IETF Logo Mail Archive

Re: [Acme] WG last call for draft-ietf-acme-email-smime-06

Ryan Sleevi <ryan-ietf@sleevi.com> Tue, 31 March 2020 22:36 UTC

Return-Path: <ryan.sleevi@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D69E3A0C01 for <acme@ietfa.amsl.com>; Tue, 31 Mar 2020 15:36:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.253
X-Spam-Level:
X-Spam-Status: No, score=0.253 tagged_above=-999 required=5 tests=[FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wOWaX4zDNDUG for <acme@ietfa.amsl.com>; Tue, 31 Mar 2020 15:36:37 -0700 (PDT)
Received: from mail-ed1-f48.google.com (mail-ed1-f48.google.com [209.85.208.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F3263A0C03 for <acme@ietf.org>; Tue, 31 Mar 2020 15:36:06 -0700 (PDT)
Received: by mail-ed1-f48.google.com with SMTP id i7so22339868edq.3 for <acme@ietf.org>; Tue, 31 Mar 2020 15:36:06 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=wIYIOPWph6sYKkaFycnrVRVYgZovV9UPvycx+D5Uhhk=; b=JlxGZus3vkVXDytCX5Yz1jKWBV/zAVlpglMi6rdVIQUQ+8RjcyOjM59OXDAKlgFCkF Nj5LtYcCWo3Zx4Oa82//odjhfTriQTOozWZAURoK9A2MF+KNcjHLFwHlEN5a/dQOQZIP Z3cRd0nmWzeAriaqKCqLi+vnvbnMlhiKme3h+EiR3s64Meo8sFnesFj8k4toBo0BlrPU XfmYqqwyVVn6wfiQuWO8F9UV5NX4EVothlczdIj95ey9nO3LvyYnRBHiRn7FHdW0FyZy ErQUU4b5dtCWqUeXPfn40Y+bgshk+rUYWGGPasQyntoAdErIUKiMOr1YALwfXk9MaNJP 79Dg==
X-Gm-Message-State: ANhLgQ3nzWdWtJe1veSi13XXmGBLZRSzPmtB36Kl3eZGE+tfvk4uTUY4 Pu3+whV5ENO+ddgEk75TPp8G6XcF
X-Google-Smtp-Source: ADFU+vv0k/iQIBErQIkhgUKTxCPixfZAl1sDnO+MXXKkgQ+5W9+0aBW0BwfcFAXEosNta/BRjKiOaA==
X-Received: by 2002:a17:906:4308:: with SMTP id j8mr11258577ejm.261.1585694164455; Tue, 31 Mar 2020 15:36:04 -0700 (PDT)
Received: from mail-wr1-f50.google.com (mail-wr1-f50.google.com. [209.85.221.50]) by smtp.gmail.com with ESMTPSA id g13sm39970ejo.77.2020.03.31.15.36.04 for <acme@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 31 Mar 2020 15:36:04 -0700 (PDT)
Received: by mail-wr1-f50.google.com with SMTP id a25so28280515wrd.0 for <acme@ietf.org>; Tue, 31 Mar 2020 15:36:04 -0700 (PDT)
X-Received: by 2002:a05:6000:12c5:: with SMTP id l5mr21317063wrx.134.1585694163836; Tue, 31 Mar 2020 15:36:03 -0700 (PDT)
MIME-Version: 1.0
References: <3703708B-4454-4AC9-87AF-961C73B1F331@akamai.com> <4bf765aa-4325-ed9e-c705-1d0e4734b6ad@andreasschulze.de>
In-Reply-To: <4bf765aa-4325-ed9e-c705-1d0e4734b6ad@andreasschulze.de>
From: Ryan Sleevi <ryan-ietf@sleevi.com>
Date: Tue, 31 Mar 2020 18:35:53 -0400
X-Gmail-Original-Message-ID: <CAErg=HHPhVq7Zj5hK1RATFD8uUwCO0ZCRAKnXjZQQgxT96PdVw@mail.gmail.com>
Message-ID: <CAErg=HHPhVq7Zj5hK1RATFD8uUwCO0ZCRAKnXjZQQgxT96PdVw@mail.gmail.com>
To: "A. Schulze" <sca@andreasschulze.de>
Cc: acme@ietf.org
Content-Type: multipart/alternative; boundary="0000000000005ba49a05a22e3141"
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/ioPs9bgoiGwQiXkQlINl-lzBhmo>
Subject: Re: [Acme] WG last call for draft-ietf-acme-email-smime-06
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Mar 2020 22:36:39 -0000

On Tue, Mar 31, 2020 at 6:24 PM A. Schulze <sca@andreasschulze.de> wrote:

>
>
> Am 12.03.20 um 19:51 schrieb Salz, Rich:
> > This mail begins a one-week working group last call on
> https://datatracker.ietf.org/doc/draft-ietf-acme-email-smime/?include_text=1
> (hopefully not to late ...)
>
> Hello @all,
>
> I became aware of a privacy problem once an ACME instance will implement
> this draft: CT logs.
> Usually the space of local parts for a domains email addresses is private.
> Enumeration is impossible and unwanted.
> But CT logs change some assumptions people may have...


Aren’t those concerns founded on certain assumptions that may not be
entirely accurate?
- That an ACME server (CA) implementing this is using the same trust
hierarchy that they use for TLS?
  - This is forbidden by most major client software (to issue both from the
same hierarchy)
- That the CT logs intended for one protocol (e.g. TLS) accept certificates
for other protocols
  - This is a bug in the current TLS CT logs being fixed (to properly
exclude non-TLS certificates)

Either, or both, of these issues mitigate the concern. However, it doesn’t
seem this concern is related to the protocol, nor would this draft change
anything (and was discussed heavily in TRANS)

>

v2.23.0 | Report a Bug | By Email