IETF Logo Mail Archive

[Jmap] Review: draft-ietf-jmap-smime-02

Bron Gondwana <brong@fastmailteam.com> Wed, 08 July 2020 12:41 UTC

Return-Path: <brong@fastmailteam.com>
X-Original-To: jmap@ietfa.amsl.com
Delivered-To: jmap@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CBE2F3A0ACB for <jmap@ietfa.amsl.com>; Wed, 8 Jul 2020 05:41:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmailteam.com header.b=X92RGRrz; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=gtUL9i3W
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZIC5RRpRgvee for <jmap@ietfa.amsl.com>; Wed, 8 Jul 2020 05:41:39 -0700 (PDT)
Received: from wout4-smtp.messagingengine.com (wout4-smtp.messagingengine.com [64.147.123.20]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3A753A0ACE for <jmap@ietf.org>; Wed, 8 Jul 2020 05:41:38 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id 9E5532CF for <jmap@ietf.org>; Wed, 8 Jul 2020 08:41:37 -0400 (EDT)
Received: from imap38 ([10.202.2.88]) by compute1.internal (MEProxy); Wed, 08 Jul 2020 08:41:37 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= fastmailteam.com; h=mime-version:message-id:date:from:to:subject :content-type; s=fm3; bh=rPjk7nxVZswGvzFyANqPx7MIjCWfY7RbC8gr0b2 qwRc=; b=X92RGRrzoqE42KQvAJTq/IZvu3Akr9TwQa4RVvA3lv6jgZT4MpXm1HM 26SaGnkOGMpBVmTsfzCsWBxH4tg5BOpjg87wM3yJgo+wfF8bKke2xHP3cXJomwpe HX3CVn7dl44NEDaztOCvStLI8ZrzT4gurt+yQhFhhAFVNsmij3DngeFGta+RPJbf Onk53E5Mw0CHDf/sqfbqrDyUIg0GgzcI7PsET8tIBEv9ySMGFQbrrwRSfoUyFp7G JDV/yCpDh20Zg3lJDAgqwMBfrGhAZfJOtZMhA2eszL0riUKzGnz01tLJ9tuTF3gK ZO8YXvSMxpDquFDXmAyisJcvSxodeeg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:subject:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm3; bh=rPjk7nxVZswGvzFyANqPx7MIjCWfY 7RbC8gr0b2qwRc=; b=gtUL9i3W6/Jno0Cwutkc2aar7Muz84jGpuuWEQxxMSG9W 9+qv3D7MR7khvFsMJRGTi2TFoTRBmgc2y6opJDrqyKHQXjym2+ZIe6FuxY735igx 7l4sUSKYdAhBeJnfkLPKhxSwexJk4EaAhUFCSswPa4vumb/W31Eyc8ZKP2dM/9nW 3dgJlOH9Dck6WBd86Fyt1KSFdaMxRjNzW+Fhf+/KFniWVGbIXt3+gdN9aMKcPmu0 QeH2xuAkG+kaDZs/lAISvPZvnB+Qy19fq97BjpeBhSLxmIYz1zPXYuthTxCTGrBv 5z7mLA/CXkWGv6fTQKeevBgX0MjSVq+kjjV/stUpw==
X-ME-Sender: <xms:Ab8FX-VZBQVv30gQbJXJEOjpWzjBlTpmHir8ck-aQhDixOVL5lDW4Q>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduiedrudejgdehhecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkfffhvffutgesrgdtreerre ertdenucfhrhhomhepfdeurhhonhcuifhonhgufigrnhgrfdcuoegsrhhonhhgsehfrghs thhmrghilhhtvggrmhdrtghomheqnecuggftrfgrthhtvghrnhepvdetteeiveeihfegie dtgeeigfduveelhefgffelgeelueehhfeitdelgedtffegnecuvehluhhsthgvrhfuihii vgeptdenucfrrghrrghmpehmrghilhhfrhhomhepsghrohhnghesfhgrshhtmhgrihhlth gvrghmrdgtohhm
X-ME-Proxy: <xmx:Ab8FX6kgHa-QUXp9fDqkJh59GFzfOapJsXVJ8uW_xopYFmLePAcTzQ> <xmx:Ab8FXyYW61uo00XTY6u70_QuWRS1buU1Y0vyy_NHB-FT9-gzqTrXbw> <xmx:Ab8FX1X-6fxNNP1CfRoYSTmblY1Ekt15RD_TtL1vjF5dl-Dp_G2P-A> <xmx:Ab8FX2kZtOV2bywccCJrm1fyrxKgDLPSI6BT6gexayP2LQqZxkTO1Q>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id EA26C4AA005E; Wed, 8 Jul 2020 08:41:36 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.0-dev0-623-g16e0e99-fm-idx2020-20200708.001-g16e0e99e
Mime-Version: 1.0
Message-Id: <56e51eaa-7f72-4ded-adda-61962fa4a7bb@dogfood.fastmail.com>
Date: Wed, 08 Jul 2020 22:41:15 +1000
From: Bron Gondwana <brong@fastmailteam.com>
To: jmap@ietf.org
Content-Type: multipart/alternative; boundary="53d4441319484b93ab3dc498ac812bee"
Archived-At: <https://mailarchive.ietf.org/arch/msg/jmap/fC8v0jTSa6K6BmQn1TnI_wrGumo>
Subject: [Jmap] Review: draft-ietf-jmap-smime-02
X-BeenThere: jmap@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: JSON Message Access Protocol <jmap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jmap>, <mailto:jmap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jmap/>
List-Post: <mailto:jmap@ietf.org>
List-Help: <mailto:jmap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jmap>, <mailto:jmap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Jul 2020 12:41:41 -0000

Hi Alexey,

Here's a review of the latest smime document.

*Specific Sections:**
*

3.  Addition to the capabilities object

Are you happy to use the 'smime' name for just this part rather than "urn:ietf:params:jmap:smimeverify" or something?

4.  Extension to Email/get for S/MIME signature verification
 smimeStatus: "String|null".
   Servers MAY return other values not defined below.  Client
   MUST treat unrecognized values as "unknown" or "signed/failed".  Note
   that the value of this property might change over time.

Does this need a registry of possible values?

In all other cases
   it is set to the date and time of when S/MIME signature was verified
   the last time.

I would phrase this as "was most recently verified". I had to re-parse it because of the two different uses of "time" in the sentence.

   As recalculating
   these values is expensive for the server they MAY be cached for up to
   10 minutes from the moment when they were calculated.

Do we need a way to tell the server that a fresh calculation is required and it must not use its cache?

Examples:

Some of the JSON keys are missing quotes around them.

5.  Open Issues

>From my memory, the issue here is allowing a query "did you verify this message as being correctly signed in the past, and if so when?". That's really useful when looking back at old emails! I would like to see that feature, but I'm also not likely to be a heavy user of this feature, so I think feedback from people who use S/MIME is best on that.

I think I would just want a single value smimeLastSuccessfulVerification: "UTCDate|null". Which raises another issue, and I'm not sure if this is an issue with the language in the other specs referenced or specific to this one.

The word "VERIFIED" is used with two different meanings in this document. IT's used in 'smimeVerifiedAt' to mention a time when a check was done, and it's used in 'signed/verified' to refer to a SUCCESSFUL verification. These are not the same thing, and I'd be keen to see a different word used for one of them. "signed/valid" for example.

*General comments:**
*

Should we also extend Email/query to have a couple more filters - `hasSmime` and `hasVerifiedSmime` are the two I can think of. - where hasSmime is any status other than NULL, while hasVerifiedSmime is only the value "signed/verified".

Cheers,

Bron.

--
 Bron Gondwana, CEO, Fastmail Pty Ltd
 brong@fastmailteam.com

v2.23.0 | Report a Bug | By Email