IETF Logo Mail Archive

Re: [Jmap] Benjamin Kaduk's Discuss on draft-ietf-jmap-core-14: (with DISCUSS and COMMENT)

Benjamin Kaduk <kaduk@mit.edu> Mon, 04 March 2019 03:42 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: jmap@ietfa.amsl.com
Delivered-To: jmap@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE77B130F40; Sun, 3 Mar 2019 19:42:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mit.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R6JgeEOkS5-m; Sun, 3 Mar 2019 19:42:11 -0800 (PST)
Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-eopbgr780094.outbound.protection.outlook.com [40.107.78.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A6F43130F46; Sun, 3 Mar 2019 19:42:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Xy37N7bsRiAN0WZyoG6cikFRwJ0fJKLP4Sm0mgiqmO4=; b=ir8Nd+3tCm5k5hY2gce0L2wT+b9aIiB+ArvG/JSeHVV2PWju4YzkXZkPTUE47BQdvVk8qkOL1HEpbXE5ySWDodQ++RCG2cwuQkkBEedvfhJNhQ1iv13DDx/LvS/71Y/wWXMNk41d/Keb2KIJ+8D8msWRC9ckrmG9GRVrkfQadbI=
Received: from DM5PR0101CA0026.prod.exchangelabs.com (2603:10b6:4:28::39) by BN8PR01MB5604.prod.exchangelabs.com (2603:10b6:408:be::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1665.15; Mon, 4 Mar 2019 03:42:09 +0000
Received: from BY2NAM03FT031.eop-NAM03.prod.protection.outlook.com (2a01:111:f400:7e4a::205) by DM5PR0101CA0026.outlook.office365.com (2603:10b6:4:28::39) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1665.15 via Frontend Transport; Mon, 4 Mar 2019 03:42:09 +0000
Authentication-Results: spf=pass (sender IP is 18.9.28.11) smtp.mailfrom=mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of mit.edu designates 18.9.28.11 as permitted sender) receiver=protection.outlook.com; client-ip=18.9.28.11; helo=outgoing.mit.edu;
Received: from outgoing.mit.edu (18.9.28.11) by BY2NAM03FT031.mail.protection.outlook.com (10.152.84.216) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1643.13 via Frontend Transport; Mon, 4 Mar 2019 03:42:08 +0000
Received: from kduck.mit.edu (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x243g4BV018494 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 3 Mar 2019 22:42:06 -0500
Date: Sun, 03 Mar 2019 21:42:04 -0600
From: Benjamin Kaduk <kaduk@mit.edu>
To: Neil Jenkins <neilj@fastmailteam.com>
CC: iesg <iesg@ietf.org>, draft-ietf-jmap-core@ietf.org, Bron Gondwana <brong@fastmailteam.com>, jmap-chairs@ietf.org, IETF JMAP Mailing List <jmap@ietf.org>
Message-ID: <20190304034204.GO53396@kduck.mit.edu>
References: <155072687005.20308.1288342758446844678.idtracker@ietfa.amsl.com> <ebf89939-bf68-4458-a24f-5a37090385fd@beta.fastmail.com> <20190301200956.GR53396@kduck.mit.edu> <65cb60cd-073b-401a-b2bb-8c1024833400@beta.fastmail.com> <20190304030216.GL53396@kduck.mit.edu> <448ded6f-463e-49fc-ba15-60463812182f@beta.fastmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <448ded6f-463e-49fc-ba15-60463812182f@beta.fastmail.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:18.9.28.11; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(136003)(396003)(376002)(346002)(39860400002)(2980300002)(189003)(199004)(47776003)(4326008)(229853002)(2906002)(7696005)(97756001)(50466002)(26826003)(8936002)(93886005)(8676002)(106466001)(246002)(305945005)(75432002)(1076003)(53416004)(55016002)(33656002)(14444005)(5660300002)(106002)(23726003)(356004)(6246003)(16586007)(88552002)(316002)(786003)(36906005)(76176011)(46406003)(186003)(6916009)(26005)(426003)(486006)(476003)(126002)(956004)(86362001)(11346002)(446003)(54906003)(336012)(104016004)(58126008)(478600001); DIR:OUT; SFP:1102; SCL:1; SRVR:BN8PR01MB5604; H:outgoing.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-auth-1.mit.edu; MX:1; A:1;
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: e8f817f0-894d-4fec-942b-08d6a053610a
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600127)(711020)(4605104)(4608103)(4709054)(2017052603328)(7153060); SRVR:BN8PR01MB5604;
X-MS-TrafficTypeDiagnostic: BN8PR01MB5604:
X-Microsoft-Exchange-Diagnostics: 1; BN8PR01MB5604; 20:K0V1PDfPigb8nD5kCqhQKx1xZLzhUy9G3pZ3Za9wmGAMmryRKqOevM2t/UuluNwNImA+mhjkbnlTEB4xeAajU3pyyiRF8yE7itwoBMHEQOn08rz9kLtJjpPij2SbrO2PxOmrZokbKhhzLQZFrHARRJ+7GZqGaS1zUedzauzKEtLS3GfVymx17jHoDpTtwotNZ8v8QvZDK6me1ZwkxY/3gDkA9Z0yUXOaYin3zgV/rdGKB+sHUsRQW6BcR7oz0maCIELV7S9dKlL8vkSy+Z6xLm5jIJBJvxOyszkUtErf5JS6qrT520D47O9GOP7DD+KK2msjFM77GGnLiM0iiTVwV3O7xzJURtLuvmRIZpoSucRjsr3Rozyk9YuK914ccnT4xd04FDp6IoNP6NXT7RATcxldjcUY7vYEGNh2lCFeOFzadduWJaK9HVM51ifG8WFTMf3/4K8k3GMU/aT+nwDLemgbVSgzKP1fd9CjW62dFYRpeiywHhxXZXROo1irnYS7VXLCsyzwackRu9Uyezu+p2DIKm9hIAqrtJvAb+GKLiPEFqBWDaQedTUw7Gz6gaEM+MXPs4ev2/QvYpuFn/2Qm4RsMIHCCbHG4axVRJ8/WxM=
X-Microsoft-Antispam-PRVS: <BN8PR01MB5604818439F79BDFF3F414E8A0710@BN8PR01MB5604.prod.exchangelabs.com>
X-Forefront-PRVS: 09669DB681
X-Microsoft-Exchange-Diagnostics: 1; BN8PR01MB5604; 23:uLoBnlexXJuthL4tGAhljbaw5VW3WpwVxylbkaxjk6iWg4nMD45JDOpr7UnFMxTG9RMlT46Zwl0xzmwY5F61cD5XGgCi9YJlpj9TQf6698Me2OzAY/zJMB7CDXQYBMmys4EZxz36kfwVPHYZd0lIt5sFiDAa2uIem2jFmQ3Pe4zwflP9lVBmO/nhum7qaM0xFIKeqIKuLywrdg2y9cMmNwyvIMUI+SfTOti+JU2tZB6rCJ7mHchi+fQ0qfy3jw7OPXHN4YlqAgo9M66xk73+fd9JIDT8UuGi+wwkTbkd/NJ5grdNVDsBb/QOsEDsqf3Kjyn1VXABhAHGr5DYtHTyMEu4LSHpeH2NnxIh+5qBkRaqKtz62ATaf0qReSmMPGMqfNVcB+tR4l78snMgcccpB+eRwXZY7rh2uBzXEhFBJKtOQINyCNXO2BiQXxZg9iOLiyNpwFFq/EVi+FyjSnS4zWCyejaZBNq13z/SPn8N7tSCZgxzavSMGJ1cXuInYTPAKtrhT+eGEH6YvXznXrw5Ytkf1k9bZ6PqV1B6p0mJWBHGCgCcVXjWvbnmJi6xvjR+GJEMUulkg0ulRXOwIXk3fVhge849n2fJBnvwVQdcbO/8oCruD8JC9+pYIQ6SNsjzW+QBJg7vFv8pMFp1Pd12jfKXvP7VXBTFLzzAHaugvvYrEt+fPCC2bH3BaqMSg4qvV9P+heVl/53pa/G+8d0k5FDs9DnINRXt5JzLIVw5cLlib8hLePCbM5tV1r8rJv65HY51+Nw9SRZg0pZzHIuEGnTFXeIg6+GhUR2iCZvla2SyMNUh21hpnPZmEuOBWMnuIokcepElihjLY5lGCm6whCvbRioJber5/gY5IYyM7Xd7XUsMmM91XTBbzccUzZIOwjAs46a/D2S04BKIrNo7SDqHF2KiIP3IpKfyLg+M4BzPG6pYY5lNHp2hHjrnZbi6vIXiSnqkmk7MFfoO0bVtZwQl+oXDgYPUNPK+WjVEceGUzPNlN4d2+JTBgqe9ZPFPGNxv4CYq7QlVqL1naz9lxIxqzIGdpl47ytCQFdM50LlmTOj2ICuJ8cjufrEBlzD6IXeViYXXrGxwus4MyAoALLPcJtBN0u0uvjsuq2TdDfYxVthoXVxYuxoDGL8bHbbQVusI6fbjo6g7B6XnbT0WndVX2jUyg7Lf5dc4CV3du4vZgTfvn1czv23DUWbrt7wOeGa6iD79QTIjfUvu8AiCCw==
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: oemPM4Jyr6jelxu8N1qBa0Wxh8r0/t/kHWgmll0PCaDBmP8ev5Lh0s8sBq4oghkwbH7kQATSCJnkN/XtltBe9/wiaVgulFQKJjdc+oWJobqgvHSDZQMeWsz1cKZr03X37imzYoN86p/511uKWA/sWBPfl6cNAxj5DXb0WxZOqXGDVQRbGC0nMfDGTe24ZJFYek+7zmo33GgYIk2oZDPerAjhXTeDcflkVpo7bek5isut20ug8rMiGlVziQCtwJzhbFEZyHPmehHL0x3ZIxEpSmRMVGnx5YawXIGOWCqg7HIczTigVMTe41XVhZ40/R8btn3WjXN2WRDuQrbO71n3bXG3I6VvRPBHMmK55REDm8eP3XWhbzWBt+CjY3sxAwj23tmCeQ1UPHmGevup9LYQvfgTjI749bH64T9zlQSE80Q=
X-OriginatorOrg: mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Mar 2019 03:42:08.6403 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: e8f817f0-894d-4fec-942b-08d6a053610a
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=64afd9ba-0ecf-4acf-bc36-935f6235ba8b; Ip=[18.9.28.11]; Helo=[outgoing.mit.edu]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8PR01MB5604
Archived-At: <https://mailarchive.ietf.org/arch/msg/jmap/Wxcki40FcKfe2xKUdJ1LmST2Bgw>
Subject: Re: [Jmap] Benjamin Kaduk's Discuss on draft-ietf-jmap-core-14: (with DISCUSS and COMMENT)
X-BeenThere: jmap@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: JSON Message Access Protocol <jmap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jmap>, <mailto:jmap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jmap/>
List-Post: <mailto:jmap@ietf.org>
List-Help: <mailto:jmap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jmap>, <mailto:jmap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Mar 2019 03:42:14 -0000

On Sun, Mar 03, 2019 at 10:11:07PM -0500, Neil Jenkins wrote:
> On Mon, 4 Mar 2019, at 14:02, Benjamin Kaduk wrote:
> > > > > > Also, when these expirations fire (e.g., for Basic Authentication
> > > > > > credentials), we need a normative requirement to actually destroy the
> > > > > > private credentials; there's a lot going on here so maybe I missed it,
> > > > > > but I don't think I saw one.
> > > > > 
> > > > > I think we already have this. The spec says:
> > > > > 
> > > > > *The push subscription is tied to the credentials used to authenticate the API request that created it. Should these credentials expire or be revoked, the push subscription MUST be destroyed by the JMAP server.*
> > > > > 
> > > > > Or were you referring to something else?
> > > > 
> > > > I was thinking that you need to clear out the memory/disk storage that hold
> > > > the credentials (e.g., password), as well as destroying the subscription
> > > > object. We don't want plaintext credentials floating around longer than
> > > > needed.
> > > 
> > > Which credentials are you referring to here? The push subscription doesn't contain any except I guess for the URL itself; I can note that this and the encryption keys MUST be securely erased from memory/storage immediately when the subscription is destroyed? If you're referring to the client's credentials, we're explicitly talking about when they've been expired or revoked, so are already useless.
> > 
> > I may have been confused about whether this was JMAP Client/JMAP Server or
> > JMAP Server/push server interactions. That is, I was thinking about the
> > JMAP server clearing out any keys or credentials it had for the second sort
> > of interaction.
> 
> OK, so yes this translates to clearing out the URL and any client-generated encryption keys. I have added:
> 
> *When a push subscription is destroyed, the server MUST securely erase the URL and encryption keys from memory and storage as soon as possible.*

Cool; thanks!

v2.23.0 | Report a Bug | By Email