Re: [Endymail] Improvements to S/MIME
Tom Mitchell <mitch@niftyegg.com> Mon, 15 September 2014 04:21 UTC
Return-Path: <mitch@niftyegg.com>
X-Original-To: endymail@ietfa.amsl.com
Delivered-To: endymail@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C229B1A0572 for <endymail@ietfa.amsl.com>; Sun, 14 Sep 2014 21:21:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IXKh3a0rHPh5 for <endymail@ietfa.amsl.com>; Sun, 14 Sep 2014 21:21:28 -0700 (PDT)
Received: from mail-oa0-f49.google.com (mail-oa0-f49.google.com [209.85.219.49]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E0351A01E0 for <endymail@ietf.org>; Sun, 14 Sep 2014 21:21:28 -0700 (PDT)
Received: by mail-oa0-f49.google.com with SMTP id m19so2168454oag.36 for <endymail@ietf.org>; Sun, 14 Sep 2014 21:21:27 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=951N9P2epLEOISKHCuSZO/dGyQFIHrIq2fa5K35BMoY=; b=Rn/7pa4qCgzKV+qZZekx4RCbtn34jUPT0D0c9h7O0QytzS+udweMjgzA0JEMxfblw6 clgInMXMgC/MuoWTEECIjadD0wpZDR+XQUuzL7lL37hUt1zK4df8BxKnL6Ww1AM7U+pw 6RpYvdb+skey09liO0PabtlR539Vp+0/r0/VlXp9E0X2H9ahVMekm4/USSe6cZ6imIA6 UHtXPcFub7rMPsWPtYCat/XHWkgxz34X0aZhXKL15A2Yon4EQnTHsw+JEaEJMK8aoPwE r5T61ljma1H03LEdImeYs/s0OPhDtxaxriDNCOOINMsiq9bKjlcuV1G8pk13/oU8JrdA aOMA==
X-Gm-Message-State: ALoCoQkw9Dr3RgerQCMWrIpqa1ElPM1hY155BzRt58M8WWs53DNXZGOWvdF7Yo5HclRE5xZ6gNH4
MIME-Version: 1.0
X-Received: by 10.60.130.170 with SMTP id of10mr24781879oeb.10.1410754887725; Sun, 14 Sep 2014 21:21:27 -0700 (PDT)
Received: by 10.182.98.48 with HTTP; Sun, 14 Sep 2014 21:21:27 -0700 (PDT)
In-Reply-To: <CAMm+LwhZ175wrn4cebRUx8AF665WVderSQ3A4e37khiaz29=Rw@mail.gmail.com>
References: <CAAFsWK0VtnVvKwvkC1kjK+yKORkADVW1cKDx7nQ1fxA=dpZeTQ@mail.gmail.com> <87sijvmmo5.fsf@vigenere.g10code.de> <CAAFsWK35dsKAzQaePRcYT8Nd+PD1w3AGf58S=-9u5AjcXgNhQQ@mail.gmail.com> <CAMm+LwhZ175wrn4cebRUx8AF665WVderSQ3A4e37khiaz29=Rw@mail.gmail.com>
Date: Sun, 14 Sep 2014 21:21:27 -0700
Message-ID: <CAAMy4URG_U_T6jxZqdss3FSoJfQiaCOGCq_EoVNUPeFabcm9MA@mail.gmail.com>
From: Tom Mitchell <mitch@niftyegg.com>
To: Phillip Hallam-Baker <phill@hallambaker.com>
Content-Type: multipart/alternative; boundary="089e013a110ef2cbb6050312f7d5"
Archived-At: http://mailarchive.ietf.org/arch/msg/endymail/chGBe-qrPH_oEVhSctmRsuaHdc8
Cc: Wei Chuang <weihaw@google.com>, Werner Koch <wk@gnupg.org>, endymail <endymail@ietf.org>
Subject: Re: [Endymail] Improvements to S/MIME
X-BeenThere: endymail@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <endymail.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/endymail>, <mailto:endymail-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/endymail/>
List-Post: <mailto:endymail@ietf.org>
List-Help: <mailto:endymail-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/endymail>, <mailto:endymail-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Sep 2014 04:24:14 -0000
On Sun, Sep 14, 2014 at 6:46 AM, Phillip Hallam-Baker <phill@hallambaker.com > wrote: > On Sun, Sep 14, 2014 at 4:13 AM, Wei Chuang <weihaw@google.com> wrote: > > On Sat, Sep 13, 2014 at 10:54 AM, Werner Koch <wk@gnupg.org> wrote: > >> On Fri, 12 Sep 2014 19:48, weihaw@google.com said: > >> > >> > 1) S/MIME doesn't fully protect users mail envelope metadata. For > >> > example > >> > the recipient and envelope-sender must be visible to the intermediate > >> > SMTP > >> > >> If you want that, it is easy to put the messaqge into a message/rfc822 > >> mail container and use faked subject and other mailer header. > > > > > > Right I agree that there is a RFC5751 sec 3.1 > > (http://tools.ietf.org/html/rfc5751#page-18 ) > ........... > I suggest that we stick to exchanging endymail with disclosure of the > routing information before we go on to the traffic analysis prevention > problem. Yes... One of the issues important hint for spam identification is routing information that is impossible from the stated sender. Prior to eliminating routing information it seems important that the message be self identifying and contain enough validation information to make opening a message from "Bob" a safe bet that it is infact from "Bob". If done correctly transport software can inspect a message and safely ignore adding or checking headers because crypto and message type removes this need. The reverse is not true as it opens a door for spam abuse. -- T o m M i t c h e l l
- [Endymail] Improvements to S/MIME Wei Chuang
- [Endymail] Improvements to S/MIME Arnt Gulbrandsen
- Re: [Endymail] Improvements to S/MIME Dave Crocker
- Re: [Endymail] Improvements to S/MIME Dave Crocker
- Re: [Endymail] Improvements to S/MIME Wei Chuang
- Re: [Endymail] Improvements to S/MIME Phillip Hallam-Baker
- Re: [Endymail] Improvements to S/MIME Werner Koch
- Re: [Endymail] Improvements to S/MIME Phillip Hallam-Baker
- Re: [Endymail] Improvements to S/MIME Wei Chuang
- Re: [Endymail] Improvements to S/MIME Wei Chuang
- Re: [Endymail] Improvements to S/MIME Werner Koch
- Re: [Endymail] Improvements to S/MIME Phillip Hallam-Baker
- Re: [Endymail] Improvements to S/MIME Cyrus Daboo
- Re: [Endymail] Improvements to S/MIME Phillip Hallam-Baker
- Re: [Endymail] Improvements to S/MIME Tom Mitchell
- Re: [Endymail] Improvements to S/MIME Phillip Hallam-Baker
- Re: [Endymail] Improvements to S/MIME Wei Chuang
- Re: [Endymail] Improvements to S/MIME Wei Chuang
- Re: [Endymail] Improvements to S/MIME Wei Chuang