Re: [dispatch] Work for IETF114 Mon, 13 June 2022 01:27 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id BA3BEC157B35 for <>; Sun, 12 Jun 2022 18:27:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.99
X-Spam-Status: No, score=-0.99 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id PCGvPGNJYLtC for <>; Sun, 12 Jun 2022 18:27:51 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D84AAC157901 for <>; Sun, 12 Jun 2022 18:27:51 -0700 (PDT)
Received: from ([]) by with ESMTP id 0Yd6ojNRpL9Vp0Ypyov2wj; Mon, 13 Jun 2022 01:25:50 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20211018a; t=1655083550; bh=9dkZBPkiDNZ7PI5qyuU1bTm5AOCg4FUamF0yvC2IE/o=; h=Received:Received:Received:Received:From:To:Subject:Date: Message-ID; b=e4Ki7F7XZVWY6jyZZAGxF8TA23QL2lgATuSqMVYOMhAet1LFJjUGO/KlLvyaem8L6 zQvw8YdqeZ32b8s+N4i6XAuZ2FlU/0KBQVXrq1hkYR4/8yU2bLvjeCXp2hr5Ftjrce U+N/hb+/BgBSZfXny/owyoGsBXNmfdK4huvjM4fXLQtToJAvXEhuXRRLNESGUPn1mB njk6HKYCY86Wy4J9UZnLn6PQ89or4N3ZiBJ1LjOFkqDor6+N6hjba/lEc7d6AkbtE1 IVhXWpSlFawbp76cRXP5kgNIHqsrEdOTd75h1EM/Jy2L6pp3DpoN04dQ7MgMYMWUcH 4ANgWBk6yYE4Q==
Received: from ([IPv6:2601:192:4a00:430::69ae]) by with ESMTPA id 0Ypjo9cPLx90y0Ypwo0XJl; Mon, 13 Jun 2022 01:25:50 +0000
X-Xfinity-VMeta: sc=0.00;st=legit
Received: from (localhost []) by (8.16.1/8.16.1) with ESMTPS id 25D1PZ94146626 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT); Sun, 12 Jun 2022 21:25:35 -0400
Received: (from worley@localhost) by (8.16.1/8.16.1/Submit) id 25D1PYJf146623; Sun, 12 Jun 2022 21:25:34 -0400
X-Authentication-Warning: worley set sender to using -f
To: John C Klensin <>
In-Reply-To: <F43BDC96CB68396AECE8E2B5@PSB> (
Date: Sun, 12 Jun 2022 21:25:34 -0400
Message-ID: <>
Archived-At: <>
Subject: Re: [dispatch] Work for IETF114
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: DISPATCH Working Group Mail List <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 13 Jun 2022 01:27:56 -0000

Relative to this use case:

> --On Friday, June 10, 2022 23:22 +1000 Bron Gondwana
> <> wrote:
>> Yep, me again with something new that's bubbling up out of the "large
>> files over email" problem.

>> Use case: user wants to store a file encrypted on a server,
>> and provide a link such that their recipient can get the
>> decrypted file, without the server ever seeing the plaintext
>> content.

It seems like this is the natural attack:

John C Klensin <> writes:
> Without having thought carefully about this, I'd think about
> something like a trick URI type, one that might look something
> vaguely like:
>    ENCRYPTEDFILE://SomeDomain/key/URL-of-server-and-location/

That is, define a new scheme whose resolution process involves
- fetching of an object from URL-of-server-and-location,
- decrypting it with a particular algorithm-and-key,
- possibly verifying the hash of either the encrypted or the decrypted 
- attaching a specified media type (since the server of the encrypted
  version isn't necessarily going to preserve the media type).

After resolution, the generic "apply the fragment specifier based on the
media type" operation is applied.

I haven't chewed through the URI syntax carefully enough to propose how
to pack that information into a URI with the minimum amount of
%-encoding, but it would be nice if URL-of-server-and-location could
always be a suffix of the URI without modification.  You want a
URI form that doesn't have an authority component.  And the URL
embedding needs to allow a query part as part of the embedded URL,
preferably without having it be a query part of the URI.

I assume you'd use it for "large files over email" in this style:

    Content-type: message/external-body; access-type=URL;