Re: [Endymail] Improvements to S/MIME
Phillip Hallam-Baker <phill@hallambaker.com> Sun, 14 September 2014 13:46 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: endymail@ietfa.amsl.com
Delivered-To: endymail@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66C301A038A for <endymail@ietfa.amsl.com>; Sun, 14 Sep 2014 06:46:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DoBtHXhc0KRo for <endymail@ietfa.amsl.com>; Sun, 14 Sep 2014 06:46:20 -0700 (PDT)
Received: from mail-la0-x232.google.com (mail-la0-x232.google.com [IPv6:2a00:1450:4010:c03::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 882D51A0380 for <endymail@ietf.org>; Sun, 14 Sep 2014 06:46:19 -0700 (PDT)
Received: by mail-la0-f50.google.com with SMTP id ty20so3289784lab.9 for <endymail@ietf.org>; Sun, 14 Sep 2014 06:46:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=IlPhkwo2sZ8BOBkVRn+1b+eQfrf2R2SkpkLnU2qIA5k=; b=VzEr5NGybKOcR5f5Ys3mIqAoaRZhGASs2n/as5RbBCIXstZNlZl6j1j6omaIT1oRan 1S2yn5wAv7j3t4RkNLuO1fQP8g2Sx/vTWEq7lUJZPUpU9oiF3tPpivzNbk/ujB3g/obz 47qITJB6QpHGOv7aIKefxJTmv1LbIjZksPaM64tkLsi9cixBUDYHcHEkeVyP3ijAUZcg uTh3knL/e9T1rXYV4iMBqEtKF3+mMjv99oTXBxNnXm5SC47NIEVV+cqAGyNADO6CXLcP pAW2OA6mRTb2v4YBnHKxN2x8RL03pRrxnIlVk8aL28V1UqMD5lReQSGhVNH68baYbasM E8gw==
MIME-Version: 1.0
X-Received: by 10.112.210.138 with SMTP id mu10mr2193591lbc.81.1410702377873; Sun, 14 Sep 2014 06:46:17 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.122.51 with HTTP; Sun, 14 Sep 2014 06:46:17 -0700 (PDT)
In-Reply-To: <CAAFsWK35dsKAzQaePRcYT8Nd+PD1w3AGf58S=-9u5AjcXgNhQQ@mail.gmail.com>
References: <CAAFsWK0VtnVvKwvkC1kjK+yKORkADVW1cKDx7nQ1fxA=dpZeTQ@mail.gmail.com> <87sijvmmo5.fsf@vigenere.g10code.de> <CAAFsWK35dsKAzQaePRcYT8Nd+PD1w3AGf58S=-9u5AjcXgNhQQ@mail.gmail.com>
Date: Sun, 14 Sep 2014 09:46:17 -0400
X-Google-Sender-Auth: 8kzV5mFf7fAI8cYmR08L4gqvOSI
Message-ID: <CAMm+LwhZ175wrn4cebRUx8AF665WVderSQ3A4e37khiaz29=Rw@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Wei Chuang <weihaw@google.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/endymail/V74xyQqHtpzbLW9HXBWqiEjZ5g8
Cc: Werner Koch <wk@gnupg.org>, endymail <endymail@ietf.org>
Subject: Re: [Endymail] Improvements to S/MIME
X-BeenThere: endymail@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <endymail.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/endymail>, <mailto:endymail-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/endymail/>
List-Post: <mailto:endymail@ietf.org>
List-Help: <mailto:endymail-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/endymail>, <mailto:endymail-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Sep 2014 13:46:21 -0000
On Sun, Sep 14, 2014 at 4:13 AM, Wei Chuang <weihaw@google.com> wrote: > > > On Sat, Sep 13, 2014 at 10:54 AM, Werner Koch <wk@gnupg.org> wrote: >> >> On Fri, 12 Sep 2014 19:48, weihaw@google.com said: >> >> > 1) S/MIME doesn't fully protect users mail envelope metadata. For >> > example >> > the recipient and envelope-sender must be visible to the intermediate >> > SMTP >> >> If you want that, it is easy to put the messaqge into a message/rfc822 >> mail container and use faked subject and other mailer header. > > > Right I agree that there is a RFC5751 sec 3.1 > (http://tools.ietf.org/html/rfc5751#page-18 ) that mentions the > message/rfc822, but unless I'm missing something one still has to specify > the intended recipient, and a return path. Even if the body and most > headers were wrapped hence private, an adversary could still find the > sender/recipient information very useful. I suggest that we stick to exchanging endymail with disclosure of the routing information before we go on to the traffic analysis prevention problem. It is possible to prevent traffic analysis but that is a transport issue pretty much by definition. So it would suggest we look at S/MIME + TLS rather than one alone. And if they don't serve then we look at Tor and Mixmaster...
- [Endymail] Improvements to S/MIME Wei Chuang
- [Endymail] Improvements to S/MIME Arnt Gulbrandsen
- Re: [Endymail] Improvements to S/MIME Dave Crocker
- Re: [Endymail] Improvements to S/MIME Dave Crocker
- Re: [Endymail] Improvements to S/MIME Wei Chuang
- Re: [Endymail] Improvements to S/MIME Phillip Hallam-Baker
- Re: [Endymail] Improvements to S/MIME Werner Koch
- Re: [Endymail] Improvements to S/MIME Phillip Hallam-Baker
- Re: [Endymail] Improvements to S/MIME Wei Chuang
- Re: [Endymail] Improvements to S/MIME Wei Chuang
- Re: [Endymail] Improvements to S/MIME Werner Koch
- Re: [Endymail] Improvements to S/MIME Phillip Hallam-Baker
- Re: [Endymail] Improvements to S/MIME Cyrus Daboo
- Re: [Endymail] Improvements to S/MIME Phillip Hallam-Baker
- Re: [Endymail] Improvements to S/MIME Tom Mitchell
- Re: [Endymail] Improvements to S/MIME Phillip Hallam-Baker
- Re: [Endymail] Improvements to S/MIME Wei Chuang
- Re: [Endymail] Improvements to S/MIME Wei Chuang
- Re: [Endymail] Improvements to S/MIME Wei Chuang