IETF Logo Mail Archive

Re: [Endymail] Improvements to S/MIME

Wei Chuang <weihaw@google.com> Sun, 14 September 2014 08:21 UTC

Return-Path: <weihaw@google.com>
X-Original-To: endymail@ietfa.amsl.com
Delivered-To: endymail@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A4BD1A02DB for <endymail@ietfa.amsl.com>; Sun, 14 Sep 2014 01:21:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.03
X-Spam-Level:
X-Spam-Status: No, score=-3.03 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-1.652, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lYJo3DOISAB8 for <endymail@ietfa.amsl.com>; Sun, 14 Sep 2014 01:21:42 -0700 (PDT)
Received: from mail-qg0-x229.google.com (mail-qg0-x229.google.com [IPv6:2607:f8b0:400d:c04::229]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 062131A02DA for <endymail@ietf.org>; Sun, 14 Sep 2014 01:21:41 -0700 (PDT)
Received: by mail-qg0-f41.google.com with SMTP id a108so2664011qge.14 for <endymail@ietf.org>; Sun, 14 Sep 2014 01:21:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=mUXkgo16Pdb32VLb/sz6JanUuhehn8m9Olalh4dN0OE=; b=RITrOiGzXn/dTswoW406QAYQ35pX8W+ET4Mw/Fp3fRci6NFBynaKCcfcB/KmjtoiMh QODtC+t6sN8d/ZoeBFGTgY5auQ2XgnIghFxLYcfXdWoM3U3s6rnjOm6B3ud2DXE6aokE 8pIAHI0HlE2bPWnifzrA6QEFl41UOvzfNQknxSGxRy/GW43IVG0m56b/0Ypi7ElfvgH0 WD2mGcOwUohq3U6wCRyFHUtx9I20E6hsALQBC7qEhKrjezvA3z3NGDy6o8+zmEA+WWOB 1mjvCBoACmfxe9Jdx1bWcRY5ZmcxjZFAewLI77KvZz3WYzhW2PFu3nEomQt3bTgSV0MV zh6g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=mUXkgo16Pdb32VLb/sz6JanUuhehn8m9Olalh4dN0OE=; b=Tpk7I+JtXh9ywM66LiWAyD2LEbeO1hZqKz6Mwpv8I2kLnJzOe6/xut0O8Fv1QJHvSq D3QYx1vRhTcy4n2/ATDTBSqNBsUfN+MncPXB6HAm/g0o/HXlAP590pwzdsk6mYXF9qOG 0EpqAGq17YPp2B8+3be+BBt66yWVw27TEPpTYfzHVrjI6UL9qLGOs9xZa5McBBxPadIp l1MFPSHlkSifdWH1ExsmZTUaF8qUSlYfOPmviC0IQt643wCCm7O9nbjsbyBGStezXLEp ACfdtEAPx3Ponk0yoI335VNU/vDimSRUo5H1M7N1e0/Mr002ukcxmr1u6eGNpxk2X3lG FyQg==
X-Gm-Message-State: ALoCoQke9NfVJycUCz9WDmsTFvz99AiHKwFmBzwKU4ZIW6lw+cPR8B98t1tfKkdkX2u0egqbwBoN
X-Received: by 10.140.96.200 with SMTP id k66mr28445390qge.78.1410682900961; Sun, 14 Sep 2014 01:21:40 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.229.116.71 with HTTP; Sun, 14 Sep 2014 01:21:19 -0700 (PDT)
In-Reply-To: <CAMm+LwivBifWKYMDBDocr4LCH40iVgP4zE2xXgEfkrb4bpN+Nw@mail.gmail.com>
References: <CAAFsWK0VtnVvKwvkC1kjK+yKORkADVW1cKDx7nQ1fxA=dpZeTQ@mail.gmail.com> <87sijvmmo5.fsf@vigenere.g10code.de> <CAMm+LwivBifWKYMDBDocr4LCH40iVgP4zE2xXgEfkrb4bpN+Nw@mail.gmail.com>
From: Wei Chuang <weihaw@google.com>
Date: Sun, 14 Sep 2014 01:21:19 -0700
Message-ID: <CAAFsWK1kZ6Hh9dEZiRrVJ1XaWWQmOMe2fp0174fPx3JzGsXTdg@mail.gmail.com>
To: Phillip Hallam-Baker <phill@hallambaker.com>
Content-Type: multipart/alternative; boundary="001a113968463402220503023516"
Archived-At: http://mailarchive.ietf.org/arch/msg/endymail/u4c0IYaRLDcihfn8AfHQZoC-WVA
Cc: Werner Koch <wk@gnupg.org>, endymail <endymail@ietf.org>
Subject: Re: [Endymail] Improvements to S/MIME
X-BeenThere: endymail@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <endymail.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/endymail>, <mailto:endymail-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/endymail/>
List-Post: <mailto:endymail@ietf.org>
List-Help: <mailto:endymail-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/endymail>, <mailto:endymail-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Sep 2014 08:21:43 -0000

On Sat, Sep 13, 2014 at 11:46 AM, Phillip Hallam-Baker <
phill@hallambaker.com> wrote:

> On Sat, Sep 13, 2014 at 1:54 PM, Werner Koch <wk@gnupg.org> wrote:
> > On Fri, 12 Sep 2014 19:48, weihaw@google.com said:
> >
> >> 1) S/MIME doesn't fully protect users mail envelope metadata.  For
> example
> >> the recipient and envelope-sender must be visible to the intermediate
> SMTP
> >
> > If you want that, it is easy to put the messaqge into a message/rfc822
> > mail container and use faked subject and other mailer header.
>
> Again there is a difference between what you can do and a standard.
>
> I think that 80% of what we need to do could be done in a profile of
> S/MIME that says stuff like
>
> * MUST support AES-128, AES-256
> * MUST support [choose order of encrypt + sign]
> * MUST support domain level certs for end entity
> * MUST support message/rfc822 encrypted payload
>
> What we need to add on top is really not so difficult:
>
> * Mechanism for discovering recipient encryption preference, format
> support (PGP/SMIME), algorithm support and encryption key
>

Two ideas:
1) DNS (either new TXT entry or new record type)
2) EHLO SMTP extension


> * Mechanism for direct trust, aka key fingerprint
> * Mechanism for private key maintenance
>

Is this issue key rotation?

-Wei

v2.23.0 | Report a Bug | By Email