headers
Laura Atkins | 17 Jun 2013 23:36
Favicon

Weird i= in client mail

I am in the process of reviewing the technical setup of a client installation. This client is using the VERP
string (Return Path / Envelope From) in the i= of their DKIM signature.

The signature looks like this:

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=ci; d=inbox.example.com;
	i=verpprefix-laura=2dinterdirect=40wordtothewise.com-2979-83348823-24644-bounce <at> inbox.example.com;
	h=content-type:mime-version:subject:list-unsubscribe:reply-to:to:from:date:message-id;
	bh=HbLebYQFYQmYej07DLVID9lCjc8=;

Based on my understanding of DKIM, this isn't necessarily violating the DKIM spec, but it does seem to be not
the right thing to use for the i= value

I'm thinking my client should stop doing this, just because it really seems wrong but I have no
justification for recommending that other than "that can't be right." 

I haven't been able to find anything that discusses the intention behind the i=. I expect they chose this i=
because that's the envelope from, but the i= is suppose to be a person, not a mechanical address, correct?

I'd appreciate any guidance on where to go to research this. Or if anyone can give me some help in
understanding this enough to tell my client to stop. 

laura 

--

-- 
Laura Atkins
Word to the Wise			"The Deliverability Experts!"
Direct: 650 678-3454		Fax: 650 249-1909
AIM: wttwlaura			YIM: wttw_laura
Delivery blog: <http://blog.wordtothewise.com/>
(Continue reading)

Permalink | Reply | 17 comments |
headers
Sean Turner | 24 May 2013 19:43

Sean Turner's Yes on status-change-dkim-to-internetstandard-03: (with COMMENT)

Sean Turner has entered the following ballot position for
status-change-dkim-to-internetstandard-03: Yes

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)

----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

This stuff is everywhere!
Permalink | Reply | 0 comments |
headers
Stephen Farrell | 13 May 2013 03:41
Picon
Picon

Stephen Farrell's Yes on status-change-dkim-to-internetstandard-03: (with COMMENT)

Stephen Farrell has entered the following ballot position for
status-change-dkim-to-internetstandard-03: Yes

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)

----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

As a former co-chair of the DKIM wg, but never having been a
real axe-grinder, I think this transition is entirely fine and is a good
plan if we believe in standards-track progression.

And BTW, DKIM deployment got as far as tcd.ie - that really does
mean that this signing mechanism has become near universal. I'm
not at all clear that the corresponding verification mechanism is
as widely deplloyed, but that's ok.
Permalink | Reply | 0 comments |
headers
Franck Martin | 8 May 2013 03:21
Picon
Favicon

Support for DKIM to become an Internet Standard

It is time for DKIM to become an Internet Standard, it has wide adoption and it is time to be able to build upon
it with protocols like DMARC or to improve the usage of DKIM with BCP for key strength and key rotation.
DMARC reporting has helped fix some bugs in different implementations making it even more reliable. DKIM
operations are not anymore resource intensive for a MTA (in comparison to other operations). Finally as
an Internet Standard this may encourage some MTA implementations to not break DKIM when simply
forwarding emails.
Permalink | Reply | 0 comments |
headers
Murray S. Kucherawy | 1 Apr 2013 07:26
Picon

DMARC working group charter proposal

At the IETF meeting in Atlanta, Tim Draegen presented a proposal for DMARC, which is an email authentication and reporting layer atop SPF and DKIM.  The externally-developed proposal is now in widespread deployment by a number of large-scale providers.  The group that developed it is seeking to bring it to the IETF for further development and broad review, and development of operational guidance.

A first draft of a charter can be found linked from http://wiki.tools.ietf.org/wg/appsawg/trac/wiki.

There is a dmarc <at> ietf.org list available for discussing the technical contents of the work and also this draft charter.  Please follow up there with any charter contents so we don't innundate this list with that discussion.  To subscribe to that list:

https://www.ietf.org/mailman/listinfo/dmarc

-MSK
<div><div dir="ltr">
<div>
<div>
<div>At the IETF meeting in Atlanta, Tim Draegen presented a 
proposal for DMARC, which is an email authentication and reporting layer
 atop SPF and DKIM.&nbsp; The externally-developed proposal is now in 
widespread deployment by a number of large-scale providers.&nbsp; The group 
that developed it is seeking to bring it to the IETF for further 
development and broad review, and development of operational guidance.<br><br>
</div>A first draft of a charter can be found linked from <a href="http://wiki.tools.ietf.org/wg/appsawg/trac/wiki">http://wiki.tools.ietf.org/wg/appsawg/trac/wiki</a>.<br><br>
</div>There
 is a <a href="mailto:dmarc <at> ietf.org">dmarc <at> ietf.org</a> list available for discussing the technical 
contents of the work and also this draft charter.&nbsp; Please follow up 
there with any charter contents so we don't innundate this list with 
that discussion.&nbsp; To subscribe to that list:<br><br><a href="https://www.ietf.org/mailman/listinfo/dmarc">https://www.ietf.org/mailman/listinfo/dmarc</a><br><br>
</div>-MSK</div></div>
Permalink | Reply | 0 comments |
headers
Murray S. Kucherawy | 22 Mar 2013 17:54
Picon

Authentication-Results

Colleagues,

(with apologies for the cross-posting if you get more than one copy of this)

As you may have seen already, I'm working on a revision to RFC5451.

A Proposed Standard "bis" effort always benefits from describing extant implementations.  I know about the ones I've written, and about some very public uses of it (Gmail, Yahoo, for example).  If there's anyone in this audience that knows of others, I'd love to hear about it.

Reviews of the update are also welcome:

https://datatracker.ietf.org/doc/draft-kucherawy-rfc5451bis/

Thanks,
-MSK
<div><div dir="ltr">
<div>
<div>
<div>
<div>Colleagues,<br><br>
</div>
<div>(with apologies for the cross-posting if you get more than one copy of this)<br><br>
</div>
<div>As
 you may have seen already, I'm working on a revision to RFC5451.<br>
</div>
<br>
</div>A 
Proposed Standard "bis" effort always benefits from describing extant 
implementations.&nbsp; I know about the ones I've written, and about some 
very public uses of it (Gmail, Yahoo, for example).&nbsp; If there's anyone 
in this audience that knows of others, I'd love to hear about it.<br>
</div>
<br>Reviews of the update are also welcome:<br><br><a href="https://datatracker.ietf.org/doc/draft-kucherawy-rfc5451bis/">https://datatracker.ietf.org/doc/draft-kucherawy-rfc5451bis/</a><br><br>Thanks,<br>
</div>-MSK<br>
</div></div>
Permalink | Reply | 1 comment |
headers
Murray S. Kucherawy | 26 Jul 2012 23:32
Picon

Re: The good ol' "t=" tag in key records

On Wed, Jul 25, 2012 at 10:42 PM, Roland Turner <roland.turner <at> trustsphere.com> wrote:

This appears to be the inverse of the use case that was originally put forward ("we're concerned that we're signing rubbish, please disregard signatures made with this selector"); the very case that you're arguing should be sustained despite t=y (considering negative reputation gained because rubbish is being signed) is exactly the one the ignoring of which started this discussion, no?

Pretty much.
 

I wonder whether it would make more sense to view t=y as a holdover from DomainKeys and its o=-; that the need for a "testing mode" in fact only arose from the need to be able to tread carefully around making a "we want some (presumably fraudulent) mail with our name on it blocked" assertion. If this view prevails then t=y is merely a vestige that should have been removed when o= was punted to SSP/ASP/ADSP.

I'd suggest that the opportunity to remove the (small) complexity represented by a feature that's not solving a useful problem (and has to some extent been superseded by DMARC: "if you're not yet confident then stay at p=none") is worth taking.

We could, if we ever want to change DKIM again.  It sounds like Barry's approach to register a new "t=" value, or a new tag altogether, is a viable path forward until someone decides to take up the reins and push DKIM to Internet Standard status.

-MSK 

<div>
<p>On Wed, Jul 25, 2012 at 10:42 PM, Roland Turner <span dir="ltr">&lt;<a href="mailto:roland.turner <at> trustsphere.com" target="_blank">roland.turner <at> trustsphere.com</a>&gt;</span> wrote:<br></p>
<div class="gmail_quote">
<blockquote class="gmail_quote">

  

  
  <div bgcolor="#FFFFFF" text="#000000">This appears to be the inverse of the use case that was originally
      put forward ("we're concerned that we're signing rubbish, please
      disregard signatures made with this selector"); the very case that
      you're arguing should be sustained despite t=y (considering
      negative reputation gained because rubbish is being signed) is
      exactly the one the ignoring of which started this discussion, no?<br>
</div>
</blockquote>
<div>
<br>Pretty much.<br>&nbsp;<br>
</div>
<blockquote class="gmail_quote">
<div bgcolor="#FFFFFF" text="#000000">
      <br>
      I wonder whether it would make more sense to view t=y as a
      holdover from DomainKeys and its o=-; that the need for a "testing
      mode" in fact only arose from the need to be able to tread
      carefully around making a "we want some (presumably fraudulent)
      mail with our name on it blocked" assertion. If this view prevails
      then t=y is merely a vestige that should have been removed when o=
      was punted to SSP/ASP/ADSP.<br><br>
      I'd suggest that the opportunity to remove the (small) complexity
      represented by a feature that's not solving a useful problem (and
      has to some extent been superseded by DMARC: "if you're not yet
      confident then stay at p=none") is worth taking.<span class="HOEnZb"><br><br></span>
</div>
</blockquote>
<div>
<br>We could, if we ever want to change DKIM again.&nbsp; It sounds like Barry's approach to register a new "t=" value, or a new tag altogether, is a viable path forward until someone decides to take up the reins and push DKIM to Internet Standard status.<br><br>-MSK <br>
</div>
</div>
<br>
</div>
Permalink | Reply | 0 comments |
headers
Murray S. Kucherawy | 23 Jul 2012 15:41
Picon

Re: The good ol' "t=" tag in key records

On Mon, Jul 23, 2012 at 6:26 AM, Richard Dawe <rich.dawe <at> messagesystems.com> wrote:


Do you think that DMARC provides a better way of testing your DKIM
signatures than DKIM's t=y? E.g.: "p=none" DMARC policy.



I don't understand what you're after here.  How would a mail receiver apply "p=none" as different from handling a bad signature?  In both cases, delivery is supposed to be unaffected.

-MSK

<div>
<p>On Mon, Jul 23, 2012 at 6:26 AM, Richard Dawe <span dir="ltr">&lt;<a href="mailto:rich.dawe <at> messagesystems.com" target="_blank">rich.dawe <at> messagesystems.com</a>&gt;</span> wrote:<br></p>
<div class="gmail_quote">
<blockquote class="gmail_quote">
<br>
Do you think that DMARC provides a better way of testing your DKIM<br>
signatures than DKIM's t=y? E.g.: "p=none" DMARC policy.<br><br><br>
</blockquote>
<div>
<br>I don't understand what you're after here.&nbsp; How would a mail receiver apply "p=none" as different from handling a bad signature?&nbsp; In both cases, delivery is supposed to be unaffected.<br><br>-MSK<br>
</div>
</div>
<br>
</div>
Permalink | Reply | 0 comments |
headers
Murray S. Kucherawy | 22 Jul 2012 06:50
Picon

The good ol' "t=" tag in key records

And you thought this list was dead.

I was asked to consult recently on some DKIM questions raised by a customer of a former employer.  The questions involved the meaning of "t=" in DKIM keys and the text in RFC6376.  The focus of this tag has always been, to the best of my recollection, the notion that "We're only testing DKIM, so please don't punish this mail if the signature fails to verify."  We nearly deleted this during the Draft Standard update because that's effectively the same advice we give to failed signatures in general, making "t=y" pretty much meaningless.  The only interesting thing we say about it now is that if a verifier wants to be extra helpful, it could collect extra information about failed signatures referencing "t=y" keys to help the signer figure out what went wrong.

That customer brought up an interesting point.  "t=y" could also be useful for messages whose signatures do verify.  Specifically, it could be used by a signer to say "It's possible this message shouldn't have been signed by us.  Please don't give it any preferential treatment based on our name's reputation if the signature verifies, which could then tarnish our reputation."  Unlike the verification failure case, I don't think this has any practical use by an attacker because it's explicitly declining any special positive treatment.  That means it's actually useful in the success case.

Any comments about this?  I talked to Dave last week as we happened to be at the same event, and he thought this warranted a new erratum against RFC6376.

I've opened a ticket to arrange that "t=y" suppresses any positive impact domain reputation has in the next version of OpenDKIM, as an experiment.

-MSK

<div><p>And you thought this list was dead.<br><br>I was asked to consult recently on some DKIM questions raised by a customer of a former employer.&nbsp; The questions involved the meaning of "t=" in DKIM keys and the text in RFC6376.&nbsp; The focus of this tag has always been, to the best of my recollection, the notion that "We're only testing DKIM, so please don't punish this mail if the signature fails to verify."&nbsp; We nearly deleted this during the Draft Standard update because that's effectively the same advice we give to failed signatures in general, making "t=y" pretty much meaningless.&nbsp; The only interesting thing we say about it now is that if a verifier wants to be extra helpful, it could collect extra information about failed signatures referencing "t=y" keys to help the signer figure out what went wrong.<br><br>That customer brought up an interesting point.&nbsp; "t=y" could also be useful for messages whose signatures do verify.&nbsp; Specifically, it could be used by a signer to say "It's possible this message shouldn't have been signed by us.&nbsp; Please don't give it any preferential treatment based on our name's reputation if the signature verifies, which could then tarnish our reputation."&nbsp; Unlike the verification failure case, I don't think this has any practical use by an attacker because it's explicitly declining any special positive treatment.&nbsp; That means it's actually useful in the success case.<br><br>Any comments about this?&nbsp; I talked to Dave last week as we happened to be at the same event, and he thought this warranted a new erratum against RFC6376.<br><br>I've opened a ticket to arrange that "t=y" suppresses any positive impact domain reputation has in the next version of OpenDKIM, as an experiment.<br><br>-MSK<br></p></div>
Permalink | Reply | 15 comments |
headers
Chris Lamont Mankowski | 19 Jun 2012 14:49
Picon

Is TLS-OBC for SMTP (in theory) a good alternative to SPF?

I realize my last message talked about TLS-OBC for SMTP but didn't preface it with any information on how I see how it can replace, or compliment SPF in a given situation. First, does anyone know of a working group that is getting TLS-OBC to work in conjunction with the SMTP protocol?  Perhaps some of this information is written elsewhere.

TLS-OBC allows for a SMTP server to publish its public keys into DNS, while removing any dependency (or vulnerability) on the PKI hierarchy.  The approach works at the envelope layer (just like SPF) and has the potential to allow a sender to simply have a private key, instead of sending mail from a particular IP address.  This alone simplifies configuration and allows for many deployment models.

Based on what I've read, in order for TLS-OBC to be secure the corresponding DMARC-TLS policy should define if DNSSec should be used for the certificate, CRL and OCSP links.  I personally want to also specify cipher and encryption levels as well, but I can see how that can fall out of DMARC's scope of message authentication.  Conversely, if a certificate is being used in situations to replace SPF, then we should specify the minimum crypto allowed (we don't want MD5 for example)

For those who are interested, here is information on why DNSSec is required  and additional information on how easy it is to spoof DNS . 

<div>
<span></span><span></span><a href="/"></a>I&nbsp;realize my last message talked about TLS-OBC for SMTP but didn't preface it with any information on how I see how it can replace, or compliment SPF in a given situation. First, does anyone know of a working group that is getting TLS-OBC to work in conjunction with the SMTP protocol? &nbsp;Perhaps some of this information is written elsewhere.<div>
<div><br></div>
<div>TLS-OBC allows for a SMTP server to publish its public keys into DNS, while removing any dependency (<a href="http://security.stackexchange.com/q/2268/396">or vulnerability</a>) on the PKI&nbsp;hierarchy. &nbsp;The approach works at the envelope layer (just like SPF) and has the potential to allow a sender to simply have a private key, instead of sending mail from a particular IP address. &nbsp;This alone simplifies configuration and allows for many deployment models.</div>
<div><br></div>
<div>Based on what I've read, in order for TLS-OBC to be secure the corresponding&nbsp;DMARC-TLS&nbsp;policy should define if DNSSec should be used for the certificate, CRL and OCSP links. &nbsp;I personally want to also specify cipher and encryption levels as well, but I can see how that can fall out of DMARC's scope of message authentication. &nbsp;Conversely, if a certificate is being used in situations to replace SPF, then we should specify the minimum crypto allowed (we don't want MD5 for example)</div>
<div><br></div>
<div>For those who are interested,<a href="http://security.stackexchange.com/q/6824/396"> here is information on why DNSSec is required&nbsp;</a>&nbsp;and additional information on<a href="http://security.stackexchange.com/q/6827/396"> how easy it is to spoof DNS</a>&nbsp;.&nbsp;</div>
<div><br></div>
</div>
</div>
Permalink | Reply | 1 comment |
headers
Chris Lamont Mankowski | 19 Jun 2012 13:58
Picon

Is DMARC the right place for SMTP-TLS policy and reporting?

Does it makes sense for the DMARC policy to not only set policy and report on DKIM and SPF but also how the client authenticates via TLS?   

As it stands today, many companies are setting up independent TLS connections between peers to accommodate the various PII laws that require encryption of data in transit, and there is no central location to place policy.

The DKIM RFC describes how some deployments may have a DKIM selector per user to accommodate traveling laptops (or something to that effect).  If we were to include TLS certificate information in a policy, that could allow SPF to be just as portable.    And keeping in the spirit of DMARC, no PKI is needed if the implementation used certificates in DNS (TLSA) http://tools.ietf.org/html/draft-ietf-dane-protocol-23

I've seen a few posts that talk about MUAs displaying DMARC-verified messages with a golden key illustrating it's sent secure.  I understand that MUAs are out of scope for the DMARC spec, but I want to mention that feature will be confusing to my end users and customers as it stands today.  I'm in the financial vertical and work with HIPPA data and other material relevant to advisory services,benefits, life insurance.  As a result we are required to encrypt all data in transport.  

In fact, I've worked with representatives from DMARC's sponsors (Bank of America, and Fidelity among others) to set up Enforced TLS between our companies (NFP).  The reason for this was to increase security in lieu of a portal-based-encryption such as Voltage or Zixmail.  Many of our end users and customers noticed how the contents of the message changed and they aren't requiring a login to a separate website for PII data.  They thought TLS made the contents insecure in transit, when this isn't the case.

So what are your thoughts?  Should DMARC also incorporate some level of TLS encryption policy and reporting, especially considering the outcome of the policy will be reflected in the MUA? Should something else be created such as DMARC-TLS?

It makes sense to bring this up here and now because the right MTA developers are addressing message authentication via DNS policy, and TLS is used for message authentication when the subject name is trusted and aligned with RFC5322.From.

Thanks for your consideration,

Chris Lamont Mankowski
<div>
<div>Does it makes sense for the DMARC policy to not only set policy and report on DKIM and SPF but also how the client authenticates via TLS? &nbsp;&nbsp;</div>
<div><br></div>
<div>As it stands today, many companies are setting up independent TLS connections between peers to&nbsp;accommodate the various PII laws that require encryption of data in transit, and there is no central location to place policy.</div>
<div><br></div>
<div>The DKIM RFC describes how some deployments may have a DKIM selector per user to&nbsp;accommodate&nbsp;traveling laptops (or something to that effect). &nbsp;If we were to include TLS certificate information in a policy, that could allow SPF to be just as portable. &nbsp;&nbsp;&nbsp;And keeping in the spirit of DMARC, no PKI is needed if the implementation used certificates in DNS (TLSA)&nbsp;<a href="http://tools.ietf.org/html/draft-ietf-dane-protocol-23">http://tools.ietf.org/html/draft-ietf-dane-protocol-23</a>
</div>
<div><br></div>
<div>I've seen a few posts that talk about MUAs displaying DMARC-verified messages with a golden key illustrating it's sent secure. &nbsp;I understand that MUAs are out of scope for the DMARC spec, but I want to mention that feature will be confusing to my end users and customers as it stands today. &nbsp;I'm in the financial vertical and work with HIPPA data and other material&nbsp;relevant&nbsp;to advisory services,benefits, life insurance. &nbsp;As a result we are required to encrypt all data in transport. &nbsp;</div>
<div><br></div>
<div>In fact, I've worked with&nbsp;representatives&nbsp;from DMARC's sponsors (Bank of America, and Fidelity among others) to set up Enforced TLS between our companies (NFP). &nbsp;The reason for this was to increase security in lieu of a portal-based-encryption such as Voltage or Zixmail. &nbsp;Many of our end users and customers noticed how the contents of the message changed and they aren't requiring a login to a separate website for PII data. &nbsp;They thought TLS made the contents insecure in transit, when this isn't the case.</div>
<div><br></div>
<div>So what are your thoughts? &nbsp;Should DMARC also incorporate some level of TLS encryption policy and reporting, especially considering the outcome of the policy will be reflected in the MUA? Should something else be created such as DMARC-TLS?</div>
<div><br></div>
<div>It makes sense to bring this up here and now because the right MTA developers are addressing message authentication via DNS policy, and TLS is used for message authentication when the subject name is trusted and aligned with RFC5322.From.</div>
<div><br></div>
<div>Thanks for your consideration,</div>
<div><br></div>
<div>Chris Lamont Mankowski</div>
</div>
Permalink | Reply | 1 comment |

Gmane