[Ehip] Fwd: Start discussion for draft-wchuang-grunion-01

Wei Chuang <weihaw@google.com> Fri, 18 December 2015 19:30 UTC

Return-Path: <weihaw@google.com>
X-Original-To: ehip@ietfa.amsl.com
Delivered-To: ehip@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 101A11B3866 for <ehip@ietfa.amsl.com>; Fri, 18 Dec 2015 11:30:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.388
X-Spam-Level:
X-Spam-Status: No, score=-1.388 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2-p3lPKW9mWw for <ehip@ietfa.amsl.com>; Fri, 18 Dec 2015 11:30:52 -0800 (PST)
Received: from mail-io0-x232.google.com (mail-io0-x232.google.com [IPv6:2607:f8b0:4001:c06::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2078D1A87F2 for <ehip@ietf.org>; Fri, 18 Dec 2015 11:30:52 -0800 (PST)
Received: by mail-io0-x232.google.com with SMTP id o67so99973001iof.3 for <ehip@ietf.org>; Fri, 18 Dec 2015 11:30:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=oQM4XAy5bEUdicLX6G6mi2WgFWeB4bghs9gbbdi6L1A=; b=bmUgHo4e5zmPUrb21UHszlCnasMPzNS2YYZzF6D0NvUA4hY+Z9M+ejBrC2QR+R54T9 mL94PbsabjQH5g99I8gXQAwcakMmsU17hNpoy0jfcneERa7+MJ9qbatxj991dPrgTDrn +dWUHz6t6dySzO/Lwc6HLxG6wVoVSeidbZhJmFky14an2KcMdEAQtyQ8ZM6l0D+4UZ7d zeEZGSMSoS0VKqsurl/VkqbjOI3eR6iaWQLn20R4OBTNNLohTsMnOsAwkHbc3BbMfP5f uOJYE42iBS58Rz7C/NfT0Py22cFiAc3iyjhj/FrCnUnIRbNiwNvnT2XktzmIkOIAJgg/ ku2g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=oQM4XAy5bEUdicLX6G6mi2WgFWeB4bghs9gbbdi6L1A=; b=lSz07nlH0H8DXquTMPHXX8dyV2v/fNXz1g6sT/yBbwtr462gsE+d2rpZAkRgDeh4G2 UOuOLpXKT4vm3XdezYqKYoCkW8RQd/6Z97RSdD+IjwVpgfWx0oWA2Uf7akd3kEWGQxV8 9b8XAFLwqhD5phCamEaDm3NP37bcuTD60XvJHmMCIqxDkn49kfKPIo0ZMDEUWftdrJYN r2MmIvUuIb8pxzHjFASVC1Mi9fC48gpP0NaIaWAP21GBRBFifLm1KaaE4CAExopXwr2P TIJkxB5yKA/JRccfW1KiWMfUiKxJgxdfV30uwzT2sT1yaeUEeMZ8oY7gmwcnDBmdD4gW L4uw==
X-Gm-Message-State: ALoCoQke/JA7NnMtKDUTKoILiNn0ZIu1Ax/5N8xgdp3ibw4UxB+jglWirbp4DK5iob5YDtMFRAkbtjKxFEn0YcmSqE/9p3bGv51hn8dMkR1g/P+VunsuZ0c=
MIME-Version: 1.0
X-Received: by 10.107.167.18 with SMTP id q18mr6422320ioe.141.1450467051390; Fri, 18 Dec 2015 11:30:51 -0800 (PST)
Received: by 10.64.162.230 with HTTP; Fri, 18 Dec 2015 11:30:51 -0800 (PST)
In-Reply-To: <CAAFsWK3RDStitcuKphpos-aeBpJXD73FCA6oHEas9SMEibWDSw@mail.gmail.com>
References: <CAAFsWK1F_XPC91K6LYSNiSQsStkdRtgsQs9TiM4Qi6ecFUEf=Q@mail.gmail.com> <CAAFsWK3RDStitcuKphpos-aeBpJXD73FCA6oHEas9SMEibWDSw@mail.gmail.com>
Date: Fri, 18 Dec 2015 11:30:51 -0800
Message-ID: <CAAFsWK1scz+uJKd+Y=-=7ZxN7-8gLgR4aH+DKoE2f_18EX_NJg@mail.gmail.com>
From: Wei Chuang <weihaw@google.com>
To: ehip@ietf.org
Content-Type: multipart/alternative; boundary="001a114144085bad310527312d3f"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ehip/ln4P_zoLSmsLLHEGewRFChzx0tU>
Subject: [Ehip] Fwd: Start discussion for draft-wchuang-grunion-01
X-BeenThere: ehip@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discuss methods to protect email senders and receivers from disclosure of email headers to observers." <ehip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ehip>, <mailto:ehip-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ehip/>
List-Post: <mailto:ehip@ietf.org>
List-Help: <mailto:ehip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ehip>, <mailto:ehip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Dec 2015 19:30:54 -0000

Resend to ehip since I butchered the ehip email address!

-Wei

---------- Forwarded message ----------
From: Wei Chuang <weihaw@google.com>
Date: Wed, Dec 16, 2015 at 5:42 PM
Subject: Start discussion for draft-wchuang-grunion-01
To: ehip@ietf.com, ietf-smtp <ietf-smtp@ietf.org>


Hi all,

I would like to start discussion on draft-wchuang-grunion-01 (
https://tools.ietf.org/html/draft-wchuang-grunion-01) now that some of the
discussion of shutup@ is resolving.

Very quick summary of wchuang
- Use S/MIME, and use rewrap the messages to provide additional header
content privacy.
- Use intermediary proxy sender and recipients that hide the true sender
and recipient.
  - Proxies unwrap the message and forward
- Find the proxy sender and recipient through either X.509 certificate
extension
  or CMS extension.
- Differentiate privacy required by the proxies i.e. what message content
can been seen
by the proxy sender and recipients SMTP MTA.
Details of this can be found in draft-wchuang-grunion-01.

Some top level discussion points. First I wanted to contrast and show
similarities between ehip@ (draft-wchuang-grunion-01) from shutup@
(draft-josefsson-email-received-privacy-00).  Both proposals are attempting
to improve header privacy.  However josefsson is particularly interested in
Received headers, while wchuang is interested in hiding the sender and
recipient from the delivery path such that a MitM cannot find out
simultaneously who the true sender and true recipient are though the
adversary might find one or the other.  wchuang does mention that Received
headers are particularly difficult case to handle and mentions some
scenarios where it can be supported or suggests it might have to be
dropped.  wchuang does go into some different details than josefsson since
it specifies S/MIME.  This proposal makes some new requirements SMTP MTA to
support S/MIME processing to support unwrapping the proxied messages and
then forwarding the message.  As this forwarding process affects the mail
delivery path, wchuang also discusses supporting the NDR or bounced mail
case to return back along this altered path while maintaining privacy.

Another detail to discuss / understand is how the proxy selection occurs.
While at some level conceptually similar to TOR / onion routing there are
several differences to call out.  wchuang proposes that these proxies are
pre-determined statically and described in previously sent messages while
in TOR while the sender queries a directory server.  More specifically in
wchuang the sender finds from previously received messages the S/MIME
signature containing X.509 certificates with a new extension describing the
proxy adresses or similarly from the signature's CMS.  To prevent traffic
analysis, the proposal does suggest that the sender may choose from a list
of proxies, and that these proxies ought to have sufficient traffic volume
to make traffic analysis difficult.

That's a summary of what's being proposed.  I look forward to any
discussion.

-Wei