On Sat, 12 Aug 2017, at 10:16, Kurt Andersen (b) wrote:
> On Fri, Aug 11, 2017 at 4:54 PM, Bron Gondwana
> <br...@fastmailteam.com> wrote:>> __
>> . . . it's a bad idea to sign if you're not modifying, because then
>>   everybody has to trust you or their chain breaks, even though you
>>   didn't do anything which required signing.> 
> <elided> 

I would like to address this point, but maybe we should have a separate
thread for it?  I would strongly argue that sites not changing the
message SHOULD NOT add ARC headers.  I spelled out the reasons in my
initial posting on this thread.
>> In state #1, you don't need a chain of ARC Seal.  You just need each
>> site to sign their own AAR and each AAR to include "arc=pass" for the
>> previous AMS.  You trust the sites, so you trust them to verify the
>> ARC status on ingress.> 
> In the current layout, "signing [the] AAR" is done via the AS. We
> wanted to keep the AAR as close to the A-R header as we could to
> maximize leverage of previous definitions rather than inventing an
> entirely new one. Initially, we had intended the AMS to sign over the
> AAR, but people objected to signing the AAR within both the AMS and
> AS scopes.
I can understand that.  I would fix it by not having AS scopes rather
than removing AAR from AMS.
> <elided> 
>> And this is the crux of our disagreement.  Seth thinks it's necessary
>> to do more than signing a statement that you believed the message was
>> authenticated when you got it, in a way that the next hop can verify
>> your signature over your own Authentication Results plus the content
>> of the message.  I disagree.> 
>  One could replace the AMS with an "egress DKIM" signature, but then
>  you would still have to decide what to do about alignment on this new
>  DKIM signature. That's why we built the AMS - to avoid the question
>  of alignment and have the ARCset as a self-contained "package".
Yes - calling it something different from DKIM-Signature is good, so
that nobody tries to check alignment with the "From:" domain.
But I don't see any reason to replace AMS - it does what's needed (apart
from not signing the AAR).  It's AS that bothers me.
> I see the point that you are driving at regarding the claim of
> "forgery", but I don't consider that any more or less of a forgery
> than what the IETF mailman will do to this message en route to the
> recipients. Mailman changes the headers (Subject) and body. Seems like
> that's about what you've done in the sample message...but at least you
> took responsibility for doing so with ARCset[7] (or someone with the
> private key for brong.net ;-) ).
It's true, anybody at FastMail could have done that.  At least anybody
with production access to our DKIM keys database :)
The point with forgery is that "a chain of unbroken ARC-Seals" is
meaningless, because they're not protecting anything.

  Bron Gondwana, CEO, FastMail Pty Ltd

dmarc mailing list

Reply via email to