I assume this was the one that you wanted my clarification on? On Wed, 3 Jan 2018, at 12:56, Kurt Andersen (b) wrote: > On Wed, Jan 3, 2018 at 12:39 AM, Bron Gondwana > <[email protected]> wrote:>> __ >> >> On Wed, 3 Jan 2018, at 04:34, Kurt Andersen (b) wrote: >>> As I went through the edits for >>> https://tools.ietf.org/html/draft-ietf-dmarc-arc-protocol-10#section-5.2.1 >>> I was unable to understand the value added by having the "arc.closest- >>> fail" listed in the AAR.>> >> Without a closest-fail from each step, or a similar way to determine >> changes, information about abuses gets lost along the chain, and the >> final receiver can't tell who modified the message along the way.> > So, if we have a message that goes through four mailing lists before > final delivery, each of which modify the subject and everyone is > "doing the right thing" (I know that's not exactly an abuse scenario), > we would expect:> > * ARC 1: cv=none, closest-fail=0 > * ARC 2: cv=pass, closest-fail=0 > * ARC 3: cv=pass, closest-fail=1 > * ARC 4: cv=pass, closest-fail=2 > * final recipient ADMD ARC verifier would find cv=pass and evaluate > closest-fail at 3> > Is that what you have in mind?
Well, closest-fail on ARC 1 is meaningless. But yes - each AMS only holds for its own message here, which means ARC 1's AMS was valid to 2, but not 3 or 4. ARC 2's AMS was only valid to 3, not 4. Etc. This is the boring case, because we don't need closest-fail then. More interesting is if ARC 2 and ARC 3 DIDN'T change the Subject, because then we would have: * ARC 1: cv=none, closest-fail=0 * ARC 2: cv=pass, closest-fail=0 * ARC 3: cv=pass, closest-fail=0 * ARC 4: cv=pass, closest-fail=0 * final recipient ADMD ARC verifier would find cv=pass and evaluate closest-fail at 3 But let's rewrite it as oldest-pass, because that's clearer. Your case: * ARC 1: cv=none, ams.oldest-pass=0 * ARC 2: cv=pass, ams.oldest-pass=1 * ARC 3: cv=pass, ams.oldest-pass=2 * ARC 4: cv=pass, ams.oldest-pass=3 * final recipient ADMD ARC verifier would find cv=pass and evaluate ams.oldest- pass as 4. And my case where 2 and 3 didn't change anything: * ARC 1: cv=none, ams.oldest-pass=0 * ARC 2: cv=pass, ams.oldest-pass=1 * ARC 3: cv=pass, ams.oldest-pass=1 * ARC 4: cv=pass, ams.oldest-pass=1 * final recipient ADMD ARC verifier would find cv=pass and evaluate ams.oldest- pass as 4. >From which the final recipient can also see that, if they trust ARC 4 not to lie, neither ARC 2 or ARC 3 changed anything which was covered by ARC 1's AMS. There is no need to trust either ARC 2 or ARC 3's signatures in my example, which is the point here. Even if ARC 2 or ARC 3 are not yet known or trusted, you can tell that they didn't modify this particular message. Bron. -- Bron Gondwana, CEO, FastMail Pty Ltd [email protected]
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
