[Bimi] BIMI image security open questions
Seth Blank <seth@valimail.com> Wed, 13 March 2019 18:32 UTC
Return-Path: <seth@valimail.com>
X-Original-To: bimi@ietfa.amsl.com
Delivered-To: bimi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1551127962 for <bimi@ietfa.amsl.com>; Wed, 13 Mar 2019 11:32:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.989
X-Spam-Level:
X-Spam-Status: No, score=-1.989 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id liMA0dT84ZFY for <bimi@ietfa.amsl.com>; Wed, 13 Mar 2019 11:32:08 -0700 (PDT)
Received: from mail-vs1-xe35.google.com (mail-vs1-xe35.google.com [IPv6:2607:f8b0:4864:20::e35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 39FDD1275F3 for <bimi@ietf.org>; Wed, 13 Mar 2019 11:32:08 -0700 (PDT)
Received: by mail-vs1-xe35.google.com with SMTP id e126so1434273vse.1 for <bimi@ietf.org>; Wed, 13 Mar 2019 11:32:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; h=mime-version:from:date:message-id:subject:to; bh=i28L6tBk2UQZG/2eGEhGEduRbOp2vcf8BipRSP20C08=; b=EYzRSQU2Nqh7otI2TasDHGGtFPp8AbJXDADPa8pk9yfQya88IitHIXjLXwR8CssJ4D luSn4Y2BkH4X1jJwfVh7DE1xFMTMHJGVyFPI0E1TmHJrcZwQIo/8D04fKGsXqUhlzcf7 Ctal8JIp0RNsuj10I5OYnF5Bjm8yRZG5BgwmUx0PLvQnyhLLuLb8xfBD+lFFdGt9NXk+ KFVFPbQfW9X32xcKZDcbfcy9LXKDkG5XHHRDvHnHzmRuWFOJFfXrcsPVzmMXDWYMdVLQ TLfyo+CAhot9npMMLJBctNo/S4NrXSg0m3udz8N3lOg2oF8/6Gu4Y3mPCjLJc8a2Ux7z PrVA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=i28L6tBk2UQZG/2eGEhGEduRbOp2vcf8BipRSP20C08=; b=a/M7HhXRB5CXfvBRAiFetEtn3zX51O+Ya1p0vY4Pssr4JWD8BCJ0uimjO1h7RTFyA5 b0I+eLPBkf0xW0JHV0bBlBUI4DBhKp1QI/KYMAgOhOVz+9S3uIX5YEf+PeQN3Q876dAu l/lNX/nLflYcPLEKKk0ql8+fPVkT0YU+9cH//FE/0Ykrdn7kZ3JeLXaLkfOQgtmA4Bvl QlMlg10kWhyewLmXYthwg2meqzGJlJso9ZFPd4kc2++/6H+4GA+UQZAgUOwdr0PZZbhW /nr7QZBeE9CMoC2y2K80KbbgjgMF6jluBYBQn+4VTF+OSEzwD2thlMc414neGhVjmZAD xL7w==
X-Gm-Message-State: APjAAAU8bHd6LFeMDH0NGpplFYpIBqLjeMxwfRbW4QLVyz5GjVXqkYp8 +/n7isTnFOb7mC1iMfo2QBmIFl++H0jKR3EyVZcO45KG2823sQ==
X-Google-Smtp-Source: APXvYqzX3bD8CUBm4MBt2U9vMCNQK2lvk/kQOmx1XYWdtN/H1HHXwU6oP4aBICxt+ABwGrRqELTyzf53SXYwfHr1FK4=
X-Received: by 2002:a67:c287:: with SMTP id k7mr24693155vsj.225.1552501926541; Wed, 13 Mar 2019 11:32:06 -0700 (PDT)
MIME-Version: 1.0
From: Seth Blank <seth@valimail.com>
Date: Wed, 13 Mar 2019 11:31:54 -0700
Message-ID: <CAOZAAfNXZ-trm07nugNK4-eprsf27VrNf16tTYBCCmoOhStTjg@mail.gmail.com>
To: bimi@ietf.org
Content-Type: multipart/alternative; boundary="000000000000d870650583fe0533"
Archived-At: <https://mailarchive.ietf.org/arch/msg/bimi/zi90QyPY9nnvOllCmSQUM1RBLuQ>
Subject: [Bimi] BIMI image security open questions
X-BeenThere: bimi@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Brand Indicators for Message Identification <bimi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bimi>, <mailto:bimi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bimi/>
List-Post: <mailto:bimi@ietf.org>
List-Help: <mailto:bimi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bimi>, <mailto:bimi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Mar 2019 18:32:11 -0000
These three drafts cover a myriad of security concerns: - General threats: https://tools.ietf.org/html/draft-bkl-bimi-overview-00 - Problems with certificates/CAs: https://tools.ietf.org/html/draft-chuang-ietf-bimi-security-perspectives-00 - Other more specific technical issues: https://tools.ietf.org/html/draft-blank-ietf-bimi-00#section-9 Outside of these three documents and specific guidance in https://tools.ietf.org/html/draft-blank-ietf-bimi-00#section-5.1.2 (which itself refers to https://tools.ietf.org/html/rfc6170#section-5.2), I believe the only top line threat that's not well documented are related to the image payload itself. Details below from M3AAWG technical. None of the above authors are experts on these vectors. We'd love to discuss in more depth or be connected to people or resources who can help educate us (preferably on this list). Thanks, we're looking forward to your feedback and participation in the BoF! The M3AAWG technical list has provided the following threats that are not encapsulated in the above drafts: 1) Richard Clayton provided: An issue where the image which is certified may not be the actual image that is rendered unless care is taken to specify the nature of the rendering: https://pdfs.semanticscholar.org/e8c5/6fe612c0edd436361b1f07551c832c0f1fb8.pdf 2) Joe St. Sauver provided: Steganography in SVG: https://github.com/japplebaum/svgsteg Script tags in SVG: https://www.redteamsecure.com/evil-svg-project/ The script tag is mediated by the requirements of https://tools.ietf.org/html/rfc6170#section-5.2, but is still worth calling out explicitly. -- Seth Blank | Director, Industry Initiatives e: seth@valimail.com |* p: *415-273-8818 <https://www.valimail.com/> <https://twitter.com/valimail> <https://twitter.com/valimail> <https://www.linkedin.com/company/valimail/> <https://www.linkedin.com/company/valimail/> <https://www.facebook.com/ValiMail-649042791951699> <https://www.facebook.com/Valimail-649042791951699/> This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system.
- [Bimi] BIMI image security open questions Seth Blank