Re: [Acme] WG last call for draft-ietf-acme-email-smime-06

"A. Schulze" <> Tue, 31 March 2020 22:24 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 98A4D3A0AAD for <>; Tue, 31 Mar 2020 15:24:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.199
X-Spam-Status: No, score=-0.199 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Ig4jYztJZcGz for <>; Tue, 31 Mar 2020 15:24:18 -0700 (PDT)
Received: from ( [IPv6:2001:470:77b3:103::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 545A13A0AA5 for <>; Tue, 31 Mar 2020 15:24:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=202003-05B6D237; t=1585693452; x=1590693452; bh=kSJdQ6iVppM6nT3qHn4LeGkCuIu7cbaJfv0u+LTdqDI=; h=Subject:To:References:From:Message-ID:Date:MIME-Version: In-Reply-To:Content-Type:Content-Transfer-Encoding:autocrypt:cc: content-transfer-encoding:content-type:date:from:in-reply-to: message-id:mime-version:openpgp:references:subject:to; b=DqcpnnEbY7lwmbyh13MQtiBXpSzUbWaGaF/5VtJW5oY8w0OpxSuHe9YQEadtsjbpS yloAyuMlgeOvJE0u/ESCmDaz6qCgc2XqyoAJcEFgKX90ao0hp20D7u3r2XrBA4Uwcd XS2g5ZuC9lqjKyoAu4dpmcL0H1aKABnskSE16fHxNoWUB0QIm7K9oEoxv7RJc/iJCg lbqF32owi2baTB3fLJW85GLE3gHOsr1Secv3vwFU5Jw11MUTJkNDadflzIiurZ4B/V LSHgx0/uPajAevnX4HZv2Mu4qTtIzh+Z3je60hvyxlJ9KvRiXAFT0vyUJuMnqrpNju 0YGjN3zxIh0CA==
References: <>
From: "A. Schulze" <>
Message-ID: <>
Date: Wed, 1 Apr 2020 00:24:16 +0200
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <>
Subject: Re: [Acme] WG last call for draft-ietf-acme-email-smime-06
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 31 Mar 2020 22:24:21 -0000

Am 12.03.20 um 19:51 schrieb Salz, Rich:
> This mail begins a one-week working group last call on
(hopefully not to late ...)

Hello @all,

I became aware of a privacy problem once an ACME instance will implement this draft: CT logs.
Usually the space of local parts for a domains email addresses is private. Enumeration is impossible and unwanted.
But CT logs change some assumptions people may have...

On the other side the problem isn't really new.
Similar applies to the hosts available inside a domain.
Similar applies to DNSSEC signed domains. But at least there is an option to make a zone-walk harder: NSEC3

Is this at least a point to be mentioned in the drafts security section?