[openpgp] Re: Proposal for update to RFC3156 (PGP/MIME)
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 10 December 2024 14:55 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A206AC14F70D for <openpgp@ietfa.amsl.com>; Tue, 10 Dec 2024 06:55:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.311
X-Spam-Level:
X-Spam-Status: No, score=-1.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b="3whM8SYN"; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b="e4lspLfQ"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1cn-j42zSWeE for <openpgp@ietfa.amsl.com>; Tue, 10 Dec 2024 06:55:47 -0800 (PST)
Received: from che.mayfirst.org (unknown [162.247.75.117]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A9C0C14F689 for <openpgp@ietf.org>; Tue, 10 Dec 2024 06:55:41 -0800 (PST)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1733842539; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=FxMoNBh4+4j8+YU5mIO46JkffPRapEbEWO/nd0eB4Eg=; b=3whM8SYNhqTEEMk5FpasJ8+oozSEZtIkdayzN73chId+gX1qO93SWLvTLAD1nRfVKjBLB jaqoBg8t4XgVhNBBQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1733842539; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=FxMoNBh4+4j8+YU5mIO46JkffPRapEbEWO/nd0eB4Eg=; b=e4lspLfQoRtaQJz5FSj8OQ7W7aaKgiBTiJcTi7tBa2SKcE8JAtdgCzKuhL4iyS3SHJxeg xapIiC+JmtGVbeJwQRRo17/D/4yJeioTcJRXX5esRDcqqf3CDVGNoaYZlPuOwocgF5i1UUX dM6+/deh4+h5l55n6LP8XCNMh01I+YSu2nsqmFmkuYUne0Wg5kSPKYAlHeismtEZW0u9xxH ZwT9Vkw4FgGZtDNVqNgEGdog8xxQhe/9Zg8MlI28iOvevxJ4x0hAZz8zuonlMwFtihL6ENV gfUOi6MWtyg3Emw2tLtSo4pL+BpNSrWJiQNmZbo6YuPfBLD/AUc6RvglFBHg==
Received: from fifthhorseman.net (unknown [190.145.131.246]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id 6DB93F9B2 for <openpgp@ietf.org>; Tue, 10 Dec 2024 09:55:39 -0500 (EST)
Received: by fifthhorseman.net (Postfix, from userid 1000) id BEA5113F699; Tue, 10 Dec 2024 09:55:33 -0500 (-05)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: IETF OpenPGP WG <openpgp@ietf.org>
In-Reply-To: <fccfcb95-c047-4a42-ba21-2098171fdf9c@kuix.de>
References: <33BAA6B0-64ED-4877-8B94-AEDBC94C1FC1@andrewg.com> <fccfcb95-c047-4a42-ba21-2098171fdf9c@kuix.de>
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= xjMEZXEJyxYJKwYBBAHaRw8BAQdA5BpbW0bpl5qCng/RiqwhQINrplDMSS5JsO/YO+5Zi7HCi QQfFgoAMQWCZadnIAUJBdtHCwMLCQcDFQoIApsBAh4BFiEE1HcEDHDCFWpcKYVJu36RAUlea/ cACgkQu36RAUlea/edDQD+M2QjnoEyu/TjI+gRXBpXQ5jCsnnp9FdYhaSSUW/vZ8kBAJByWlj A9aMfVaVrmvgcYw7jzJz+gmZspBRB++5LZ20NzRc8ZGtnQGZpZnRoaG9yc2VtYW4ubmV0PsLA EQQTFgoAeQMLCQdHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnEu/CS CeyWwC6j4ihJr2u/z6delsF1pvYW3ufgf1L538DFQoIApsBAh4BFiEE1HcEDHDCFWpcKYVJu3 6RAUlea/cFAmWnX5AFCQXZ8EUACgkQu36RAUlea/cjVwD+ONjdHM74rAa6EEiiqaPjlptiaZx CVqFYXnib6EbZARkBAPnnR8pW8vCBnDXHKu65jNqwF3aH761NaOqqMFfppg8GzjMEZXEJyxYJ KwYBBAHaRw8BAQdAjX25Fq2Q9IUFeHy6yByIQPBnFOedFliuEiCIUzJsENDCwMUEGBYKAS1HF AAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnwqKWsw56uoWVLIFcs7ZecJ gwpsSNevWCzbviKQ8yRLUCmwK+oAQZFgoAbwWCZXEJywkQdy0WHjXNS4FHFAAAAAAAHgAgc2F sdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnEIJSOxuw2y/UJmg5M3BLpN0JYjODZpXiEVFu 1byARzMWIQR0vATEPYYIS+hnLAZ3LRYeNc1LgQAAsH8BAKg1C5LK/D7pSkXCD+jfTSP+CqM58 iHLjh4vKhpOKsTJAQCHldtEjxJ1ksPTFgG9HihHH7qc6/wvvLw77ETMpwlrAxYhBNR3BAxwwh VqXCmFSbt+kQFJXmv3BQJlp1+rBQkCF4lgAAoJELt+kQFJXmv3ydsA/2roQZ2Jm/7iUrg/2C5 ClWA/xbvPC31LyMkGGH2/rq8tAP9BgqLuCPnNTVPqeX9+9qqMmaFq7wmvjq5I+yycAw9CDc44 BGVxCcsSCisGAQQBl1UBBQEBB0BZMsRrRaaeFSYMF1ZdfRmVgBriDUIr99eDQ085BK14DgMBC AfCwAYEGBYKAG5HFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnsazAWX tEHUPmSTmcRZAIsAsNiO8k0hdjsfRlRVipgJgCmwwWIQTUdwQMcMIValwphUm7fpEBSV5r9wU CZadfqwUJAheJYAAKCRC7fpEBSV5r90AjAPwLgY1iKiFJEj32SVD5f721929l79VxQB5FlQss x1n5kQEA6Uct2tPvbB6T7p5KG3Gl+tbi7oJAuxFmpkpW5/N2Owg=
Date: Tue, 10 Dec 2024 09:55:33 -0500
Message-ID: <875xnrwpsq.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Message-ID-Hash: Z3INITQVA4AV6B5AWV33I6XSKVRLPKAS
X-Message-ID-Hash: Z3INITQVA4AV6B5AWV33I6XSKVRLPKAS
X-MailFrom: dkg@fifthhorseman.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [openpgp] Re: Proposal for update to RFC3156 (PGP/MIME)
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/QMSS7bfZL6nKq3uurH5e0hv2SpE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>
On Fri 2024-12-06 22:24:55 +0100, Kai Engert wrote:
> thanks, I'm interested in a solution that avoids rendering an unknown
> attachment in naive clients.
[…]
> As I understand it, this approach wouldn't avoid the "unknown attachment".
I think you're correct about the proposal here, Kai. It doesn't address
the problem you're describing.
I suspect if you want to devise a format for e2e-signed-only mail (not
encrypted or encrypted+signed) that doesn't have the "unknown
attachment" concern in naive clients, a reasonable approach would be to
piggyback on the DKIM specification:
Define a new header field that works the same way as DKIM in terms of
canonicalization of the signed data stream, and semantics of a failed
signature (failedsig == nosig), but without reference to the signing
keys in the DNS -- rather, the cryptographic material used to verify the
signature would be taken from the e2e sender's OpenPGP certificate. The
simplest approach would be to have the specification take no position on
how to locate or retrieve the OpenPGP certificate, and leave that to
approaches like Autocrypt, WKD, etc.
I don't know whether that work would be in-scope for the OpenPGP working
gorup, but it would probably be something we could aim for in LAMPS, as
it's very much in line with the work in
draft-ietf-lamps-e2e-mail-guidance that aims to make usable and
non-obtrusive e2e cryptography in e-mail.
--dkg
- [openpgp] Proposal for update to RFC3156 (PGP/MIM… Andrew Gallagher
- [openpgp] Re: Proposal for update to RFC3156 (PGP… Kai Engert
- [openpgp] Re: Proposal for update to RFC3156 (PGP… Andrew Gallagher
- [openpgp] Re: Proposal for update to RFC3156 (PGP… Daniel Kahn Gillmor