IETF Logo Mail Archive

Re: [ietf-822] A permission to re-sign header

Ned Freed <ned.freed@mrochek.com> Tue, 22 April 2014 03:09 UTC

Return-Path: <ned.freed@mrochek.com>
X-Original-To: ietf-822@ietfa.amsl.com
Delivered-To: ietf-822@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 932711A0024 for <ietf-822@ietfa.amsl.com>; Mon, 21 Apr 2014 20:09:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.274
X-Spam-Level:
X-Spam-Status: No, score=-2.274 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.272, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jJBVT63vS1Oc for <ietf-822@ietfa.amsl.com>; Mon, 21 Apr 2014 20:09:07 -0700 (PDT)
Received: from mauve.mrochek.com (mauve.mrochek.com [66.159.242.17]) by ietfa.amsl.com (Postfix) with ESMTP id 7CDF71A002A for <ietf-822@ietf.org>; Mon, 21 Apr 2014 20:09:04 -0700 (PDT)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01P6X5AY1AE80000CC@mauve.mrochek.com> for ietf-822@ietf.org; Mon, 21 Apr 2014 20:03:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mrochek.com; s=mauve; t=1398135835; bh=2clpdkDzU67nmPcU19bw/liQVMzTqgZluBoqnkF/wsA=; h=Cc:Date:From:Subject:In-reply-to:References:To; b=O6vs3PcTVinVdQaxfyqIGnjXP+pfYqypmKg7mrzGB2y/UcrzRBdRij96q6c6BHfVl NGFDJXAb+TsAzfWo478JwK7F13EpBHVz5IFnQb01imdch5LashwZWxKZsBqrjILfFX lvUv6zyEdfHTwKLSfaK1f7d/6XJjWYqsMl3Ynxdw=
MIME-version: 1.0
Content-type: TEXT/PLAIN; CHARSET="iso-8859-1"
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01P6WZAZ2YYO000052@mauve.mrochek.com>; Mon, 21 Apr 2014 20:03:52 -0700 (PDT)
Message-id: <01P6X5AW821O000052@mauve.mrochek.com>
Date: Mon, 21 Apr 2014 19:58:21 -0700
From: Ned Freed <ned.freed@mrochek.com>
In-reply-to: "Your message dated Sat, 19 Apr 2014 11:52:41 -0400" <20140419155241.GD31552@thunk.org>
References: <20140418021925.2979.qmail@joyce.lan> <53516FA7.3020507@qti.qualcomm.com> <alpine.BSF.2.00.1404181500430.5575@joyce.lan> <6411.1397912723@sandelman.ca> <20140419155241.GD31552@thunk.org>
To: Theodore Ts'o <tytso@mit.edu>
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf-822/n74s3_KDtllm_SfjOG-LERLU-AI
Cc: ietf-822@ietf.org, Michael Richardson <mcr+ietf@sandelman.ca>
Subject: Re: [ietf-822] A permission to re-sign header
X-BeenThere: ietf-822@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion of issues related to Internet Message Format \[RFC 822, RFC 2822, RFC 5322\]" <ietf-822.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-822>, <mailto:ietf-822-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-822/>
List-Post: <mailto:ietf-822@ietf.org>
List-Help: <mailto:ietf-822-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-822>, <mailto:ietf-822-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Apr 2014 03:09:08 -0000

> On Sat, Apr 19, 2014 at 09:05:23AM -0400, Michael Richardson wrote:
> >
> > Yes, in particular, it's quite likely both DKIM and S/MIME signatures will
> > not survive some things the mailing list might want to do, including:
> >
> > 1) removing html parts or other attachments
> > 2) formatting html part to text/plain
> > 3) formatting text/plain; format=outlook into proper format=flowed
> >

> We may need to consider whether this is something that we have to give
> up.  I'm not sure how important it is to allow mailing lists to remove
> html parts, etc.  If mailing lists need to simply reject messages that
> have html parts, there are mailing lists that do that already, just as
> their are mailing lists that reject messages that dont' meet other
> administrative prohibition --- such as the e-mail being too large, for
> example.

> There are mailing lists that want to "fix" broken messages, yes, but
> if we need to provide end-to-end assurance that the message really
> came from the originator, disallowing this behavior so that things
> like S/MIME and PGP signatures don't get broken might be an
> engineering tradeoff that we might have to make.

That's possible, but then you run into other problems. Take the issue
of adding a disclaimer. You can certainly do this without damaging
the S/MIME signature by converting a MIME structure of:

   multipart/signed
     text/html
     applciation/signature-whatever

to:

   multipart/mixed
     multipart/signed
       text/html
       applciation/signature-whatever
     text/plain - disclaimer

But then you have to take into account how this gets displayed, and what
it means when it is displayed.

And while you may be able to get lists to pass HTML through, reject messages
with attachments, and generally get to a place where S/MIME signatures can be
preserved, I don't think you'll be able to get rid of disclaimers.

				Ned

v2.23.0 | Report a Bug | By Email