Protocol Action: 'Header Protection for Cryptographically Protected E-mail' to Proposed Standard (draft-ietf-lamps-header-protection-25.txt)
The IESG <iesg-secretary@ietf.org> Fri, 10 January 2025 00:16 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: ietf-announce@ietf.org
Delivered-To: ietf-announce@ietfa.amsl.com
Received: from [10.244.8.241] (unknown [104.131.183.230]) by ietfa.amsl.com (Postfix) with ESMTP id 3C823C1E6415; Thu, 9 Jan 2025 16:16:13 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Subject: Protocol Action: 'Header Protection for Cryptographically Protected E-mail' to Proposed Standard (draft-ietf-lamps-header-protection-25.txt)
X-Test-IDTracker: no
X-IETF-IDTracker: 12.32.0
Auto-Submitted: auto-generated
Precedence: bulk
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-ID: <173646817289.188.4356428489582329733@dt-datatracker-57c4c68d9c-p9khg>
Date: Thu, 09 Jan 2025 16:16:12 -0800
Message-ID-Hash: EJ66IZKGHLYKK2M3TGBCKLVA3R3HUSBR
X-Message-ID-Hash: EJ66IZKGHLYKK2M3TGBCKLVA3R3HUSBR
X-MailFrom: iesg-secretary@ietf.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-ietf-announce.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: The IESG <iesg@ietf.org>, draft-ietf-lamps-header-protection@ietf.org, lamps-chairs@ietf.org, rdd@cert.org, rfc-editor@rfc-editor.org, spasm@ietf.org
X-Mailman-Version: 3.3.9rc6
List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-announce/a-0fBdO3D4fTb4I--W7VlByNYWM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-announce>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Owner: <mailto:ietf-announce-owner@ietf.org>
List-Post: <mailto:ietf-announce@ietf.org>
List-Subscribe: <mailto:ietf-announce-join@ietf.org>
List-Unsubscribe: <mailto:ietf-announce-leave@ietf.org>
The IESG has approved the following document: - 'Header Protection for Cryptographically Protected E-mail' (draft-ietf-lamps-header-protection-25.txt) as Proposed Standard This document is the product of the Limited Additional Mechanisms for PKIX and SMIME Working Group. The IESG contact persons are Paul Wouters, Deb Cooley and Roman Danyliw. A URL of this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-lamps-header-protection/ Technical Summary S/MIME version 3.1 introduced a mechanism to provide end-to-end cryptographic protection of e-mail message headers. However, few implementations generate messages using this mechanism, and several legacy implementations have revealed rendering or security issues when handling such a message. This document updates the S/MIME specification (RFC8551) to offer a different mechanism that provides the same cryptographic protections but with fewer downsides when handled by legacy clients. Furthermore, it offers more explicit usability, privacy, and security guidance for clients when generating or handling e-mail messages with cryptographic protection of message headers. The Header Protection scheme defined here is also applicable to messages with PGP/MIME cryptographic protections. Working Group Summary There was nothing notable in the WG review process. Refinements were made based on AD and ARTART IETF LC review. This document was initially scheduled for IESG Review as -20. However, it was pulled back to the WG and was run through another WGLC/IETF LC to confirm the changes made due to redesign during the ARTART review and early IESG balloting. Document Quality There has been some code written, but so far, vendors of major email user agents have not said whether they will implement. One did offer insightful review of the Internet-Draft during WG Last Call. Personnel The Document Shepherd for this document is Russ Housley. The Responsible Area Director is Roman Danyliw.