Re: [Jmap] Benjamin Kaduk's No Objection on draft-ietf-jmap-smime-09: (with COMMENT)
Alexey Melnikov <alexey.melnikov@isode.com> Fri, 22 October 2021 16:23 UTC
Return-Path: <alexey.melnikov@isode.com>
X-Original-To: jmap@ietfa.amsl.com
Delivered-To: jmap@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A2CE3A0FD3; Fri, 22 Oct 2021 09:23:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isode.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rb0VJmU3rTxy; Fri, 22 Oct 2021 09:23:09 -0700 (PDT)
Received: from waldorf.isode.com (waldorf.isode.com [62.232.206.188]) by ietfa.amsl.com (Postfix) with ESMTP id 64F373A10EF; Fri, 22 Oct 2021 09:23:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1634919787; d=isode.com; s=june2016; i=@isode.com; bh=jPV8glWDvIT4m4TgKEchAXlh+L7rnvIYVoAqci4s8AE=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=YHeOBk66DpUfdhoI8f7NeGeWFKsAA7MELr1zwh1mFZ/AuaP1MRyfwPffDoIslVSmj/uaNW cXDXNMIugDgKZv3ICagw71OD6U0vfvLaDHUr/U+3b/buj3z51dxrcpfjYMNhuUaYC+zHH4 uwUDDXuKnPpAPxjmdUCsrQsmbuIPPH4=;
Received: from [192.168.1.222] (host5-81-100-13.range5-81.btcentralplus.com [5.81.100.13]) by waldorf.isode.com (submission channel) via TCP with ESMTPSA id <YXLlawABRyCV@waldorf.isode.com>; Fri, 22 Oct 2021 17:23:07 +0100
From: Alexey Melnikov <alexey.melnikov@isode.com>
To: Benjamin Kaduk <kaduk@mit.edu>, The IESG <iesg@ietf.org>
Cc: jmap@ietf.org, draft-ietf-jmap-smime@ietf.org, jmap-chairs@ietf.org, brong@fastmailteam.com
References: <163468289442.773.9422623149409906055@ietfa.amsl.com>
Message-ID: <fb3e912b-a9ce-b03f-4793-f9854416bb36@isode.com>
Date: Fri, 22 Oct 2021 17:23:00 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.14.0
In-Reply-To: <163468289442.773.9422623149409906055@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Language: en-GB
Archived-At: <https://mailarchive.ietf.org/arch/msg/jmap/dFnOkb_aATvLiTnFbjoJnhHYpgU>
Subject: Re: [Jmap] Benjamin Kaduk's No Objection on draft-ietf-jmap-smime-09: (with COMMENT)
X-BeenThere: jmap@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: JSON Message Access Protocol <jmap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jmap>, <mailto:jmap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jmap/>
List-Post: <mailto:jmap@ietf.org>
List-Help: <mailto:jmap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jmap>, <mailto:jmap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Oct 2021 16:23:15 -0000
Hi Ben,
Thank you for your throught comments.
On 19/10/2021 23:34, Benjamin Kaduk via Datatracker wrote:
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
> Are we asserting that the "smime" prefix for property names (and
> "hasSmime", etc.) relates only to S/MIME signing? How might S/MIME
> encryption be handled if support is added in the future?
My implementation actually does automatic decryption as well, so this
should work for signed and encrypted messages. But you are right that
the document doesn't make it very clear that this is an extension point.
> I see that the opsdir reviewer asked about whether this document should
> have an "Updates:" relationship with RFC 8621. I'm not sure I see a
> need for it, myself, but would be interested in hearing the stance of
> the authors/WG.
>
> Section 4.1
>
> signed: S/MIME signed message, but the signature was not yet
> verified. Some servers might not attempt to verify a signature
> until a particular message is requested by the client. JMAP
> servers compliant with this document SHOULD return "signed/
> verified" or "signed/failed" instead of this signature status.
>
> I'd suggest adding something like "SHOULD attempt verification and
> return", just to reiterate that servers don't get to arbitrarily claim
> verification/failure without doing the verification.
Added, thank you.
> smimeErrors: "String[]|null". null signifies that the message doesn't
> contain any signature or that there were no errors when verifying the
> S/MIME signature. (I.e., this property is non null only when the
> corresponding "smimeStatus" response property value is "signed/
> failed".) [...]
>
> Would some hypothetical future smimeStatus type be compatible with a
> non-null smimeErrors? This phrasing seems to preclude such a
> possibility.
Good point. I clarified that future extensions can extend this list.
In my implementation I have a separate smimeWarnings, but it is not
included in this draft.
> This might result in the following response:
>
> [["Email/get", {
> "accountId": "abc",
> "state": "41234123231",
>
> I note that this "state" value is used in RFC 8621 when retriving a
> similar example message. As far as I recall this state value represents
> only the state of Email objects on the server overall (with some caveat
> about visibility to the user), and so it is not inherently inconsistent
> to use the same value across examples ... but it might be worth picking
> a new value anyway.
>
> The reuse of the message "id" for a message with a different
> "receivedAt" date, subject, etc., though, seems less defensible than
> reusing "state".
Ok, I've modified id/state in examples.
> Example 2: Retrieval of minimal information about a message,
> [...]
> ["Email/get", {
> "ids": [ "af123u123" ],
> "properties": [ "mailboxIds", "from", "subject", "date",
> "smimeStatus", "smimeErrors", "smimeVerifiedAt" ]
> }, "#1"]
>
> Is reusing the method call id allowed?
Are you referencing "#1"?
> Section 4.2
>
> * *hasVerifiedSmime*: "Boolean". If "hasVerifiedSmime" has the
> value true, only messages with "smimeStatus" equal to "signed/
> verified" match the condition. If "hasVerifiedSmime" has the
> value false, only messages with "smimeStatus" not equal to
> "signed/verified" (including the value null) match the condition.
>
> Might some future status value (say, "signed+encrypted/verified") also
> need to match as "verified S/MIME"? This phrasing seems to preclude
> such a possibility.
I tried to clarify this by adding a section on smimeStatus
extensibility, plus some text here.
Best Regards,
Alexey
- [Jmap] Benjamin Kaduk's No Objection on draft-iet… Benjamin Kaduk via Datatracker
- Re: [Jmap] Benjamin Kaduk's No Objection on draft… Alexey Melnikov