IETF Logo Mail Archive

Re: [Jmap] Benjamin Kaduk's Discuss on draft-ietf-jmap-core-14: (with DISCUSS and COMMENT)

"Neil Jenkins" <neilj@fastmailteam.com> Mon, 04 March 2019 03:11 UTC

Return-Path: <neilj@fastmailteam.com>
X-Original-To: jmap@ietfa.amsl.com
Delivered-To: jmap@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D4A4130F03; Sun, 3 Mar 2019 19:11:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.983
X-Spam-Level:
X-Spam-Status: No, score=-1.983 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_HEADER_CTYPE_ONLY=0.717, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmailteam.com header.b=jQCuDoRq; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=loniO532
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7L11WyEHQpdh; Sun, 3 Mar 2019 19:11:39 -0800 (PST)
Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 56376130EFC; Sun, 3 Mar 2019 19:11:39 -0800 (PST)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 7758A2089D; Sun, 3 Mar 2019 22:11:38 -0500 (EST)
Received: from imap7 ([10.202.2.57]) by compute6.internal (MEProxy); Sun, 03 Mar 2019 22:11:38 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= fastmailteam.com; h=message-id:in-reply-to:references:date:from :to:cc:subject:content-type; s=fm2; bh=3AURE20AnYHKIE/tJF0jaNpr1 mmLmKEfIfTqHzqZZ2Q=; b=jQCuDoRqcmEI6ecZH7WD7cplYJ88Sy8vt+iXIAQnr 4J2spJQU8vH3B71rjHEt7Fv1CaJho6Ffj9u546CF/M23i7ivEci0/BuVCRo/s8f3 /pyLxUv/q9vniqoP4V9KFXc/0xILfp9pHekk1GrmSMjSlkAYLDi+4I4l5IDY4+MB /2C5jL+be8kibkZQBJ4Ucpfc3O2wpL7q1wejSnaCGTxmUc7Zxj0UFG71KdWpga3l 6jAY5gygqChhB1mJw/o9H44V/K6TjPS4MoGWy/5eCu+xfPy72qvJt37OAci69/yC 2fsnKYZUlq6PILUGC1kQEl1fizez7jroCB2UbBotzI6Iw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:references:subject:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=3AURE20AnYHKIE/tJ F0jaNpr1mmLmKEfIfTqHzqZZ2Q=; b=loniO532QRTscvTgwYFKc77SnvvqIrqb6 ypGLzOdJxTcIQOx6L1qZXVNTY/LB0Qu657Q+hb8QpFctBmNvjcTYnc4kFxEa3p/M /qJRhTMMSGB2Bi2qZlo+15K1CVhLGJkvwn+MA4DiIes8pqXuXavZ/CqvaXow/BZG zCjza42snkZS2RUXPkzwasS6hZZ+z09b0eO1CT8/P5urA+Q0wQ6LY4OG5div1Y6J j0kRQWILg2HOGuPh59YczcfG29KqBbbIA8FWybgaRrlNHj1HeyfFY1912pPLpZAb z4KUC99VrkiKbJkhuSyTaVi03WHc3WzV8MqYP6gkBsTFRN3ZKdjqA==
X-ME-Sender: <xms:aZd8XDT0PgJ-6eGME-94Doij9HcZ0q4bemUDijW_-ftskhDwjsduFg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedutddrfedtgdehfecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefofgfkjghffffhvffutgesrgdtreerreerjeenucfhrhhomhepfdfpvghilhcu lfgvnhhkihhnshdfuceonhgvihhljhesfhgrshhtmhgrihhlthgvrghmrdgtohhmqeenuc frrghrrghmpehmrghilhhfrhhomhepnhgvihhljhesfhgrshhtmhgrihhlthgvrghmrdgt ohhmnecuvehluhhsthgvrhfuihiivgeptd
X-ME-Proxy: <xmx:aZd8XIv5Top9zDFMASvDlHxlqNC57G9POYBGiTomB9zjNxTTyB5Mtg> <xmx:aZd8XBVitLaOR4ySIjuWQPrpBbnRxL_fRYMS4P0C_BG6J9JXSai7Yw> <xmx:aZd8XMmxJO58W4z1V3c6Nbobv0LkgNWeVZq5ZBBvqZPXBJvvl4QYSg> <xmx:apd8XFR4rE_PP50cS7G4ZCsBssri5nYPQRiL6914awRSspzG7jr1-A>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 598C42032A; Sun, 3 Mar 2019 22:11:37 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.5-925-g644bf8c-fmstable-20190228v5
X-Me-Personality: 64588216
Message-Id: <448ded6f-463e-49fc-ba15-60463812182f@beta.fastmail.com>
In-Reply-To: <20190304030216.GL53396@kduck.mit.edu>
References: <155072687005.20308.1288342758446844678.idtracker@ietfa.amsl.com> <ebf89939-bf68-4458-a24f-5a37090385fd@beta.fastmail.com> <20190301200956.GR53396@kduck.mit.edu> <65cb60cd-073b-401a-b2bb-8c1024833400@beta.fastmail.com> <20190304030216.GL53396@kduck.mit.edu>
Date: Sun, 03 Mar 2019 22:11:07 -0500
From: Neil Jenkins <neilj@fastmailteam.com>
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: iesg <iesg@ietf.org>, draft-ietf-jmap-core@ietf.org, Bron Gondwana <brong@fastmailteam.com>, jmap-chairs@ietf.org, IETF JMAP Mailing List <jmap@ietf.org>
Content-Type: multipart/alternative; boundary="3993d4ef51424be6ae78dbeef212d605"
Archived-At: <https://mailarchive.ietf.org/arch/msg/jmap/ioANSc26i84u75mStI7Pg3aiJrQ>
Subject: Re: [Jmap] Benjamin Kaduk's Discuss on draft-ietf-jmap-core-14: (with DISCUSS and COMMENT)
X-BeenThere: jmap@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: JSON Message Access Protocol <jmap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jmap>, <mailto:jmap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jmap/>
List-Post: <mailto:jmap@ietf.org>
List-Help: <mailto:jmap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jmap>, <mailto:jmap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Mar 2019 03:11:41 -0000

On Mon, 4 Mar 2019, at 14:02, Benjamin Kaduk wrote:
> > > > > Also, when these expirations fire (e.g., for Basic Authentication
> > > > > credentials), we need a normative requirement to actually destroy the
> > > > > private credentials; there's a lot going on here so maybe I missed it,
> > > > > but I don't think I saw one.
> > > > 
> > > > I think we already have this. The spec says:
> > > > 
> > > > *The push subscription is tied to the credentials used to authenticate the API request that created it. Should these credentials expire or be revoked, the push subscription MUST be destroyed by the JMAP server.*
> > > > 
> > > > Or were you referring to something else?
> > > 
> > > I was thinking that you need to clear out the memory/disk storage that hold
> > > the credentials (e.g., password), as well as destroying the subscription
> > > object. We don't want plaintext credentials floating around longer than
> > > needed.
> > 
> > Which credentials are you referring to here? The push subscription doesn't contain any except I guess for the URL itself; I can note that this and the encryption keys MUST be securely erased from memory/storage immediately when the subscription is destroyed? If you're referring to the client's credentials, we're explicitly talking about when they've been expired or revoked, so are already useless.
> 
> I may have been confused about whether this was JMAP Client/JMAP Server or
> JMAP Server/push server interactions. That is, I was thinking about the
> JMAP server clearing out any keys or credentials it had for the second sort
> of interaction.

OK, so yes this translates to clearing out the URL and any client-generated encryption keys. I have added:

*When a push subscription is destroyed, the server MUST securely erase the URL and encryption keys from memory and storage as soon as possible.*

Cheers,
Neil.

v2.23.0 | Report a Bug | By Email