IETF Logo Mail Archive

Re: [Endymail] FW: Group/Enterprise encrypted email

"Nordgren, Bryce L -FS" <bnordgren@fs.fed.us> Wed, 03 June 2015 19:51 UTC

Return-Path: <bnordgren@fs.fed.us>
X-Original-To: endymail@ietfa.amsl.com
Delivered-To: endymail@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 955801B2A01 for <endymail@ietfa.amsl.com>; Wed, 3 Jun 2015 12:51:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rwm-TlOirbD4 for <endymail@ietfa.amsl.com>; Wed, 3 Jun 2015 12:51:05 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1bon0619.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::1:619]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE1771ACE86 for <endymail@ietf.org>; Wed, 3 Jun 2015 12:49:51 -0700 (PDT)
Received: from CO2PR06CA012.namprd06.prod.outlook.com (10.141.242.12) by BLUPR06MB1825.namprd06.prod.outlook.com (25.162.225.15) with Microsoft SMTP Server (TLS) id 15.1.172.22; Wed, 3 Jun 2015 19:49:32 +0000
Received: from BL2FFO11FD016.protection.gbl (2a01:111:f400:7c09::123) by CO2PR06CA012.outlook.office365.com (2a01:111:e400:142a::12) with Microsoft SMTP Server (TLS) id 15.1.184.17 via Frontend Transport; Wed, 3 Jun 2015 19:49:32 +0000
Authentication-Results: spf=pass (sender IP is 199.135.140.17) smtp.mailfrom=fs.fed.us; icloud.com; dkim=none (message not signed) header.d=none;
Received-SPF: Pass (protection.outlook.com: domain of fs.fed.us designates 199.135.140.17 as permitted sender) receiver=protection.outlook.com; client-ip=199.135.140.17; helo=mail.usda.gov;
Received: from mail.usda.gov (199.135.140.17) by BL2FFO11FD016.mail.protection.outlook.com (10.173.160.224) with Microsoft SMTP Server (TLS) id 15.1.184.11 via Frontend Transport; Wed, 3 Jun 2015 19:49:31 +0000
Received: from 001FSN2MPN1-046.001f.mgd2.msft.net ([169.254.6.131]) by 001FSN2MMR1-007.001f.mgd2.msft.net ([199.135.140.17]) with mapi id 14.03.0224.003; Wed, 3 Jun 2015 19:49:16 +0000
From: "Nordgren, Bryce L -FS" <bnordgren@fs.fed.us>
To: Trevor Freeman <trevor.freeman99@icloud.com>, "endymail@ietf.org" <endymail@ietf.org>
Thread-Topic: [Endymail] FW: Group/Enterprise encrypted email
Thread-Index: AdCaU4EBKI9vXfbmSrKplnpcKmT5cgCPeK3wABeENQAAG8dZUAAyKjMAAADg6CA=
Date: Wed, 03 Jun 2015 19:49:16 +0000
Message-ID: <82E7C9A01FD0764CACDD35D10F5DFB6E7E154A@001FSN2MPN1-046.001f.mgd2.msft.net>
References: <82E7C9A01FD0764CACDD35D10F5DFB6E7DFBBD@001FSN2MPN1-046.001f.mgd2.msft.net> <000d01d09cef$76039f10$620add30$@icloud.com> <82E7C9A01FD0764CACDD35D10F5DFB6E7E1094@001FSN2MPN1-046.001f.mgd2.msft.net> <007001d09e27$3c3083f0$b4918bd0$@icloud.com>
In-Reply-To: <007001d09e27$3c3083f0$b4918bd0$@icloud.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [166.7.27.143]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Microsoft-Exchange-Diagnostics: 1; BL2FFO11FD016; 1:X7lpxzj12bW6o4xd8rgr2r0KLgqwwIgwwUPFaxAJqH09q9DTzBeaU6Ye/W+wBOiu9oh2AapfV3TLy07rGn3YI9x1IwkHH0N95/Rx3+ZpAl1EMjm1u/e8XM8rka4V2lZVhDo0Ar6CMEpbK6hziNuYGNf//zAHMP5gYvsT9zzIUxnoRVIoQGE581BRcRionhVD25k35J/PjQF7cCRzwr9oiyZyJBOpwmX+LSu3ZBxqlgIDl7Wtj28yP4hu5bbG3b2X7gLaDDQAuRts718HPParC3wDGsvB1ZvEGcNPVFAyJRo=
X-Forefront-Antispam-Report: CIP:199.135.140.17; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10009020)(6009001)(438002)(164054003)(199003)(189002)(46102003)(33656002)(189998001)(23726002)(26826002)(97736004)(86362001)(86146001)(4001540100001)(107886002)(5890100001)(104016003)(62966003)(106466001)(47776003)(5001770100001)(74482002)(5001960100002)(64706001)(2501003)(50466002)(66066001)(5001860100001)(54356999)(97756001)(81156007)(46406003)(77156002)(22746005)(102836002)(2656002)(15975445007)(68736005)(22756005)(87936001)(19580395003)(76176999)(69596002)(5001830100001)(92566002)(50986999)(93886004)(6806004)(2900100001)(55846006)(2950100001)(2920100001)(7059030)(14444003)(80862005)(79686002); DIR:OUT; SFP:1101; SCL:1; SRVR:BLUPR06MB1825; H:mail.usda.gov; FPR:; SPF:Pass; PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en;
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BLUPR06MB1825;
X-Microsoft-Antispam-PRVS: <BLUPR06MB1825A3528FF21CB4D705B6B0E5B40@BLUPR06MB1825.namprd06.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(5005006)(520003)(3002001); SRVR:BLUPR06MB1825; BCL:0; PCL:0; RULEID:; SRVR:BLUPR06MB1825;
X-Forefront-PRVS: 05961EBAFC
X-OriginatorOrg: fs.fed.us
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Jun 2015 19:49:31.6753 (UTC)
X-MS-Exchange-CrossTenant-Id: 49808c08-7df8-4c41-af62-7a0827de9408
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=49808c08-7df8-4c41-af62-7a0827de9408; Ip=[199.135.140.17]; Helo=[mail.usda.gov]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLUPR06MB1825
Archived-At: <http://mailarchive.ietf.org/arch/msg/endymail/IR0aBhoqtHfaVw5nYQ06l_AsLzo>
Subject: Re: [Endymail] FW: Group/Enterprise encrypted email
X-BeenThere: endymail@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <endymail.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/endymail>, <mailto:endymail-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/endymail/>
List-Post: <mailto:endymail@ietf.org>
List-Help: <mailto:endymail-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/endymail>, <mailto:endymail-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jun 2015 19:51:07 -0000

Please forgive my organizations' utter reliance on an email client that can't even quote correctly. Not to mention it keeps trying to make hyperlinks in a plain text message.

> The technical specs are in a separate draft. We modified S/MIME but there is nothing 
> to stop this being applied to PGP.
> https://datatracker.ietf.org/doc/draft-schaad-plasma-cms/

Thanks. I'll put it on my list. Is this the correct place to provide feedback or is there another IETF list?

>Plasma does not attempt DRM in that it places no technical obligations on the receipt 
>when we release the decryption key. 
> ...
> So if you wanted to send content covered by a policy, you would get the same protection 
> and policy enforcement as if you published via the web.

I'm having a hard time wrapping my head around the notion of enforcement comingling with "no obligations on receipt" of the key. Enforcement is an obligation.

> Not all polices require a receipt list.

Why would you send something to someone if you weren't going to allow them to decrypt it? If you need finer grained control than an email list affords, perhaps an email list is not an appropriate solution. All email-related policies should require a recipient list, and in addition the policy's list should be synchronized with the email's recipient list (albeit, the policy can refer to the same list of people by non email identifiers). It's probably going to be hard enough just making sure that everyone's identifier somehow tracks back to their email address, and you're not giving away access to someone you didn't send the message to.

Section 4.1 seems too centered on the end user's ISP. I have a few email accounts, none of which are from my ISP. (gmail, yahoo, work, etc.) Suggest changing to "mail provider" or equivalent.

>From section 4.4.1: 

  (5)  Frank clicks the "send email" button. The client signs the email
       using his smart card private key and includes the certificate
       with the appropriate public key for verification of the signature
       by recipients. The client then encrypts the message and obtains a
       token for the message from a server that will enable the
       recipients' servers to enforce the access control requirements
       for Frank, and sends the email to his email server.

Unless the client is encrypting with Frank's smart card private key, I think it needs to contact "a server that will enable the recipients' servers to enforce the access control requirements" to obtain the encryption key. 

Editorial note: I think it would be helpful to define how many servers there are, what they are called, and the role for each one then use that nomenclature consistently throughout the use cases. I know you outlined a "generic access control model", and include a vocabulary, but the list appears to be missing the thing that makes and releases keys, which is kind of a cornerstone of this architecture. I'm also somewhat unclear as to how many of the "xx xx Point" items are servers, and which are clients.


  (7)  Once Grace has shown she passes the policy requirements, the PDEP
       releases the message Content Encryption Key (CEK) to Grace using
       her level 3 encryption certificate.

Does the PDEP do all the key management? (e.g., does Frank contact the PDEP to get a new key for his message?)

  (9)  The CEK Grace received has a Time To Live (TTL)  value which
       defines when Grace must discard the CEK and reapply for a new
       CEK.  

I'd like to point out that an adversary would just keep the CEK. Or make a plaintext/alternate ciphertext copy of the content while the CEK is still valid. 

Even with well behaved actors, in the case of attachments, it is likely that the attachment will have to be decrypted, saved on disk in plaintext, and opened with an external application. They have a "forever" copy even when the CEK expires. Why would they even notice that a CEK expired?

It is probably worth stressing in security considerations that the only rational assumption is: "once decrypted, always accessible". While the example is designed  to show that confidentiality policies change over time, the solution proposed by this system only allows for an expansion of the pool of actors in possession of your sensitive data, never a reduction. Ever. 

> Another aspect is Plasma allows for device attributes so before we 
> release the decryption key we can requires information about the 
> state of the environment. That way if the recipient is infected, we 
> can block decryption which is another plus for late binding. Again 
> his is option so for low assurance polices you probably not care. 

For high assurance policies, I would assume infected/malicious clients to be lying. Particularly if they were not administered by me, and probably even then. Should you ever expect any response other than "I'm healthy and you can trust me!"? Am I missing something? 

Thanks,
Bryce

v2.23.0 | Report a Bug | By Email