IETF Logo Mail Archive

Re: [imapext] General Request for Assignment (imap-keywords) (was: [JMAP] SMIME Attachments)

Bron Gondwana <brong@fastmailteam.com> Wed, 15 November 2017 00:17 UTC

Return-Path: <brong@fastmailteam.com>
X-Original-To: imapext@ietfa.amsl.com
Delivered-To: imapext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2EB4E128896 for <imapext@ietfa.amsl.com>; Tue, 14 Nov 2017 16:17:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.72
X-Spam-Level:
X-Spam-Status: No, score=-2.72 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmailteam.com header.b=tNsRVhb3; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=ez35c9yQ
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 27lW6n1WVwwI for <imapext@ietfa.amsl.com>; Tue, 14 Nov 2017 16:17:51 -0800 (PST)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7C1A0127369 for <imapext@ietf.org>; Tue, 14 Nov 2017 16:17:51 -0800 (PST)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id DC76420C6D for <imapext@ietf.org>; Tue, 14 Nov 2017 19:17:50 -0500 (EST)
Received: from web6 ([10.202.2.216]) by compute6.internal (MEProxy); Tue, 14 Nov 2017 19:17:50 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= fastmailteam.com; h=content-transfer-encoding:content-type:date :from:in-reply-to:message-id:mime-version:references:subject:to :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=NR4q9gq1VFG1Xhffl 8y9GzuNDPaR9ZTJS2ZJL3f6P5k=; b=tNsRVhb3JVbPtqMc2OTuN8XomaTwNcoqV Bn1zPcfvFj6Z244atr8ipDwf9S/mSoQwcUFl8pSYcWgT06fgKml3vpLXuWnnzl8a Cf/aAQQqCWAikvbpMmi762WicrnCcX8vSmWllbjkx+o/dxyAn3e+ggjSS42kxCeq ZZHC14qeFRDxk59zcD/zKIVZByIyqkCzH29zhLbVlhqBhbewMxY6CRs5l4AQCfGn aRDYhEVpiz8it3ll7HO5NGpM4qTqyJjC54tJO4An3AMtIJpin5WhWlExUZUMoGQj u7ULX5WG3Uaxu+68QcBKLBbfduBLDYOaJKdFgdo4dEt9JSVSRH/sQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=NR4q9g q1VFG1Xhffl8y9GzuNDPaR9ZTJS2ZJL3f6P5k=; b=ez35c9yQN9nU6hwMXQSjYt aJ+Zasc2mbacQdyX0xfH6swt6WOEA0gPUM5nZRS4ulzGM4P1roOSC71BC0HNGp3D xsIuDCZ4QDkkMVO8jcxiwEACcg23QFs1oc9SdlMp+A/KubWiIWuSeFDalB0rMWX4 CDcLoq+oCq+2IAd2X9ajiG8tZgjcIBiSFUtm3dFPWkeN91VCUfhottk6opyIljFz wHXqVgIMppHxblKCY9PzovRIdZ0Gve0whE/Af8UtoTY03C88lQH9aGRBCZmE0xOd chxmNAhaE8l5NoDOGHfapDhLN+i6REqwo1I/Za6HYD8TijxmQqWYHCo5Qg6mLrPA ==
X-ME-Sender: <xms:rocLWr3sXhpIH_58m9MQszn2IYXIL5kW_YTnu9pJ7kXuup19HVuqEg>
Received: by mailuser.nyi.internal (Postfix, from userid 99) id B7EE048020; Tue, 14 Nov 2017 19:17:50 -0500 (EST)
Message-Id: <1510705070.1780599.1172765248.174C2DDF@webmail.messagingengine.com>
From: Bron Gondwana <brong@fastmailteam.com>
To: imapext@ietf.org
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: multipart/alternative; boundary="_----------=_151070507017805990"
X-Mailer: MessagingEngine.com Webmail Interface - ajax-f89283c9
Date: Wed, 15 Nov 2017 11:17:50 +1100
References: <CACZ1GipM4+91KL00_YDcUHSF0eVnjh8vZAddbk869O4J1w9ZfA@mail.gmail.com> <c2f0b35e-1925-4769-9a22-c6663db1eb53@gulbrandsen.priv.no> <1510668418.767816.1172078600.47C2F0F2@webmail.messagingengine.com> <914700fa-473e-422a-9bda-d22c9afabba5@gulbrandsen.priv.no> <5E5BABB0AC20B6710541DF4D@caldav.corp.apple.com>
In-Reply-To: <5E5BABB0AC20B6710541DF4D@caldav.corp.apple.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/imapext/fhkR4uh9dLRcTzIPZGtF0-Te5yg>
Subject: Re: [imapext] General Request for Assignment (imap-keywords) (was: [JMAP] SMIME Attachments)
X-BeenThere: imapext@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of IMAP extensions <imapext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/imapext>, <mailto:imapext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/imapext/>
List-Post: <mailto:imapext@ietf.org>
List-Help: <mailto:imapext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/imapext>, <mailto:imapext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Nov 2017 00:17:53 -0000

On Wed, 15 Nov 2017, at 01:58, Cyrus Daboo wrote:
> Hi Arnt,
> 
> --On November 14, 2017 at 2:25:06 PM +0000 Arnt Gulbrandsen
> <arnt@gulbrandsen.priv.no> wrote:
> 
>>> Anyway, I don't think the whole way this would work has been
>>> well thought out yet.
>> 
>> AOL. It would seem to serve the case where the user uses two clients,>> both of which display whether a message has an attachment and
>> neither of>> which displays any other information from inside the blob. In
>> particular,>> neither can display an excerpt of the text, or any information
>> about the>> kind of attachment.
>> 
> 
> I think a much more useful option would be for the first client to
> decrypt
> the blob and generate an IMAP-like BODYSTRUCTURE which it then
> encrypts> to
> the user's public key and uploads as metadata attached to the original> message. Then other clients which have the private key can grab the
> metadata and decrypt it to get the full structure of the
> encrypted blob.> That way the clients get to learn a lot more about the message
> than the> mere fact it contains an attachment.
> 
> Note, that it might also be useful to send the encrypted BODYSTRUCTURE> data
> as a separate part/header in the encrypted message. That way
> recipients> would also gain the benefit of being able to quickly determine
> what the> message contains. Of course that additional data does potentially leak> some
> information about the message, but that might be acceptable.

The main value of any non-encrypted facts about the message (like a
keyword about the attachment state) is to allow server-side search.
I agree with Cyrus - the sender could easily attach the BODYSTRUCTURE as
a separate encrypted part, though again that leaks information about the
structure based on the size of the encrypted part - all sorts of side
channel/metadata stuff needs to be thought through, and different people
have different tradeoffs/risk profiles - but then most people don't want
to think that deeply about every message they send, so if you make it
too complex nobody will use it.
Regardless of what gets stored encrypted or who does it however, the
value of a keyword is search/sort.
I still remain unconvinced that the usecase is common enough that any
client would use it, particularly since the first client still needs to
download the message so it can set the flag.
Bron.

--
  Bron Gondwana, CEO, FastMail Pty Ltd
  brong@fastmailteam.com

v2.23.0 | Report a Bug | By Email