Re: [Jmap] Genart last call review of draft-ietf-jmap-smime-07

Bron Gondwana <brong@fastmailteam.com> Tue, 07 September 2021 12:10 UTC

Return-Path: <brong@fastmailteam.com>
X-Original-To: jmap@ietfa.amsl.com
Delivered-To: jmap@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 367EE3A1D1D; Tue, 7 Sep 2021 05:10:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmailteam.com header.b=xyYi+l1b; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=ihG/hEPf
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LzgnZXIxd4qb; Tue, 7 Sep 2021 05:10:00 -0700 (PDT)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE7303A1D1B; Tue, 7 Sep 2021 05:09:55 -0700 (PDT)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 823175C00B1; Tue, 7 Sep 2021 08:09:54 -0400 (EDT)
Received: from imap43 ([10.202.2.93]) by compute6.internal (MEProxy); Tue, 07 Sep 2021 08:09:54 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= fastmailteam.com; h=mime-version:message-id:in-reply-to :references:date:from:to:cc:subject:content-type; s=fm3; bh=EXhN UtyZeE+wbxIUj+zDvIKPY+28VO4ZJZC5NSmcLXA=; b=xyYi+l1boFyg0UG4vHgi 0O2HiwEs9ToeIVKnkWT60I6g4peih3l3hHAFx2d1awVVvRqNAI+1ssex2hmDCmSz UEG1rx5d8jLNDOM/u7HBTghxD6rnDEefNfbfmaBMOtnVp09kP/SWylmNU7cCucpe lWQR6RIptdODR2nsD6fNFybQOdK+4ylCyz+hNMMssebj52sncfbdbSgQwzSN2D2P PK2rAcHafUE1m429uryeKhiinrYuk3uKgtMw7+v7sBXLcxVSjYataKMCiZGtyJMv Bsf6z7VP+4GgQXb+shonka2vwkMWnGNgepwQsuYUI9MF4OlkLtMk12lCwESk5mNv KQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=EXhNUt yZeE+wbxIUj+zDvIKPY+28VO4ZJZC5NSmcLXA=; b=ihG/hEPfsoUCBBq0Sm2GB0 mxKLvA0CDktGG/qJsZ3UECQxlYihInQLz3wKiGHeyVKpck/faMYxknUNGnT2L4Eq 583RYrUNRR07J4yFoRJikqXJUbgkDgzY26ZE6+XOT9jC28X3NjCsms1ow8uV8/mF D+9RqwfAsTb/SuALKRrTlKZPVEQg5KcYAStgBxD2GlZWIpnZcUa1ZzzRo28xIV3r /LibYnLXb6xH/ERtR/fcSa9+kj2oVltiZjbFGsVs6NMi/C7kUvthg1ak9PvR/GWo 72y/Yh1mnMDqwVGjviXcMifO/nbQFEHbxcz/lKYmEE/rdD6FIvknoCcsUBtiK4DQ ==
X-ME-Sender: <xms:klY3YVRbTW7LbwQOdIfxyIn941HkwFMJ_90YOFikaBeq-s8uiJM1Rg> <xme:klY3Yex2Y8im6yMnWrqpx4S75SDoeHPrQ61tAIxUVeJlR7w8w7u6e1E11GKwdaq-S 3yOqcdDZmA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvtddrudefhedghedtucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvffutgesrgdtreerreertdenucfhrhhomhepfdeurhho nhcuifhonhgufigrnhgrfdcuoegsrhhonhhgsehfrghsthhmrghilhhtvggrmhdrtghomh eqnecuggftrfgrthhtvghrnhepvdduueeihefgvdehueeujeejuedugfeigfevteefleet feffgfdtjeejgfeuuddvnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrg hilhhfrhhomhepsghrohhnghesfhgrshhtmhgrihhlthgvrghmrdgtohhm
X-ME-Proxy: <xmx:klY3Ya0CIvD2nJMQxxbasGodJMHqYeeMSWiM_b2-KgcHc4F9wS4pTQ> <xmx:klY3YdD9QY9Tp4NYm-dD87-RppIXFdAym7uV6kV2lM_5I6J4q-u8Nw> <xmx:klY3Yei1JeH2xaaCOzMtnT49hYQvdiPJyQagQPUsP_O9oLkNB91Rgg> <xmx:klY3YRuYKpEWUT_TOKpHfM8gr43VdCE_q48Ul3iC8Vxnn70o-Jr_tw>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 011BBAC0362; Tue, 7 Sep 2021 08:09:53 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-1215-g0d2d495392-fm-20210907.001-g0d2d4953
Mime-Version: 1.0
Message-Id: <ba27f05d-e2e6-42c0-8762-fa8846dcb163@dogfood.fastmail.com>
In-Reply-To: <163099800356.27114.17325354179624408978@ietfa.amsl.com>
References: <163099800356.27114.17325354179624408978@ietfa.amsl.com>
Date: Tue, 07 Sep 2021 22:09:32 +1000
From: "Bron Gondwana" <brong@fastmailteam.com>
To: "Peter Yee" <peter@akayla.com>, gen-art@ietf.org
Cc: draft-ietf-jmap-smime.all@ietf.org, jmap@ietf.org, last-call@ietf.org
Content-Type: multipart/alternative; boundary=5e097a4714564ce683a59f03d7334d95
Archived-At: <https://mailarchive.ietf.org/arch/msg/jmap/noSdppvpW-_SJnc7XEarM4_kleQ>
Subject: Re: [Jmap] Genart last call review of draft-ietf-jmap-smime-07
X-BeenThere: jmap@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: JSON Message Access Protocol <jmap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jmap>, <mailto:jmap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jmap/>
List-Post: <mailto:jmap@ietf.org>
List-Help: <mailto:jmap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jmap>, <mailto:jmap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Sep 2021 12:10:07 -0000

On Tue, Sep 7, 2021, at 17:00, Peter Yee via Datatracker wrote:
> Summary: This document provides a JMAP extension that allows the JMAP server to
> provide its thoughts on the verification of a messages S/MIME signature.  While
> the details of the extension seem fine, I'm not convinced that the rationale
> for it and the consequences of trusting the server to perform the verification
> are well described. [Ready with issues]

Thanks for the detailed review Peter!  I'll leave the specific nits to Alexey as author.  Good point with the "rationale for trusting the server".  We did discuss this during the early meetings when this draft came up, and considered that this would most likely be used within an organisation which controls both the client and the server.  JMAP is particularly well suited to very simple and light-weight clients.

It's envisioned that JMAP clients may even be a simple widget which displays some details like mailbox counters or previews of the most recent few messages.  By having the server side do S/MIME validation, a client can simply check a property to display an icon next to a preview without being a full S/MIME client.  Obviously this isn't something you would do where you didn't trust the server absolutely!

It seems reasonable to me to add some text that summarizes this understanding in the introduction, along with the existing "requires the client to trust server verification code" in the security considerations.

Cheers,

Bron.


--
  Bron Gondwana, CEO, Fastmail Pty Ltd
  brong@fastmailteam.com