Re: [Jmap] [Extra] Choosing between the S/MIME drafts
Ken Murchison <murch@fastmail.com> Mon, 08 April 2024 13:36 UTC
Return-Path: <murch@fastmail.com>
X-Original-To: jmap@ietfa.amsl.com
Delivered-To: jmap@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50AF6C14F6BB; Mon, 8 Apr 2024 06:36:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.158
X-Spam-Level:
X-Spam-Status: No, score=-4.158 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, NICE_REPLY_A=-2.064, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmail.com header.b="bTL1fTrr"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="ddUpR4Bh"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id woUYKVYjVDC0; Mon, 8 Apr 2024 06:36:04 -0700 (PDT)
Received: from fhigh7-smtp.messagingengine.com (fhigh7-smtp.messagingengine.com [103.168.172.158]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D73BC14F6B4; Mon, 8 Apr 2024 06:36:04 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailfhigh.nyi.internal (Postfix) with ESMTP id 875D8114014E; Mon, 8 Apr 2024 09:36:03 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Mon, 08 Apr 2024 09:36:03 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to; s=fm2; t=1712583363; x=1712669763; bh=WLmYsbTfKf Utf/QNd3ucOrnSWBNAv2LZQ5BKmELimHc=; b=bTL1fTrrEZFWdC6uRmhv5IU+Hr ezccmdke7K1yeXngEIKGJ184l2Pf2gBl9jhPcZCUpWuALD5q3/CQWg4dlYb3sswA dWKQ1jatHzAgcC8MSsfJrSMaAwItpVIZR5zLbEV7rMq65CvQ6LUQHm60RjwJGBDP 5JEQKlzVg5nqks+Ehz9gBxiizFoumLn7i2ceZ2NyZoeI1ZQfhEnEjBWmglAQZtMK x1gmsguP0TCnhJEAD/YRkkxyBQZTpI4zbEDJHrzdZ0gamDxMzSCG11TlUHQlfl5k AqH3H5ugYP5Af68zShb5y82CKZxxBUVMI+AolDLGh0q/UNVGlK/9NXJi01aQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; t=1712583363; x=1712669763; bh=WLmYsbTfKfUtf/QNd3ucOrnSWBNA v2LZQ5BKmELimHc=; b=ddUpR4BhC3JCT0Qx8L5sa4wbeN7DbqV7mooZlGa+FoDq sMv7q5M0u/30It9PzUWFsnpNkuyJPLHL30B22VoEibj4EDaEBSupEhu0FS7gXQdk lo73mh2Wb2jDaMyTuNi7P9RliDUg3iHXFQflLX0XaE4E642xrl57RNZbXm7mzXV1 FuraeF+ruEH9gibuRWimJDaFTBTuwX6LIYnBrZunGrtKyS7oCMQ62jQE3iIQ9gZz yJKzczHL6bhdwr7SnMRI81amloaVzPU7hnkDs3J/jAaGpM9LCZ6YrjT//lAfNaSp exGXi0Sb1L1KME7wOCbtkDaNFlhzb9hln32/k1MH6g==
X-ME-Sender: <xms:w_ITZvH4ZdJYfvXa0AYhGevUOivM2CtuDQgxMCUkKAXSq4KjtdJYVQ> <xme:w_ITZsWgNfc0akkOKkZpZ6jEJVfwLzil5G1kdQUPqGWwwCmcLmUfvsAvUeC8w_59v nwB6cu7PHjdUw>
X-ME-Received: <xmr:w_ITZhLKQnOfrxVrK51sdR7zacYtWIBkTB9k98znuxzVZQZcNwCfSBPPhdfdxgNwh8rF83_YN-l-bGecPppea1jMeWRtwA23dA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrudegiedgieehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpegtkfffgggfuffvfhfhjgesrgdtre ertdefjeenucfhrhhomhepmfgvnhcuofhurhgthhhishhonhcuoehmuhhrtghhsehfrghs thhmrghilhdrtghomheqnecuggftrfgrthhtvghrnhepffetkeetgeeuvdevteejtddugf ffkeetudetudehieehgeevfffgleefjefftedunecuffhomhgrihhnpehivghtfhdrohhr ghenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmuh hrtghhsehfrghsthhmrghilhdrtghomh
X-ME-Proxy: <xmx:w_ITZtGhdz4WF1SsjhaCP_KU6bzv6xm3CyQsYcG3kZvzKRq5F7RopQ> <xmx:w_ITZlVwQbsNxgdRb44ErXPy7lzbUW2bNewtwBmZDVaF1GlviTLQzw> <xmx:w_ITZoPOC0sT3sAKw0rdixLI6TKd9SHbFQq55lk0cI8YGsVxVJv8xg> <xmx:w_ITZk0x8vw1RbL4XFBqC2fdgEo89SdYNOtWE8WBMWfLxPFTGWPf3Q> <xmx:w_ITZihTSIyAv9AUoN1WzXQzs4LMGVvkXRZEGa4HyU8wMh8_emAq2xLd>
Feedback-ID: ibf914243:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 8 Apr 2024 09:36:03 -0400 (EDT)
Content-Type: multipart/alternative; boundary="------------oMesLaVTNMSD1Y2NbuNUNOo5"
Message-ID: <7ede1c6f-92b3-6a96-50db-d4051cec8acf@fastmail.com>
Date: Mon, 08 Apr 2024 09:36:02 -0400
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.15.1
Content-Language: en-US
To: extra@ietf.org, "jmap@ietf.org" <jmap@ietf.org>
References: <aa911ff1-fe35-4e67-b7c5-d0bd31014526@app.fastmail.com>
From: Ken Murchison <murch@fastmail.com>
In-Reply-To: <aa911ff1-fe35-4e67-b7c5-d0bd31014526@app.fastmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/jmap/jiefDYpni3hkrU8MZTdU7VJ8pX0>
Subject: Re: [Jmap] [Extra] Choosing between the S/MIME drafts
X-BeenThere: jmap@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: JSON Message Access Protocol <jmap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jmap>, <mailto:jmap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jmap/>
List-Post: <mailto:jmap@ietf.org>
List-Help: <mailto:jmap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jmap>, <mailto:jmap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Apr 2024 13:36:10 -0000
Adding the JMAP list since this is a JMAP question, not an IMAP/Sieve one. Since the end-to-end Email security draft referenced below emphasizes simplicity in several places, I agree with Bron, that fewer controls in JMAP is preferable. This, in my mind, would take any model that allows the client explicitly specify a list/array of sign and/or encrypt operations off of the table. I don't have any strong opinion on whether we keep the model in the existing draft or switch to Bron's even simpler model. On 3/20/24 8:42 PM, Bron Gondwana wrote: > Hi All, > > Jim and I have discussed, and don't believe that - as chairs - it is > our position to choose which approach to take. This is something that > belongs to consensus of the group. So removing my chair hat, here's > what I see as most "jmappy". > > When we create an email using Email/set - we don't define the exact > MIME structure, we describe the elements of the email and have the > server generate MIME. > > Likewise, when we ask for Protection on an email, my preference as a > JMAP enthusiast is that we don't specify the exact algorithm, whether > it's sign-encrypt-sign or just encrypt-sign, etc. We just request the > server do the currently defined thing. > > Basically, the client just asks for: > > protection: null / 'automatic' | 'unprotected' | 'verified' | > 'confidential' > > With these name meaning things as per e2-guidance > <https://datatracker.ietf.org/doc/draft-ietf-lamps-e2e-mail-guidance/>. > Automatic is "server chooses the default for this recipient", and NULL > or missing key means "automatic", such that a client naive of this > specification might wind up creating emails which all get sent > |verified| if that's the server default, but a client can also choose > to turn that off (again; the server could reject that! It could say > it has a policy of only sending protected messages). > > Potentially we could have a separate draft for "S/MIME configuration" > allowing a client to update the server settings for what the server > should do in terms of the MIME structure generated for those different > protection levels; if there's an agreement on what those options > should be. But the most basic level should be a way to tell the > server to do the configured current best practice for each of the > enumerated types of protection. > > The protection values would be a registry with "RFC required" as the > policy for adding new values. > > Bron. > > -- > Bron Gondwana, CEO, Fastmail Pty Ltd > brong@fastmailteam.com > >
- Re: [Jmap] [Extra] Choosing between the S/MIME dr… Ken Murchison