IETF Logo Mail Archive

Re: Requesting comments on draft-cheney-safe-02.txt

Alessandro Vesely <vesely@tana.it> Fri, 31 July 2009 07:12 UTC

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n6V7CxlM046115 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 31 Jul 2009 00:12:59 -0700 (MST) (envelope-from owner-ietf-smtp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n6V7CxYi046114; Fri, 31 Jul 2009 00:12:59 -0700 (MST) (envelope-from owner-ietf-smtp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smtp@mail.imc.org using -f
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n6V7CnBn046103 for <ietf-smtp@imc.org>; Fri, 31 Jul 2009 00:12:56 -0700 (MST) (envelope-from vesely@tana.it)
Received: from mach-4.tana.it (mach-4.tana.it [194.243.254.189]) (AUTH: CRAM-MD5 ale@tana.it, TLS: TLS1.0,256bits,RSA_AES_256_CBC_SHA1) by wmail.tana.it with esmtp; Fri, 31 Jul 2009 09:12:48 +0200 id 00000000005DC031.000000004A729970.00007CC0
Message-ID: <4A729978.5030209@tana.it>
Date: Fri, 31 Jul 2009 09:12:56 +0200
From: Alessandro Vesely <vesely@tana.it>
User-Agent: Thunderbird 2.0.0.22 (Macintosh/20090605)
MIME-Version: 1.0
To: "Cheney, Edward A SSG RES USAR USARC" <austin.cheney@us.army.mil>
CC: ietf-smtp@imc.org
Subject: Re: Requesting comments on draft-cheney-safe-02.txt
References: <f6fecbd18af7.4a721c99@us.army.mil> <4A720D35.1000306@cybernothing.org> <f6e091e580a6.4a7258af@us.army.mil>
In-Reply-To: <f6e091e580a6.4a7258af@us.army.mil>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-smtp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smtp/mail-archive/>
List-ID: <ietf-smtp.imc.org>
List-Unsubscribe: <mailto:ietf-smtp-request@imc.org?body=unsubscribe>

Cheney, Edward A SSG RES USAR USARC wrote:
> The idea is that security vulnerabilities on the internet occur most significantly as a result of client-side scripting [...]  Client-side scripting cannot be removed unless an alternative convention is proposed.
> 
> [...] The idea is that interactivity from client-side scripting can be replaced by transaction interactivity.  Since mail servers are intermediate agents [...]

Apparently, moving scripts execution to mail servers would also 
transfer vulnerability issues along the same path. Is it difficult 
to state whether a compromised server is better than a compromised 
client, but it is certainly better if at least one of them is not 
compromised. (Considering that many mail server also function as 
http servers, for handling email via web forms, it seems unlikely 
that the vulnerability added to the servers would thus be removed 
from the clients.)

In addition, it may be overly difficult to obtain real interactivity 
without local scripting. Indeed, the draft defines what minimal code 
a client has to be allowed to execute. Allowing some more seems 
likely to come as an optional feature...

Finally, if the model is meant for widespread use, it shouldn't rely 
on users' ability to obtain and maintain CA certificates on their 
clients, or similar requirements, whose fulfillment doesn't seem 
more likely than S/MIME or PGP deployment. IMHO, ensuring that the 
server who has relayed the message is vouched for sending 
transactions by a trusted authority may be more viable (see RFC 
5518). I would additionally provide for an SMTP extension whereby 
that relaying server grants that it knows where the message has 
originated from, and takes accountability for its content.

v2.23.0 | Report a Bug | By Email