Re: [dmarc-ietf] Modeling MLM behavior

Tue, 07 Oct 2014 04:57:55 -0700 

Hi Stephen,
The 2006 DSAP "DKIM Signature Authorization Protocol" draft concentrated on the process boundary conditions (possible values for 1st and 3rd party conditions). Section 4.2 summaries the boundary conditions: 

   http://tools.ietf.org/html/draft-santos-dkim-dsap-00#section-4.2

4.2.  DSAP Tags: op=<signing-policy>; 3p=<signing-policy>;

   From the viewpoint of the verifier, when a message is received, there
   are two basic pieces of signature information to be of interest when
   analyzing the transaction:

   o  Original Party Signatures (OP)

      *  never expected
      *  always expected
      *  optional

   o  3rd Party Signatures (3P)

      *  never expected
      *  always expected
      *  optional

   When the two signature types are combines, the possible policies are
   listed in this following table:

+=================================================================+
| op=         | 3p=        | Domain Policy Semantics              |
|=================================================================|
| empty       | empty      | No mail expected                     |
|-----------------------------------------------------------------|
| never       | never      | No signing expected                  |
| never       | always     | Only 3P signing expected             |
| never       | optional   | Only 3P signing optional             |
|-----------------------------------------------------------------|
| always      | never      | OP signature expected                |
| always      | always     | Both parties expected                |
| always      | optional   | OP expected, 3P may sign             |
|-----------------------------------------------------------------|
| optional    | never      | Only OP signing expected             |
| optional    | always     | OP expected, 3P expected             |
| optional    | optional   | Both parties may sign.               |
+-----------------------------------------------------------------+
             Figure 4: DSAP Message Signing Policies


Section 3.3 basically provided some simple guidelines for a MLS:

   http://tools.ietf.org/html/draft-santos-dkim-dsap-00#section-3.3


The term DMARC can be swapped in the section since its really about a 
general DKIM+POLICY and it doesn't matter if it was SSP, ADSP, DSAP or 
DMARC:


   3.3.  Mailing List Servers

   Mailing List Servers (MLS) applications who are compliant with DKIM
   and DMARC operations, SHOULD adhere to the following guidelines:

   Subscription Controls

      MLS subscription processes should perform a DMARC check to
      determine if a subscribing email domain DMARC policy is restrictive
      in regards to mail integrity changes or 3rd party signatures.  The
      MLS SHOULD only allow original domain policies who allow 3rd party
      signatures.

   Message Content Integrity Change

      List Servers which will alter the message content SHOULD only do
      so for original domains with optional DMARC signing practices and
      it should remove the original signature if present.  If the List
      Server is not going to alter the message, it SHOULD NOT remove the
      signature, if present.



However, the same issues of integrity changes was apparent then as it 
is now. The only way to minimize the impact is to first support it and 
only deal with the optional policies.  In other words, allow the 
YAHOO's to change their policies to FIT a proper end to end protocol 
(that means DMARC MUST offer 3rd party policies) that does include and 
allow the MLS to fit in -- PROPERLY without all this hacking and 
"ignore DMARC" and 5322.From destruction mentality going on that is 
only going to work with selected groups or systems, if that, leaving a 
security hole for the rest of the world to deal with.



Keep in mind that as much as DKIM wishes to separate the AUTHOR from 
the SIGNER domain, it can not.  It is BURNED into the spec as the 
single most important binding requirement -- That means it can't 
change and thats the purpose of this *security* concept.  Breaking it 
and assuming the original domains will allow this to occur 
unchallenged is not a good idea, playing with fire.


Have a good day Stephen

--
Hector Santos
http://www.santronics.com


On 10/6/2014 10:29 PM, Stephen J. Turnbull wrote:

Hector Santos writes:

  > The 2006 DSAP draft section 3.3 Mailing List Servers suggest some
  > simple basic concepts that I believe is near universal.

URL, please.  I never heard of this concept before.  To this MLM
developer, your heavily abbreviated description doesn't make the
utility of the concept clear, but I suppose the original document
explains in more detail.

  > But by 2009, the actual suggested implementation changes were done
  > outside the MLS component.  See my point?

Nope.  Need context.

_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc





_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc





























					Reply via email to