Re: [Acme] Last Call: <draft-ietf-acme-email-smime-08.txt> (Extensions to Automatic Certificate Management Environment for end user S/MIME certificates) to Proposed Standard

S Moonesamy <> Thu, 02 July 2020 19:52 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 6CD6E3A0869; Thu, 2 Jul 2020 12:52:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.697
X-Spam-Status: No, score=-1.697 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)"
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id RV_H0pZ73aBi; Thu, 2 Jul 2020 12:52:02 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 1050D3A086B; Thu, 2 Jul 2020 12:52:01 -0700 (PDT)
Received: from ([]) (authenticated bits=0) by (8.15.2/8.14.5) with ESMTPSA id 062JphUE001553 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 2 Jul 2020 12:51:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;; s=mail; t=1593719519; x=1593805919;; bh=Q6+MI/2dOvJEbEWLokwl/KHoGFuIYf2m5Y1fBccKaY0=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=b4WERzljQUxmTgbfZUlvPN8J4FHjyINpXD7hPiWndTHxKYCEx679eOgY9b3X8E/xw ZWjMm1AduxozYbAR8pSkU6K0KtjoA7A0ek5jG0Tr52Qjdp9rKZn0mWBnJ3a9vFWx6i Xuf5b2WVmVLo3jYm3fOu0Boq5wU0e5XX+s9hm+xk=
Message-Id: <>
X-Mailer: QUALCOMM Windows Eudora Version
Date: Thu, 02 Jul 2020 12:50:16 -0700
To: Alexey Melnikov <>,
From: S Moonesamy <>
In-Reply-To: <>
References: <> <> <>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Archived-At: <>
Subject: Re: [Acme] Last Call: <draft-ietf-acme-email-smime-08.txt> (Extensions to Automatic Certificate Management Environment for end user S/MIME certificates) to Proposed Standard
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 02 Jul 2020 19:52:05 -0000

Hi Alexey,

Sorry for the slow response.

At 02:14 AM 26-06-2020, Alexey Melnikov wrote:
>I don't think my proposal is inteded to work with mailing list 
>forwarding. This sounds pretty dangerous and defeats the prescribed 
>recipient email validation check. Maybe the document should say 
>something about this.
>If you are thinking about recipient end alias-type forwarding, then 
>I can add some text that validation has to happen before forwarding, 
>but this ACME mechanism might still break if the From header field 
>email address of the response message doesn't match the email 
>address used to request the certificate for.

I was thinking about alias-type forwarding (Section 3.9.1 of RFC 
5321).  I am okay if the author/working group gave some thought to 
that.  You could probably point to the first paragraph of Section 6, 
instead of adding text, if that were to be an issue in future.

S. Moonesamy