Protocol Action: 'Header Protection for Cryptographically Protected E-mail' to Proposed Standard (draft-ietf-lamps-header-protection-25.txt)

The IESG <iesg-secretary@ietf.org> Fri, 10 January 2025 00:16 UTC

Return-Path: <iesg-secretary@ietf.org>
X-Original-To: ietf-announce@ietf.org
Delivered-To: ietf-announce@ietfa.amsl.com
Received: from [10.244.8.241] (unknown [104.131.183.230]) by ietfa.amsl.com (Postfix) with ESMTP id 3C823C1E6415; Thu, 9 Jan 2025 16:16:13 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Subject: Protocol Action: 'Header Protection for Cryptographically Protected E-mail' to Proposed Standard (draft-ietf-lamps-header-protection-25.txt)
X-Test-IDTracker: no
X-IETF-IDTracker: 12.32.0
Auto-Submitted: auto-generated
Precedence: bulk
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-ID: <173646817289.188.4356428489582329733@dt-datatracker-57c4c68d9c-p9khg>
Date: Thu, 09 Jan 2025 16:16:12 -0800
Message-ID-Hash: EJ66IZKGHLYKK2M3TGBCKLVA3R3HUSBR
X-Message-ID-Hash: EJ66IZKGHLYKK2M3TGBCKLVA3R3HUSBR
X-MailFrom: iesg-secretary@ietf.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-ietf-announce.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: The IESG <iesg@ietf.org>, draft-ietf-lamps-header-protection@ietf.org, lamps-chairs@ietf.org, rdd@cert.org, rfc-editor@rfc-editor.org, spasm@ietf.org
X-Mailman-Version: 3.3.9rc6
List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-announce/a-0fBdO3D4fTb4I--W7VlByNYWM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-announce>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Owner: <mailto:ietf-announce-owner@ietf.org>
List-Post: <mailto:ietf-announce@ietf.org>
List-Subscribe: <mailto:ietf-announce-join@ietf.org>
List-Unsubscribe: <mailto:ietf-announce-leave@ietf.org>

The IESG has approved the following document:
- 'Header Protection for Cryptographically Protected E-mail'
  (draft-ietf-lamps-header-protection-25.txt) as Proposed Standard

This document is the product of the Limited Additional Mechanisms for PKIX
and SMIME Working Group.

The IESG contact persons are Paul Wouters, Deb Cooley and Roman Danyliw.

A URL of this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-lamps-header-protection/




Technical Summary

   S/MIME version 3.1 introduced a mechanism to provide end-to-end
   cryptographic protection of e-mail message headers.  However, few
   implementations generate messages using this mechanism, and several
   legacy implementations have revealed rendering or security issues
   when handling such a message.

   This document updates the S/MIME specification (RFC8551) to offer a
   different mechanism that provides the same cryptographic protections
   but with fewer downsides when handled by legacy clients.
   Furthermore, it offers more explicit usability, privacy, and security
   guidance for clients when generating or handling e-mail messages with
   cryptographic protection of message headers.

   The Header Protection scheme defined here is also applicable to
   messages with PGP/MIME cryptographic protections.

Working Group Summary

There was nothing notable in the WG review process.  Refinements were made based on AD and ARTART IETF LC review.  

This document was initially scheduled for IESG Review as -20.  However, it was pulled back to the WG and was run through another WGLC/IETF LC to confirm the changes made due to redesign during the ARTART review and early IESG balloting.

Document Quality

   There has been some code written, but so far, vendors of major email user
   agents have not said whether they will implement. One did offer insightful
   review of the Internet-Draft during WG Last Call.

Personnel

The Document Shepherd for this document is Russ Housley. 

The Responsible Area Director is Roman Danyliw.