especially since we also use the same groups as ACL groups for
GSuite and Google Cloud, so hierarchical groups are very common.
I'm not familiar with that feature. How does a list get subscribed to another
list?
In general, a list accepts messages from subscribed users, so if dmarc-ietf
distributed this message to another list which I'm not a subscriber of, it
would not pass. (From: rewriting changes that behavior. For example, one
could subscribe to a list which routinely rewrites From: on behalf of this
list, dmarc-ietf. If the former list traffic is very high, that subscribing
could be a sort of DoS attack to us.)
(there was a recent common where someone said who needs an org chart when
we have email, showing the list of footers for all of the org level mailing
lists the message went to to get to them)
The mlm-transform draft (referenced above) limits footers to 10 lines of text,
each shorter than 80 characters. If the hierarchy is not deeper than 10, the
chart can fit within a single footer. Note that every added line breaks all
previous signatures. However, only the author domain's signature is worth
being recovered, as far as MLM transformations are concerned. ARC can still
certify the whole chain.
The 10 lines limit is arbitrary. It is meant to avoid that recipients mistake
the footer for the main part of the message.
(one construction of hierarchical announce lists that was not well
considered did result in every person on the combined list getting 9000
copies of messages to the list, so flattening lists is sometimes much
preferred) >
Which isn't to say we couldn't work around it or do the work to flatten the
lists, though it increases the complexity of the product (can you
unsubscribe from the top level list but not a sub list?)
I guess some coordination among sublists is required anyway.
To recognize that a message arrives from a sublist, and hence mangle the
existing footer instead of adding a new one, is certainly an added complexity.
Maybe, the number of lists in such condition is low enough to let MLM
transformation reversion still worth being deployed?
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
