[Ehip] Fwd: Start discussion for draft-wchuang-grunion-01
Wei Chuang <weihaw@google.com> Fri, 18 December 2015 19:30 UTC
Return-Path: <weihaw@google.com>
X-Original-To: ehip@ietfa.amsl.com
Delivered-To: ehip@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 101A11B3866 for <ehip@ietfa.amsl.com>; Fri, 18 Dec 2015 11:30:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.388
X-Spam-Level:
X-Spam-Status: No, score=-1.388 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2-p3lPKW9mWw for <ehip@ietfa.amsl.com>; Fri, 18 Dec 2015 11:30:52 -0800 (PST)
Received: from mail-io0-x232.google.com (mail-io0-x232.google.com [IPv6:2607:f8b0:4001:c06::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2078D1A87F2 for <ehip@ietf.org>; Fri, 18 Dec 2015 11:30:52 -0800 (PST)
Received: by mail-io0-x232.google.com with SMTP id o67so99973001iof.3 for <ehip@ietf.org>; Fri, 18 Dec 2015 11:30:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=oQM4XAy5bEUdicLX6G6mi2WgFWeB4bghs9gbbdi6L1A=; b=bmUgHo4e5zmPUrb21UHszlCnasMPzNS2YYZzF6D0NvUA4hY+Z9M+ejBrC2QR+R54T9 mL94PbsabjQH5g99I8gXQAwcakMmsU17hNpoy0jfcneERa7+MJ9qbatxj991dPrgTDrn +dWUHz6t6dySzO/Lwc6HLxG6wVoVSeidbZhJmFky14an2KcMdEAQtyQ8ZM6l0D+4UZ7d zeEZGSMSoS0VKqsurl/VkqbjOI3eR6iaWQLn20R4OBTNNLohTsMnOsAwkHbc3BbMfP5f uOJYE42iBS58Rz7C/NfT0Py22cFiAc3iyjhj/FrCnUnIRbNiwNvnT2XktzmIkOIAJgg/ ku2g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=oQM4XAy5bEUdicLX6G6mi2WgFWeB4bghs9gbbdi6L1A=; b=lSz07nlH0H8DXquTMPHXX8dyV2v/fNXz1g6sT/yBbwtr462gsE+d2rpZAkRgDeh4G2 UOuOLpXKT4vm3XdezYqKYoCkW8RQd/6Z97RSdD+IjwVpgfWx0oWA2Uf7akd3kEWGQxV8 9b8XAFLwqhD5phCamEaDm3NP37bcuTD60XvJHmMCIqxDkn49kfKPIo0ZMDEUWftdrJYN r2MmIvUuIb8pxzHjFASVC1Mi9fC48gpP0NaIaWAP21GBRBFifLm1KaaE4CAExopXwr2P TIJkxB5yKA/JRccfW1KiWMfUiKxJgxdfV30uwzT2sT1yaeUEeMZ8oY7gmwcnDBmdD4gW L4uw==
X-Gm-Message-State: ALoCoQke/JA7NnMtKDUTKoILiNn0ZIu1Ax/5N8xgdp3ibw4UxB+jglWirbp4DK5iob5YDtMFRAkbtjKxFEn0YcmSqE/9p3bGv51hn8dMkR1g/P+VunsuZ0c=
MIME-Version: 1.0
X-Received: by 10.107.167.18 with SMTP id q18mr6422320ioe.141.1450467051390; Fri, 18 Dec 2015 11:30:51 -0800 (PST)
Received: by 10.64.162.230 with HTTP; Fri, 18 Dec 2015 11:30:51 -0800 (PST)
In-Reply-To: <CAAFsWK3RDStitcuKphpos-aeBpJXD73FCA6oHEas9SMEibWDSw@mail.gmail.com>
References: <CAAFsWK1F_XPC91K6LYSNiSQsStkdRtgsQs9TiM4Qi6ecFUEf=Q@mail.gmail.com> <CAAFsWK3RDStitcuKphpos-aeBpJXD73FCA6oHEas9SMEibWDSw@mail.gmail.com>
Date: Fri, 18 Dec 2015 11:30:51 -0800
Message-ID: <CAAFsWK1scz+uJKd+Y=-=7ZxN7-8gLgR4aH+DKoE2f_18EX_NJg@mail.gmail.com>
From: Wei Chuang <weihaw@google.com>
To: ehip@ietf.org
Content-Type: multipart/alternative; boundary="001a114144085bad310527312d3f"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ehip/ln4P_zoLSmsLLHEGewRFChzx0tU>
Subject: [Ehip] Fwd: Start discussion for draft-wchuang-grunion-01
X-BeenThere: ehip@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discuss methods to protect email senders and receivers from disclosure of email headers to observers." <ehip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ehip>, <mailto:ehip-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ehip/>
List-Post: <mailto:ehip@ietf.org>
List-Help: <mailto:ehip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ehip>, <mailto:ehip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Dec 2015 19:30:54 -0000
Resend to ehip since I butchered the ehip email address! -Wei ---------- Forwarded message ---------- From: Wei Chuang <weihaw@google.com> Date: Wed, Dec 16, 2015 at 5:42 PM Subject: Start discussion for draft-wchuang-grunion-01 To: ehip@ietf.com, ietf-smtp <ietf-smtp@ietf.org> Hi all, I would like to start discussion on draft-wchuang-grunion-01 ( https://tools.ietf.org/html/draft-wchuang-grunion-01) now that some of the discussion of shutup@ is resolving. Very quick summary of wchuang - Use S/MIME, and use rewrap the messages to provide additional header content privacy. - Use intermediary proxy sender and recipients that hide the true sender and recipient. - Proxies unwrap the message and forward - Find the proxy sender and recipient through either X.509 certificate extension or CMS extension. - Differentiate privacy required by the proxies i.e. what message content can been seen by the proxy sender and recipients SMTP MTA. Details of this can be found in draft-wchuang-grunion-01. Some top level discussion points. First I wanted to contrast and show similarities between ehip@ (draft-wchuang-grunion-01) from shutup@ (draft-josefsson-email-received-privacy-00). Both proposals are attempting to improve header privacy. However josefsson is particularly interested in Received headers, while wchuang is interested in hiding the sender and recipient from the delivery path such that a MitM cannot find out simultaneously who the true sender and true recipient are though the adversary might find one or the other. wchuang does mention that Received headers are particularly difficult case to handle and mentions some scenarios where it can be supported or suggests it might have to be dropped. wchuang does go into some different details than josefsson since it specifies S/MIME. This proposal makes some new requirements SMTP MTA to support S/MIME processing to support unwrapping the proxied messages and then forwarding the message. As this forwarding process affects the mail delivery path, wchuang also discusses supporting the NDR or bounced mail case to return back along this altered path while maintaining privacy. Another detail to discuss / understand is how the proxy selection occurs. While at some level conceptually similar to TOR / onion routing there are several differences to call out. wchuang proposes that these proxies are pre-determined statically and described in previously sent messages while in TOR while the sender queries a directory server. More specifically in wchuang the sender finds from previously received messages the S/MIME signature containing X.509 certificates with a new extension describing the proxy adresses or similarly from the signature's CMS. To prevent traffic analysis, the proposal does suggest that the sender may choose from a list of proxies, and that these proxies ought to have sufficient traffic volume to make traffic analysis difficult. That's a summary of what's being proposed. I look forward to any discussion. -Wei