IETF Logo Mail Archive

Re: [Endymail] Improvements to S/MIME

Wei Chuang <weihaw@google.com> Tue, 16 September 2014 17:06 UTC

Return-Path: <weihaw@google.com>
X-Original-To: endymail@ietfa.amsl.com
Delivered-To: endymail@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D66021A885D for <endymail@ietfa.amsl.com>; Tue, 16 Sep 2014 10:06:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.03
X-Spam-Level:
X-Spam-Status: No, score=-3.03 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-1.652, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lo2crfcmXzW6 for <endymail@ietfa.amsl.com>; Tue, 16 Sep 2014 10:06:26 -0700 (PDT)
Received: from mail-qg0-x236.google.com (mail-qg0-x236.google.com [IPv6:2607:f8b0:400d:c04::236]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D6A621A8870 for <endymail@ietf.org>; Tue, 16 Sep 2014 10:06:25 -0700 (PDT)
Received: by mail-qg0-f54.google.com with SMTP id z60so206910qgd.27 for <endymail@ietf.org>; Tue, 16 Sep 2014 10:06:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=hFKIvg1P8Iv74nXFd6lhxnJ+leISf0ZlAAN5ekdZxAU=; b=Vzkl/nifTN52SQZln3q0wYSvB0nT5Pn4ySuXeR7bQnwX2JUomVihO9HIvtCEdcz3fH ftWhgH3IPTylg+TOqTycudSpdej4qJL9zZ5a3Mb0TG4qDQIIIZm3zS1L6wx0FpI5vUU3 1BYNa5JinfIUjiAs/DOzFTI0pN3/YK/72Q8hdYCQdQjD69HaXft0mGFoPXVffDbN3y0d GY4MMHqyh9s9vDSZNMA6rZcvwZi15ohEvQBqyFVomqYRCtp/JtSPFNOLPmNyfsCO4mGX PHxlonMCzIu+HEmJbRq1c/9Atw6VfF+xLR7NuT7ECIP3pk6R5wI6YBkMGDjzyqgZ52mD 1xYQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=hFKIvg1P8Iv74nXFd6lhxnJ+leISf0ZlAAN5ekdZxAU=; b=EWrhVkiJkppYNTzrA1IF4SQqS7tdcownLRuZnXTXtKzAbHE7fXLy/7ozElaoZHAW1q Wmz30cfzF5ZOkXbbompgAsaOFHtMW7uYyTqpX56KKv6XEQCNCtjUFKPqYc3ja++CP0c1 8DVjYj1qkQuzFzzP9gibxdMhBdQxjAarkcv5Q2GnNsd4jQdxyGnOrXmBnPmuhKImsDMp gz4DejYgVOSIe2yYTGPf4rw7rBfLaRjeFuVHRYc2drgvIwZjrLAdWgUoyaPGvGaCDS+r TafzFwcfrNpansXB8vmL6LYYVwXCXlUDYfFd4WWV/Eo9++uakr9+gr9cabEifIkk2GRa MxtA==
X-Gm-Message-State: ALoCoQnvagOUyUO9AE11QnVs0NVC++OGngS8jbCtzJUlxqbeCSiIg6YFk3bVaaDOieO3KuTwpaQb
X-Received: by 10.140.42.246 with SMTP id c109mr53133329qga.9.1410887185018; Tue, 16 Sep 2014 10:06:25 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.229.116.71 with HTTP; Tue, 16 Sep 2014 10:06:04 -0700 (PDT)
In-Reply-To: <CAAFsWK35dsKAzQaePRcYT8Nd+PD1w3AGf58S=-9u5AjcXgNhQQ@mail.gmail.com>
References: <CAAFsWK0VtnVvKwvkC1kjK+yKORkADVW1cKDx7nQ1fxA=dpZeTQ@mail.gmail.com> <87sijvmmo5.fsf@vigenere.g10code.de> <CAAFsWK35dsKAzQaePRcYT8Nd+PD1w3AGf58S=-9u5AjcXgNhQQ@mail.gmail.com>
From: Wei Chuang <weihaw@google.com>
Date: Tue, 16 Sep 2014 10:06:04 -0700
Message-ID: <CAAFsWK0AKKpvFtdWkeT19msFE4n4beZhh-_7edeXKigPbCe=nQ@mail.gmail.com>
To: Werner Koch <wk@gnupg.org>
Content-Type: multipart/alternative; boundary="001a113a7bda7b63e7050331c5ec"
Archived-At: http://mailarchive.ietf.org/arch/msg/endymail/xT0micTDkA3J6iGvSt12eFsnqdc
Cc: endymail <endymail@ietf.org>
Subject: Re: [Endymail] Improvements to S/MIME
X-BeenThere: endymail@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <endymail.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/endymail>, <mailto:endymail-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/endymail/>
List-Post: <mailto:endymail@ietf.org>
List-Help: <mailto:endymail-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/endymail>, <mailto:endymail-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Sep 2014 17:06:29 -0000

On Sun, Sep 14, 2014 at 1:13 AM, Wei Chuang <weihaw@google.com> wrote:

>
>
> On Sat, Sep 13, 2014 at 10:54 AM, Werner Koch <wk@gnupg.org> wrote:
>
>> On Fri, 12 Sep 2014 19:48, weihaw@google.com said:
>>
>> > 1) S/MIME doesn't fully protect users mail envelope metadata.  For
>> example
>> > the recipient and envelope-sender must be visible to the intermediate
>> SMTP
>>
>> If you want that, it is easy to put the messaqge into a message/rfc822
>> mail container and use faked subject and other mailer header.
>>
>
> Right I agree that there is a RFC5751 sec 3.1 (
> http://tools.ietf.org/html/rfc5751#page-18 ) that mentions the
> message/rfc822, but unless I'm missing something one still has to specify
> the intended recipient, and a return path.  Even if the body and most
> headers were wrapped hence private, an adversary could still find the
> sender/recipient information very useful.
>
> Another issue albeit a small one with message/rfc822, was what to do if
> the headers conflicted between the outer and inner messages.
>

Just wanted to point out that wrapping using message/rfc822 may have
problems.  In another thread regarding DMARC damage, one proposed
mitigation is also to wrap the message but was noted that this could open
the recipient to phishing attacks due to mishandling of headers by the
recipients MUA.

See http://www.ietf.org/mail-archive/web/ietf/current/msg89601.html

John Levine suggested there using other options for mitigating against
DMARC.  In the S/MIME context I don't think that's possible to avoid
wrapping if one wants to protect the headers, so work will have to be done
to prevent opening a phishing vector.

-Wei


>
> -Wei
>
>
>>
>>
>> Salam-Shalom,
>>
>>    Werner
>>
>> --
>> Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
>>
>>
>

v2.23.0 | Report a Bug | By Email