Re: [ietf-privacy] PPM Review of RFC 5068
S Moonesamy <sm+ietf@elandsys.com> Tue, 20 May 2014 12:28 UTC
Return-Path: <sm@elandsys.com>
X-Original-To: ietf-privacy@ietfa.amsl.com
Delivered-To: ietf-privacy@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3FC5D1A06D9 for <ietf-privacy@ietfa.amsl.com>; Tue, 20 May 2014 05:28:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.651
X-Spam-Level:
X-Spam-Status: No, score=-2.651 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 32s0e6yG_WdL for <ietf-privacy@ietfa.amsl.com>; Tue, 20 May 2014 05:28:07 -0700 (PDT)
Received: from mx.ipv6.elandsys.com (mx.ipv6.elandsys.com [IPv6:2001:470:f329:1::1]) by ietfa.amsl.com (Postfix) with ESMTP id 2BD6E1A06D0 for <ietf-privacy@ietf.org>; Tue, 20 May 2014 05:28:07 -0700 (PDT)
Received: from SUBMAN.elandsys.com ([197.224.130.52]) (authenticated bits=0) by mx.elandsys.com (8.14.5/8.14.5) with ESMTP id s4KCRspe028869 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf-privacy@ietf.org>; Tue, 20 May 2014 05:28:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=opendkim.org; s=mail2010; t=1400588885; bh=riIXh1ZVz06470G+/LJ+Lo0tLn46KXDubv5kYJmfR54=; h=Date:To:From:Subject:In-Reply-To:References; b=2KLcR7RamPsJeYnBuXzW8DRIlk9vTgg0xY9hXQna8pQMxzLoMjgmb7DKclGvktlek jvNJuwdManoZ9WmynRPWFuimTW7LdvXn1n9aXVrygmW8/ajkQjtID6P3gv3jvkCbmv 0WzWqLDn3BzbHUEr6y3JBRrlXS7UB/ru3Qf9hztI=
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=elandsys.com; s=mail; t=1400588885; i=@elandsys.com; bh=riIXh1ZVz06470G+/LJ+Lo0tLn46KXDubv5kYJmfR54=; h=Date:To:From:Subject:In-Reply-To:References; b=hBbKwgYDJVTD3h9SqHUCIrw8KW2ak09fw+nzSUNjmHZZxcRUh5EpGAZVTPYhbKZjt r24du/An76L2t+IPo+DXAMm8isx7lY1Tok9n48ySHTpx5RuM95x3fibJSBz05EBtEw wIhfWlq8Ys6pwHBhZfTH3YFNYlH+xliS8QwQWSxg=
Message-Id: <6.2.5.6.2.20140520044735.0b1285a0@resistor.net>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Tue, 20 May 2014 05:14:58 -0700
To: ietf-privacy@ietf.org
From: S Moonesamy <sm+ietf@elandsys.com>
In-Reply-To: <537B217B.8070605@cs.tcd.ie>
References: <537B217B.8070605@cs.tcd.ie>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf-privacy/sg0OCjqsDAi_C0zXn_fJ0QGciv0
Subject: Re: [ietf-privacy] PPM Review of RFC 5068
X-BeenThere: ietf-privacy@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Internet Privacy Discussion List <ietf-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-privacy/>
List-Post: <mailto:ietf-privacy@ietf.org>
List-Help: <mailto:ietf-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 May 2014 12:28:08 -0000
Hello,
I took a quick look at RFC 5068. In Section 3.1:
"For a reasonable period of time after submission, the message
SHOULD be traceable by the MSA operator to the authenticated
identity of the user who sent the message."
There is a typo in the above for NSA operator. :-)
"Such tracing MAY be based on transactional identifiers stored in
the headers (received lines, etc.) or other fields in the message,
on audit data stored elsewhere, or on any other mechanism that
supports sufficient post-submission accountability. The specific
length of time, after message submission, that traceability is
supported is not specified here. However, issues regarding transit
often occur as much as one week after submission."
The problem in the above (and the previously quoted paragraph) is
traceability and accountability. It should be possible to address
that without causing significant problems to the email infrastructure
as it does not entail protocol changes. There is already an identity
in the message header. It would be difficult to tackle
that. However, there isn't a need to disclose other identity
information (authenticated identity) in the message headers.
Section 4 mentions the following (Stephen mentioned that in his message):
"Examples include active privacy protection against third-party
content monitoring, timely processing, and being subject to the most
appropriate authentication and accountability protocols."
The problem here is that the user can be tricked into using a local
submission proxy. It is worthwhile to review that section and
provide some guidance if active privacy protection is the goal.
In Section 5:
"Mechanisms might also have to be used in combination with each other
to make a secure system. Organizations SHOULD choose the most secure
approaches that are practical."
The following does not provide much guidance to the
organization. The next paragaph in that section does mention that
"transmitting user credentials in clear text over insecure networks"
should be avoided.
The Security Considerations might not pass an Evaluation
nowadays. Note that I did review RFC 5068 previously and as I look
back I could say that I didn't do a good job. :-)
Regards,
S. Moonesamy
- [ietf-privacy] PPM Review of RFC 5068 Stephen Farrell
- Re: [ietf-privacy] PPM Review of RFC 5068 S Moonesamy
- Re: [ietf-privacy] PPM Review of RFC 5068 Stephen Farrell
- Re: [ietf-privacy] PPM Review of RFC 5068 S Moonesamy
- Re: [ietf-privacy] PPM Review of RFC 5068 Barry Leiba
- Re: [ietf-privacy] PPM Review of RFC 5068 Scott Brim