Re: [Last-Call] Last Call: <draft-ietf-lamps-header-protection-20.txt> (Header Protection for Cryptographically Protected E-mail) to Proposed Standard
Thore Goebel <ietf@thore.io> Wed, 03 April 2024 08:51 UTC
Return-Path: <ietf@thore.io>
X-Original-To: last-call@ietfa.amsl.com
Delivered-To: last-call@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C65EDC14CE29 for <last-call@ietfa.amsl.com>; Wed, 3 Apr 2024 01:51:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.084
X-Spam-Level:
X-Spam-Status: No, score=-7.084 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, T_SPF_TEMPERROR=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=thore.io
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AmNX9Pj9KX4y for <last-call@ietfa.amsl.com>; Wed, 3 Apr 2024 01:51:44 -0700 (PDT)
Received: from mail-4323.proton.ch (mail-4323.proton.ch [185.70.43.23]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A8E1CC14F60E for <last-call@ietf.org>; Wed, 3 Apr 2024 01:51:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=thore.io; s=protonmail; t=1712134295; x=1712393495; bh=JwP2zOu2Dnc04E/GWgtj+sFi84QrFR0TBRiaBvnfmrA=; h=Date:To:From:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=kntsAOoUNKKKOi/CR1JvmtYsCinXhWRvenVCzrIY3byN0lJmFILmiYmRx9SMzQa9H k8WGZ8e6kFAfAJ2FzCQDQDXDMPfgHPBJO+OGFMvMSqlHxX6Aqv7Wc1c8SILtN9QnQi DZ8dnPxz6MQH4EVkrNz3Ffcl127IT8rYGdr4TjHcb3bbfmg5HHYPZeE34+DIQ3ejcA 8cTJd2IJnYXjZXEgbOr45uwUUMhIRRTNmy2gzsuBjcjwB9z5HxAG4VaDqiG95SkE/i /PsaecdQ0IawYHlrNo0nl0PqTrfjzLee6Yd8DyTvfzLDcBgg4dFWXa5n4dO7yffMma 2reWjskgt/DnA==
Date: Wed, 03 Apr 2024 08:51:29 +0000
To: last-call@ietf.org
From: Thore Goebel <ietf@thore.io>
Message-ID: <gVSuu14gYbn_DqLHNaxUmC9Lh8TGE5NaUExdp5gSxIoNs3jj7YkRzxlVRISt-VLcUgE_HHdLXEJdIPP3Hf4uWbELRQkRyviHQFdEwFf_X-A=@thore.io>
In-Reply-To: <170957023196.14016.17680168906943528470@ietfa.amsl.com>
References: <170957023196.14016.17680168906943528470@ietfa.amsl.com>
Feedback-ID: 96085429:user:proton
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha512"; boundary="------12605a312465ae0e67b8926085dc08c096045ca9d411dcbbf551e6639f6f6210"; charset="utf-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/Si0rwVHEcb8jSViWoRg7k5nSiec>
Subject: Re: [Last-Call] Last Call: <draft-ietf-lamps-header-protection-20.txt> (Header Protection for Cryptographically Protected E-mail) to Proposed Standard
X-BeenThere: last-call@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF Last Calls <last-call.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/last-call>, <mailto:last-call-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call/>
List-Post: <mailto:last-call@ietf.org>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/last-call>, <mailto:last-call-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Apr 2024 08:51:49 -0000
This is a way-too-late comment on draft-ietf-lamps-header-protection-20. I'm not sure if it can still be considered, but I wanted to at least submit it. I have a couple of concerns on things that are underspecified/ambiguous. I have raised these here: 1. https://mailarchive.ietf.org/arch/msg/spasm/svKKPyHAGdJIjmW6P4o28iMGH30/ 2. https://gitlab.com/dkg/lamps-header-protection/-/issues/63 I see the risk that if they are left unaddressed, different MUAs may implement different things. For 2., I additionally see the risk of unexpected leakage of private data when replying to an email with Header Protection. Kind regards, Thore
- Re: [Last-Call] Last Call: <draft-ietf-lamps-head… Thore Goebel