IETF Logo Mail Archive

Re: [Jmap] Benjamin Kaduk's Discuss on draft-ietf-jmap-core-14: (with DISCUSS and COMMENT)

"Neil Jenkins" <neilj@fastmailteam.com> Mon, 04 March 2019 02:53 UTC

Return-Path: <neilj@fastmailteam.com>
X-Original-To: jmap@ietfa.amsl.com
Delivered-To: jmap@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 86617130EFC; Sun, 3 Mar 2019 18:53:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.982
X-Spam-Level:
X-Spam-Status: No, score=-1.982 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_HEADER_CTYPE_ONLY=0.717, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmailteam.com header.b=VVpCCjur; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=6V5QeKii
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zq0wMLRU2Wx5; Sun, 3 Mar 2019 18:53:05 -0800 (PST)
Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6A08D130ED4; Sun, 3 Mar 2019 18:53:05 -0800 (PST)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 67B32220F9; Sun, 3 Mar 2019 21:53:04 -0500 (EST)
Received: from imap7 ([10.202.2.57]) by compute6.internal (MEProxy); Sun, 03 Mar 2019 21:53:04 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= fastmailteam.com; h=message-id:in-reply-to:references:date:from :to:cc:subject:content-type; s=fm2; bh=A4u19kGlTADQlB5hKRN4Zz3Ci vvHrok+IVZG2Jj4lmo=; b=VVpCCjurKvogXEu95wzCiwDj3ySgvpEaSwoAdBBnR /lBICdSuz7/qAwvOdBgf0X89CgZuhMDIkAzXSjpvb8WHGPnVh1oSRhCJ57oNBTWg X4yzsotGeB77DQD1o1yAORp0PAf15xjw2185MKH1nBVZWT5moU6VwbwD4kNv2fMP G1wNn1ZzYsUsfA+L66qeGNBoBrejc1eQlMTcWfiYXbd7xe/AYIaSAFvdExAnIANh knhXUxhN99tutNFyYh4y5UKxZaM5n6xzvB54Qh40m7lKkyf4qRx8BopoOjXCq5D/ HiOivNstydtonBqWN+rzHYL1XAjCe+kGhAm30lI6K6Xxg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:references:subject:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=A4u19kGlTADQlB5hK RN4Zz3CivvHrok+IVZG2Jj4lmo=; b=6V5QeKiisb7ggUZnq/Pc1HcijEy87diyP LdzppRmNkaW1yIKYbuXH/NXCup+v1qPcMPEbdSWsRGlPJpBEgLAugupGRDv99us2 qiajvf9JhCRCmJOaGjLgp3lRkXYDL3oeKNxxBXuTTe4/FtZLxE/E8vOg1J5A3+HF Pa5aE1mjgsLzp5JKxrMU91f6iB1llHvwr76gt9uq6hRx+5ISx1l4OJlFjr/JzFMv feVru+WF+w5T8C6JO5iXME2UfFzC82HiRQakxbELfueK1p8E+tjAekP/yTF0GNA2 ys2gygWxKQOtZmkT7SFGwzSTQT9I6OgUtJ6tIfwpOBGV4boalp7oA==
X-ME-Sender: <xms:D5N8XNh1SmenxLeCk3UDgT-nhKFRxCd4emg7Juffzhle0AMcne74SQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedutddrfedtgdehtdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefofgfkjghffffhvffutgesrgdtreerreerjeenucfhrhhomhepfdfpvghilhcu lfgvnhhkihhnshdfuceonhgvihhljhesfhgrshhtmhgrihhlthgvrghmrdgtohhmqeenuc ffohhmrghinhepihgvthhfrdhorhhgnecurfgrrhgrmhepmhgrihhlfhhrohhmpehnvghi lhhjsehfrghsthhmrghilhhtvggrmhdrtghomhenucevlhhushhtvghrufhiiigvpedt
X-ME-Proxy: <xmx:D5N8XDWW_G8JXrlbVLdyk7B4FHs5JsMGEueOEqLN9mafz8-Pm-CPpQ> <xmx:D5N8XPjZhdrOXxMhe0LlubBfKQr9V3Y65FjvvC-DhuCul_1XdOUlWQ> <xmx:D5N8XH7eL5b0C4hWrJfbU4k4ZKEsvU-uEExvvwzQREIRzqxLMU3-Ug> <xmx:EJN8XIAz8qGUdUpHOTz2sbtFk1mpk6mrxnFQIR1pz0hAVmA26R-DMQ>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id C2D692032A; Sun, 3 Mar 2019 21:53:03 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.5-925-g644bf8c-fmstable-20190228v5
X-Me-Personality: 64588216
Message-Id: <65cb60cd-073b-401a-b2bb-8c1024833400@beta.fastmail.com>
In-Reply-To: <20190301200956.GR53396@kduck.mit.edu>
References: <155072687005.20308.1288342758446844678.idtracker@ietfa.amsl.com> <ebf89939-bf68-4458-a24f-5a37090385fd@beta.fastmail.com> <20190301200956.GR53396@kduck.mit.edu>
Date: Sun, 03 Mar 2019 21:52:33 -0500
From: Neil Jenkins <neilj@fastmailteam.com>
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: iesg <iesg@ietf.org>, draft-ietf-jmap-core@ietf.org, Bron Gondwana <brong@fastmailteam.com>, jmap-chairs@ietf.org, IETF JMAP Mailing List <jmap@ietf.org>
Content-Type: multipart/alternative; boundary="b6894366fe314111b1f41ce52aa0557f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/jmap/RnDmYr1jr08haSUhFH0VsxTiR7Q>
Subject: Re: [Jmap] Benjamin Kaduk's Discuss on draft-ietf-jmap-core-14: (with DISCUSS and COMMENT)
X-BeenThere: jmap@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: JSON Message Access Protocol <jmap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jmap>, <mailto:jmap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jmap/>
List-Post: <mailto:jmap@ietf.org>
List-Help: <mailto:jmap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jmap>, <mailto:jmap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Mar 2019 02:53:07 -0000

On Sat, 2 Mar 2019, at 07:10, Benjamin Kaduk wrote
> So this adversarial scenario just would need to change "create/update" to
> "create/update/delete" to be covered.

Agreed, I'll make this change.

> > It's stating that on the next resync, whether that be due to a future push for the same type, or the client making any /get or /set for that type and seeing the different state string returned, will result in the client coming fully up to date. Losing the push does not mean there is data the client will now no longer see.
> 
> Perhaps there is room for a little more clarity on what "it syncs" means
> (i.e., full sync or just scoped to a specific data type). To be clear,
> this is a fine design; I just want to be sure that we have clarity of
> language in describing it.

OK, how about this:

*It doesn't matter if some push events are dropped before they reach the client; next time it gets/sets any records of a changed type it will discover the data has changed and still sync all changes.*

> > There isn't one, because as far as I can see RFC8291 <https://tools.ietf.org/html/rfc8291> doesn't have one and that's what this is supporting. What do you suggest?
> 
> The pragmatic thing to do would be to note in the security considerations
> that there is no algorithm agility for Web Push Encryption, and if agility
> becomes needed in the future a spec update would likely be needed to
> provide it.

Sure, happy to do that.

> > > Also, when these expirations fire (e.g., for Basic Authentication
> > > credentials), we need a normative requirement to actually destroy the
> > > private credentials; there's a lot going on here so maybe I missed it,
> > > but I don't think I saw one.
> > 
> > I think we already have this. The spec says:
> > 
> > *The push subscription is tied to the credentials used to authenticate the API request that created it. Should these credentials expire or be revoked, the push subscription MUST be destroyed by the JMAP server.*
> > 
> > Or were you referring to something else?
> 
> I was thinking that you need to clear out the memory/disk storage that hold
> the credentials (e.g., password), as well as destroying the subscription
> object. We don't want plaintext credentials floating around longer than
> needed.

Which credentials are you referring to here? The push subscription doesn't contain any except I guess for the URL itself; I can note that this and the encryption keys MUST be securely erased from memory/storage immediately when the subscription is destroyed? If you're referring to the client's credentials, we're explicitly talking about when they've been expired or revoked, so are already useless.

Neil.

v2.23.0 | Report a Bug | By Email