[Extra] Choosing between the S/MIME drafts
Bron Gondwana <brong@fastmailteam.com> Thu, 21 March 2024 00:42 UTC
Return-Path: <brong@fastmailteam.com>
X-Original-To: extra@ietfa.amsl.com
Delivered-To: extra@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE78DC14F682 for <extra@ietfa.amsl.com>; Wed, 20 Mar 2024 17:42:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmailteam.com header.b="sDD8qyIa"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="K4qrZoNH"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GhwZnAEAaLdX for <extra@ietfa.amsl.com>; Wed, 20 Mar 2024 17:42:27 -0700 (PDT)
Received: from fhigh4-smtp.messagingengine.com (fhigh4-smtp.messagingengine.com [103.168.172.155]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA55FC14F70F for <extra@ietf.org>; Wed, 20 Mar 2024 17:42:26 -0700 (PDT)
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailfhigh.nyi.internal (Postfix) with ESMTP id EB86411400D0 for <extra@ietf.org>; Wed, 20 Mar 2024 20:42:25 -0400 (EDT)
Received: from imap43 ([10.202.2.93]) by compute5.internal (MEProxy); Wed, 20 Mar 2024 20:42:25 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= fastmailteam.com; h=cc:content-type:content-type:date:date:from :from:in-reply-to:message-id:mime-version:reply-to:subject :subject:to:to; s=fm3; t=1710981745; x=1711068145; bh=iX7mJQ3XXj Q/Rw/sB2DlGaTlEoTH3cIPb4o8fHifY34=; b=sDD8qyIa088SQrgmVQObHCvg2r EWrMjiytBKoqgqcX0CC2JeEKiDmgGeT+hPMeMhHKneXnsQEsTD4Qie9tb50VDaDY xFtu+4CRa3DRnlACmXMV0T7e1PxX/bscwhVreMHJywiAtLN5PU2kaqloz6gfR297 kLa8ij1wt4PKQbwKS1OsajhFhTOJ9Ne8CzxppALE4e/VNESZkzZAKOOhy4mYO5vN zPB5nPNjHBoEfkxFaPRldNLcSerojT23LOeJfR3JmZWF1Ddg8WQ8d3t3n8ZoE0xQ kuXAM5XWNOlP8d+ujO4m9UCLMheCVTG0+TpjRXk8Spp2KKVXxg7c9LxFnsKg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:message-id :mime-version:reply-to:subject:subject:to:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t= 1710981745; x=1711068145; bh=iX7mJQ3XXjQ/Rw/sB2DlGaTlEoTH3cIPb4o 8fHifY34=; b=K4qrZoNHYnLVmtrvNy03qw96GxdwELCngJEPierVnUKF680mKaa wur010/Ivl4AKbKXyVw0Uoi9RgHHRXNFAREQIKs4GupqJfu1iLw+XR249spe3ryK lCTfA/Nm3TyMDOHtA5wlTATNZ3LMTCc/VhdviDm72kj+jXY7i2NtzsECzh3cbnKw MJBHImwi1Z8nrupwGCzch1vp9wvdkLXZITxbWD7gDI3eH9K4KAgIyRitAIlpjKPk pXQDpDyhIfEW9dwOzFqXJF9KUCnHkgJHoWYZKAPExkylGB5/YeHn3w+MzimYW8kd 9+VW5IwniSdeSSRTko1J4RwslNQbdZFcVPA==
X-ME-Sender: <xms:cYL7ZXhd7jCVmXL-AAZ8MI9DsqipLx7QcAcmWxl-65whU3pl5euemQ> <xme:cYL7ZUC4DYAdUbd8bdKph19X3HUjWcs9JYuXm2RqstEY327YLGPjrkqj5QLEHXe0R CH2lLHVzuw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrleehgddvhecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkfffhvffutgesrgdtreerre ertdenucfhrhhomhepfdeurhhonhcuifhonhgufigrnhgrfdcuoegsrhhonhhgsehfrghs thhmrghilhhtvggrmhdrtghomheqnecuggftrfgrthhtvghrnhephfejheekjeekheevue dtjeetiefhffefudeitddtjefhleetveeuheduledtueffnecuffhomhgrihhnpehivght fhdrohhrghenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhroh hmpegsrhhonhhgsehfrghsthhmrghilhhtvggrmhdrtghomh
X-ME-Proxy: <xmx:cYL7ZXFLwSsE-5MBm5eQ-KZvNY_gNk91vrb7cb7hnLO-HwHq1PXUpQ> <xmx:cYL7ZUQRJBqd7L_RQKNv_p-pCoXHr67EagGQxJ3GYjJ4iDG2vzjsew> <xmx:cYL7ZUw20qdVJ_M62Jfaanvu-DeucBnm5IlksGCwGa2yehO5jerOwg> <xmx:cYL7Za4CQMjg3cv1AgfLNC-EUhAX0j_FLIYj-CDvB86a9QjuV-eaDg> <xmx:cYL7ZaYFaPAnX_oLbngKqADjDrPIb2WbExdeR2jP0IlqU_ppiP2L3A>
Feedback-ID: i2d7042ce:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501) id AF0472D4007D; Wed, 20 Mar 2024 20:42:25 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.11.0-alpha0-332-gdeb4194079-fm-20240319.002-gdeb41940
MIME-Version: 1.0
Message-Id: <aa911ff1-fe35-4e67-b7c5-d0bd31014526@app.fastmail.com>
Date: Thu, 21 Mar 2024 10:42:05 +1000
From: Bron Gondwana <brong@fastmailteam.com>
To: extra@ietf.org
Content-Type: multipart/alternative; boundary="9787758c641b4591a5d6ae324ec8468c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/extra/TCHBjbCE649e_ZrC4B__fz5_ZOI>
Subject: [Extra] Choosing between the S/MIME drafts
X-BeenThere: extra@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Email mailstore and eXtensions To Revise or Amend <extra.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/extra>, <mailto:extra-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/extra/>
List-Post: <mailto:extra@ietf.org>
List-Help: <mailto:extra-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/extra>, <mailto:extra-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Mar 2024 00:42:31 -0000
Hi All, Jim and I have discussed, and don't believe that - as chairs - it is our position to choose which approach to take. This is something that belongs to consensus of the group. So removing my chair hat, here's what I see as most "jmappy". When we create an email using Email/set - we don't define the exact MIME structure, we describe the elements of the email and have the server generate MIME. Likewise, when we ask for Protection on an email, my preference as a JMAP enthusiast is that we don't specify the exact algorithm, whether it's sign-encrypt-sign or just encrypt-sign, etc. We just request the server do the currently defined thing. Basically, the client just asks for: protection: null / 'automatic' | 'unprotected' | 'verified' | 'confidential' With these name meaning things as per e2-guidance <https://datatracker.ietf.org/doc/draft-ietf-lamps-e2e-mail-guidance/>. Automatic is "server chooses the default for this recipient", and NULL or missing key means "automatic", such that a client naive of this specification might wind up creating emails which all get sent `verified` if that's the server default, but a client can also choose to turn that off (again; the server could reject that! It could say it has a policy of only sending protected messages). Potentially we could have a separate draft for "S/MIME configuration" allowing a client to update the server settings for what the server should do in terms of the MIME structure generated for those different protection levels; if there's an agreement on what those options should be. But the most basic level should be a way to tell the server to do the configured current best practice for each of the enumerated types of protection. The protection values would be a registry with "RFC required" as the policy for adding new values. Bron. -- Bron Gondwana, CEO, Fastmail Pty Ltd brong@fastmailteam.com
- [Extra] Choosing between the S/MIME drafts Bron Gondwana
- Re: [Extra] Choosing between the S/MIME drafts Ken Murchison