[Bimi] New Version Notification for draft-blank-ietf-bimi-00.txt
Seth Blank <seth@sethblank.com> Wed, 06 February 2019 20:11 UTC
Return-Path: <seth@sethblank.com>
X-Original-To: bimi@ietfa.amsl.com
Delivered-To: bimi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0540130ED7 for <bimi@ietfa.amsl.com>; Wed, 6 Feb 2019 12:11:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.042
X-Spam-Level:
X-Spam-Status: No, score=-2.042 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.142, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sethblank-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P99hcJqBcjkl for <bimi@ietfa.amsl.com>; Wed, 6 Feb 2019 12:11:02 -0800 (PST)
Received: from mail-ot1-x342.google.com (mail-ot1-x342.google.com [IPv6:2607:f8b0:4864:20::342]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CD937127AC2 for <bimi@ietf.org>; Wed, 6 Feb 2019 12:10:58 -0800 (PST)
Received: by mail-ot1-x342.google.com with SMTP id v23so14184793otk.9 for <bimi@ietf.org>; Wed, 06 Feb 2019 12:10:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sethblank-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=rnJYwj2yuih8nXXWj5cfeIFieMKRswIy/wq7KLQa+uE=; b=K/3hibJkUfoT/ugjBMz4ZmuZ+1LdlgjbrYprr5xN7FOpu983ic4P9sy2qIGlHgZBU2 gBK9ISUKDnz5tJytq1A81WnBV6CtrAi3EKYPKp+QQP+REaflfhWMKdASafNJiIkDuaQD buDZLyO2dgksCEHkZdQEFwlTa5UHnBScvEbdygowTEihA81Z2fT20o1dt5hAxnLpwDHL I/8dGObk43CM8zbKdcpCMVybT8Ghh0BMpYMTlbcMYEBY4jd0njtbQgYvtvLyXTIiEc2x 0wjcMKdCwcaYlG/t0hEkQhlljfxNqn7w3w5WOV4YaZnK6b+0I+caG8Nl/3xM+7etOl0R B+DA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=rnJYwj2yuih8nXXWj5cfeIFieMKRswIy/wq7KLQa+uE=; b=rxagTJbJJOu4TWE4yx/+msYtcpyz1kWuoGdwqg9F2bs36mehpz8VNxrKsiTJyjY4zd jHbI2rdTrkGiq2hU9uO06TAN+pexhFYELOSr5oKHUD4rG5vOKt3nZ/4oZ/FXMf+TiWax kKx2IEXDza/PQ15geCTZ0vcZ1i/1aT+Psik7J1dSm/LdNlgYpEwor3qa7oS7lhb60coQ msq7nvDDtH+91d9O+zx2EodIzPF7RLWeD4r43zs452UFRvkmFi2BV8TUvg6poDiCDuQ4 iw6jH/9e9p4iamHL4SxQ4fChETD2/cHZKR9LJvpu0sc2/rR26fyTvE7AtB4RbPujJ3F/ pRdg==
X-Gm-Message-State: AHQUAuacQx31g9Zuzulcle1OpYPPzd7zdf2gDQdmktThXHSIC5/HmDY0 dkim3ao+TuvaKk9ZK6oCnGMVd/ky+R9YF99m9oJaDIHaYjbo2g==
X-Google-Smtp-Source: AHgI3IaLiyQ7JOE+tifh13woml+LPKSKwPOO5JA7IaxP8/KqcVZiAISzon1PfC7YA6FlHEtlS/ieB9ksSpjSrmhR5Pg=
X-Received: by 2002:a9d:d83:: with SMTP id 3mr6213859ots.361.1549483857492; Wed, 06 Feb 2019 12:10:57 -0800 (PST)
MIME-Version: 1.0
From: Seth Blank <seth@sethblank.com>
Date: Wed, 06 Feb 2019 12:10:35 -0800
Message-ID: <CAD2i3WMP=-id4aCexu71fXRiVkdN3L6v5p7E1yJVRAwk0vmkfA@mail.gmail.com>
To: bimi@ietf.org
Content-Type: multipart/alternative; boundary="000000000000e95cec05813f52a2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/bimi/26xOBFegXFx10m8RqI6DmdoGRfA>
Subject: [Bimi] New Version Notification for draft-blank-ietf-bimi-00.txt
X-BeenThere: bimi@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Brand Indicators for Message Identification <bimi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bimi>, <mailto:bimi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bimi/>
List-Post: <mailto:bimi@ietf.org>
List-Help: <mailto:bimi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bimi>, <mailto:bimi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Feb 2019 20:11:05 -0000
I've uploaded two documents as I-Ds to kick off IETF discussions around BIMI. Both these documents need a good deal of work, but are ready for public discussion. For BIMI publishing and usage: - https://tools.ietf.org/html/draft-blank-ietf-bimi-00 - https://tools.ietf.org/html/draft-brotman-ietf-bimi-guidance-00 For logo validation: - https://tools.ietf.org/html/draft-chuang-bimi-certificate-00 - https://docs.google.com/document/d/10IzxkdrveDazBAvTvOUa9uCIDBwMkdmluwHEcbja42w/edit?usp=sharing At a high level, these documents have several issues to be worked through: 1) The intent is for this to be globally accessible to any domain owner, but the current mechanisms are more approachable to larger organizations in first world countries a) We need a discussion of what other validation mechanisms could work at scale (our expectation is to have several, signposted weakly in the draft) b) We need a way to properly reflect this in the proposed a= tag 2) BIMI is NOT a new authentication mechanism, nor does it make ANY claims about user security or trust in the inbox. However, in places this draft may be unclear. How do we make this clearer while still explaining why standardizing this process is important, without crossing the line into UX or trust, of which BIMI is neither? 3) Right now, security surrounding logos is limited to SVGs per https://tools.ietf.org/html/rfc6170#section-5.2. There's clearly more that's needed here, especially against attacks that rely on steganography or resizing vectors, etc. 4) Other nits for draft-blank-ietf-bimi: a) The structure needs work, as do the Introduction and Overview b) Some of the technical construction feels like it could be dramatically simplified c) Section 8.2 mentions hashes with no definition or clarity d) The uses of MTA, MUA, and Mail Receiver feel like they overlap each other left and right i) And the document is heavily focused on larger receivers where this distinction is clear, but doesn't give any thought to other receiving architectures at all, especially mail clients that are the entire stack Several authors of these documents will be in Prague, we're looking forward to the conversations over the next few weeks and face to face! Seth ---------- Forwarded message --------- From: <internet-drafts@ietf.org> Date: Wed, Feb 6, 2019 at 11:11 AM Subject: New Version Notification for draft-blank-ietf-bimi-00.txt A new version of I-D, draft-blank-ietf-bimi-00.txt has been successfully submitted by Seth Blank and posted to the IETF repository. Name: draft-blank-ietf-bimi Revision: 00 Title: Brand Indicators for Message Identification (BIMI) Document date: 2019-02-06 Group: Individual Submission Pages: 26 URL: https://www.ietf.org/internet-drafts/draft-blank-ietf-bimi-00.txt Status: https://datatracker.ietf.org/doc/draft-blank-ietf-bimi/ Htmlized: https://tools.ietf.org/html/draft-blank-ietf-bimi-00 Htmlized: https://datatracker.ietf.org/doc/html/draft-blank-ietf-bimi Abstract: Brand Indicators for Message Identification (BIMI) permits Domain Owners to coordinate with Mail User Agents (MUAs) to display brand- specific Indicators next to properly authenticated messages. There are two aspects of BIMI coordination: a scalable mechanism for Domain Owners to publish their desired indicators, and a mechanism for Mail Transfer Agents (MTAs) to verify the authenticity of the indicator. This document specifies how Domain Owners communicate their desired indicators through the BIMI assertion record in DNS and how that record is to be handled by MTAs and MUAs. The domain verification mechanism and extensions for other mail protocols (IMAP, etc.) are specified in separate documents. MUAs and mail-receiving organizations are free to define their own policies for indicator display that makes use or not of BIMI data as they see fit. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat