Re: [openpgp] New Version Notification for draft-dkg-lamps-e2e-mail-guidance-00.txt
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sat, 31 October 2020 21:16 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98AFD3A0ECB; Sat, 31 Oct 2020 14:16:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.306
X-Spam-Level:
X-Spam-Status: No, score=-1.306 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b=dCgO3IRE; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b=qGN+pbRe
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PDVBx1BbY902; Sat, 31 Oct 2020 14:16:07 -0700 (PDT)
Received: from che.mayfirst.org (unknown [162.247.75.117]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 27D5C3A0EC7; Sat, 31 Oct 2020 14:16:06 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1604178965; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=NkSmLbJMqGI/9W95A8/5pLdXxk7Ytv9zP6PfBLmphMQ=; b=dCgO3IREE42xVDxIY0Jo3SOy8AvjbQjlJAhgVqkdLQ/ptXHnoUgvvX62S5/gMB4Dy71Vx jTBm5i54idUSq8gDQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1604178965; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=NkSmLbJMqGI/9W95A8/5pLdXxk7Ytv9zP6PfBLmphMQ=; b=qGN+pbReqnJJXTdfzOZmiHs4g9lDl+nfwjBxYMGnpoK+nagrybiLNlO7SneEnrJmWYq8u +VK7MZ8QYji+tbJXVulEsj6n28AJ5WDES73VYwhmKmqty6KFn5PWkfeNPzlo1CrkPEobuwi ysnokhbfYh0wMAk3pziRfN9IxIWg5XpDWvvQMZrzrZcJjFaAylJT9uxEP2HgvyJajv9CW19 VzMgoYgZ9MfD6NP85K/6amCKMe3ZyuE1p9ibc21iSMVB/Ye6HaOcTnOhFWl3QHBJXtUns2b xw+O8RZdM3Asrr+cs6lTEgm5CRPkXrNoW6Hf6iIn7GDaxE5nkwq0NsmRz0+w==
Received: from fifthhorseman.net (unknown [108.58.6.98]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id C9B28F9A5; Sat, 31 Oct 2020 17:16:05 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id AF56E206AD; Sat, 31 Oct 2020 16:19:57 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: spasm@ietf.org, openpgp@ietf.org
In-Reply-To: <160416804489.2019.4098533865860400253@ietfa.amsl.com>
References: <160416804489.2019.4098533865860400253@ietfa.amsl.com>
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEXEK/AhYJKwYBBAHaRw8BAQdAr/gSROcn+6m8ijTN0DV9AahoHGafy52RRkhCZVwxhEe0K0Rh bmllbCBLYWhuIEdpbGxtb3IgPGRrZ0BmaWZ0aGhvcnNlbWFuLm5ldD6ImQQTFggAQQIbAQULCQgH AgYVCgkICwIEFgIDAQIeAQIXgAIZARYhBMS8Lds4zOlkhevpwvIGkReQOOXGBQJd5Hw3BQkFpJWB AAoJEPIGkReQOOXGDYEA/j0ERjPxDleKMZ2LDcWc/3o5cLFwAVzBKQHppu0Be5IWAP0aeTnyEqlp RTE7M8zugwkhYeUYfYu0BjecDUMnYz6iDLgzBF3kewUWCSsGAQQB2kcPAQEHQK1IuW0GZmcrs2mx CYMl8IHse0tMF8cP7eBNXevrlx2ZiPUEGBYIACYCGwIWIQTEvC3bOMzpZIXr6cLyBpEXkDjlxgUC XeR7TwUJAiGl/gCBdiAEGRYIAB0WIQQsv6x2UaqQJzY+dXHEDyVUMvKBDwUCXeR7BQAKCRDEDyVU MvKBD7KmAQCHs+7588C4jto6fMje0Nu97zzoppjJM7lrGF2rVnbHvwD+MgmGUbHzPSUrTWnZBQDi /QM595bxNrBA4N1CiXhs2AMJEPIGkReQOOXGpp0BAM7YeBnt/UNvxJAGm4DidSfHU7RDMWe6Tgux HrH21cDkAQC9leNFXJsQ7F2ZniRPHa8CkictcQEKPL8VCWpfe8LbArg4BF3ke5wSCisGAQQBl1UB BQEBB0Cf+EiAXtntQMf51xpqb6uZ5O0eCLAZtkg0SXHjA1JlEwMBCAeIfgQYFggAJhYhBMS8Lds4 zOlkhevpwvIGkReQOOXGBQJd5HucAhsMBQkCIaVkAAoJEPIGkReQOOXGdYcBANYnW7VyL2CncKH1 iO4Zr0IwfdIv6rai1PUHL98pVi3cAP9tMh85CKGDa0Xi/fptQH41meollLW5tLb/bEWMuUNuBQ==
Date: Sat, 31 Oct 2020 16:19:56 -0400
Message-ID: <87wnz6jggj.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/VVregeUyrdR5449sifg2Aog3HpE>
Subject: Re: [openpgp] New Version Notification for draft-dkg-lamps-e2e-mail-guidance-00.txt
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 31 Oct 2020 21:16:10 -0000
Hi LAMPS and OpenPGP folks-- In the hopes of providing a useful space for discussion of effective implementation of end-to-end crypto for e-mail clients, i've just published the draft identified below. > https://datatracker.ietf.org/doc/draft-dkg-lamps-e2e-mail-guidance/ > https://www.ietf.org/archive/id/draft-dkg-lamps-e2e-mail-guidance-00.html > > Abstract: > End-to-end cryptographic protections for e-mail messages can provide > useful security. However, the standards for providing cryptographic > protection are extremely flexible. That flexibility can trap users > and cause surprising failures. This document offers guidance for > mail user agent implementers that need to compose or interpret e-mail > messages with end-to-end cryptographic protection. It provides a > useful set of vocabulary as well as suggestions to avoid common > failures. This is implementation guidance -- it covers some protocol structures but doesn't introduce any novel protocol elements. Rather, it gives pointers that explain common problems, subtleties and nuances that a MUA implementer might not understand about encrypted mail. You might think of it as a response to some of the problems that came up a few years ago in "EFAIL" (https://efail.de). The draft formalizes a few useful notions. In particular it documents "Cryptographic Envelope" and "Cryptographic Payload" as concepts that hopefully winnow down the space of infinite MIME recursion into usable, sensible structures for e-mail. I've pulled these definitions out of draft-autocrypt-lamps-protected-headers because they apply whether headers are protected or not. (I'll get to the protected headers in a separate conversation) I'm hoping to discuss this draft on the LAMPS mailing list (spasm@ietf.org) because of the coverage there of S/MIME and cryptographic e-mail more generally. But the principles are identical for PGP/MIME, so the draft covers PGP/MIME as well. Both standards exist and are in use, so cryptographic MUAs need to realistically grapple with that situation. I hope that developers who care about only one camp can see the moral equivalence of the two schemes and try to share tips that apply generally to cryptographic MUAs. If you're an implementer of a cryptographic MUA (or want to be), i hope you'll read the draft, offer commentary and share your insights. I welcome interested co-authors as well. The draft is written in pretty simple markdown, and for minor edits i welcome merge requests and bug reports at: https://gitlab.com/dkg/e2e-mail-guidance Any MRs or bug reports on gitlab for more substantive changes are welcome as well, but i encourage bigger conversations to target the LAMPS mailing list, and i'll use the issue/MR tracker on gitlab to track the mailing list discussion. If there's room in the upcoming LAMPS meeting at IETF 109 to discuss this, i'd be happy to lead a discussion for 5-10 minutes, but discussion on the mailing list is more important. Regards, --dkg On Sat 2020-10-31 11:14:04 -0700, internet-drafts@ietf.org wrote: > A new version of I-D, draft-dkg-lamps-e2e-mail-guidance-00.txt > has been successfully submitted by Daniel Kahn Gillmor and posted to the > IETF repository. > > Name: draft-dkg-lamps-e2e-mail-guidance > Revision: 00 > Title: Guidance on End-to-End E-mail Security > Document date: 2020-10-31 > Group: Individual Submission > Pages: 19 > URL: https://www.ietf.org/archive/id/draft-dkg-lamps-e2e-mail-guidance-00.txt > Status: https://datatracker.ietf.org/doc/draft-dkg-lamps-e2e-mail-guidance/
- Re: [openpgp] New Version Notification for draft-… Daniel Kahn Gillmor