IETF Logo Mail Archive

Re: [dispatch] Work for IETF114 message external bodies

John Levine <johnl@taugh.com> Fri, 10 June 2022 16:41 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6588C13C2D0 for <dispatch@ietfa.amsl.com>; Fri, 10 Jun 2022 09:41:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.857
X-Spam-Level:
X-Spam-Status: No, score=-1.857 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=hSMUdFX2; dkim=pass (2048-bit key) header.d=taugh.com header.b=t9erd+9+
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sLj0eo31GsZe for <dispatch@ietfa.amsl.com>; Fri, 10 Jun 2022 09:40:56 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D0A38C14F73B for <dispatch@ietf.org>; Fri, 10 Jun 2022 09:40:55 -0700 (PDT)
Received: (qmail 1801 invoked from network); 10 Jun 2022 16:40:53 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=706.62a37415.k2206; bh=1hiGk62Jd5kiGZAJUVcChA6Dx4ztKIWA9iEB4BinsYk=; b=hSMUdFX2f67f+8klbY57OLWueJxL1sQQZkomTJFrA+ry0f94Qzz9UxYBm5htRMVOwZOauLXgqUPaJ5aZSvWnsZ8Yy+rPY4So8pVrWkXUBcQbr1ga7ZYr8siQxVQc3yUCBs0jcCsR65oid0fAGmvRgb9tq6M8g1YO3VaaVyglToWMSAT4llcbM1wJKewKlnB3UB+dVZFWCoxSVXPi8GDaiW3nY/LmNepnpk4SZuM0AkvDiaWMIPm2lodmCECEP3ohvx2ra8G+5JpNTyqm31xj4qp/fmjAxMd/rqKZGz1sUuxu3yrNrOZePO1nkAbBYSJijiCy277wflx1kdPimpby5w==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=706.62a37415.k2206; bh=1hiGk62Jd5kiGZAJUVcChA6Dx4ztKIWA9iEB4BinsYk=; b=t9erd+9+/t6uI9PGBaroFAyoVlb9OJbq1/XlAEkFBaMnhSWjDDnIkdQlbgnoahJ8YMYAdma9lF487LTYlUFOqC5iXwy7EWsKtqZRNJYjetxVCf8KagZzU4b03DAHbO2kXhEI/ryBx1dNU+f4UpCVJNJL5WKzCLM0abqTLNCcdIAQY6KzOJ1cA1//etwxt8tPU0HaMP8NnUS8elctrRPiMkJP60uaI8YHH3DzjdKilLombrxrcqya7md+cjnRGf+ze27uDCdHVC/x51YXrVHLs7NZNORhW0SlSaxkl9IPU0K+JLHgHLM7qQZKmIYld4PIN6PYONNplLtgHQc9SHymtg==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.3 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 10 Jun 2022 16:40:52 -0000
Received: by ary.qy (Postfix, from userid 501) id 3150B4356B3B; Fri, 10 Jun 2022 12:40:51 -0400 (EDT)
Date: Fri, 10 Jun 2022 12:40:51 -0400
Message-Id: <20220610164052.3150B4356B3B@ary.qy>
From: John Levine <johnl@taugh.com>
To: dispatch@ietf.org
In-Reply-To: <ec38343d-6c89-4c8a-82c0-484375bd89b1@www.fastmail.com>
Organization: Taughannock Networks
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dispatch/BenQEckHpU6zDixeAaCEMBXJb0U>
Subject: Re: [dispatch] Work for IETF114 message external bodies
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jun 2022 16:41:00 -0000

It appears that Bron Gondwana  <brong@fastmailteam.com> said:
>Use case: user wants to store a file encrypted on a server, and provide a link such that their recipient can get the
>decrypted file, without the server ever seeing the plaintext content.
>
>Which basically means - the URL/URI that the sender provides to the recipient contains the key data to decrypt the content,

When this came up before we noted that the message/external-body MIME type defined in RFC 2017 gets us most of the way
there.  It currently lets you point at a URL, and it would be straightforward to add a few new headers along the lines of:

    Content-ID: <foo123@crudmail.com>
    Content-type: message/external-body; access-type=URL;
                  URL="http://www.foo.com/myconfession.mp4"

    Content-type: video/mp4
    Content-Transfer-Encoding: binary
    Content-Length: 1234567890
    Content-Hash: SHA1/22od022m2m3s00ll2lo23ou32
    Content-Encryption: AES-CBC
    Content-Key: swordfish

    THIS IS NOT REALLY THE BODY!

The length and hash let the client verify that the file hasn't changed, the encryption and key let the client
decode it.  The key is optional, if missing the user provides it if you don't trust the MTAs that forward the message.

The Content-ID is optional, so other parts of the message can refer to this part as cid:foo123@crudmail.com if you
want to put a link in an HTML part.  See RFC 2392.

A security issue is that if the key isn't in the message, whatever
malware checking you do has to be able to run at the point the user
provides the key so it'd be in the MUA rather than the delivery agent.

R's,
John

v2.23.0 | Report a Bug | By Email