[plasma] FW: I-D Action: draft-freeman-message-access-control-req-01.txt
Trevor Freeman <trevorf@exchange.microsoft.com> Tue, 31 May 2011 17:36 UTC
Return-Path: <trevorf@exchange.microsoft.com>
X-Original-To: plasma@ietfa.amsl.com
Delivered-To: plasma@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F55FE068E for <plasma@ietfa.amsl.com>; Tue, 31 May 2011 10:36:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.599
X-Spam-Level:
X-Spam-Status: No, score=-110.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6r35mdw9ftvn for <plasma@ietfa.amsl.com>; Tue, 31 May 2011 10:36:10 -0700 (PDT)
Received: from mail.exchange.microsoft.com (mail7.exchange.microsoft.com [131.107.1.27]) by ietfa.amsl.com (Postfix) with ESMTP id 32926E0662 for <plasma@ietf.org>; Tue, 31 May 2011 10:36:10 -0700 (PDT)
Received: from df-h14-02.exchange.corp.microsoft.com (157.54.78.140) by DF-G14-02.exchange.corp.microsoft.com (157.54.87.56) with Microsoft SMTP Server (TLS) id 14.1.218.12; Tue, 31 May 2011 10:36:09 -0700
Received: from PIO-MLT-05.exchange.corp.microsoft.com (157.54.94.22) by DF-H14-02.exchange.corp.microsoft.com (157.54.78.140) with Microsoft SMTP Server (TLS) id 14.1.289.8; Tue, 31 May 2011 10:36:09 -0700
Received: from DF-M14-10.exchange.corp.microsoft.com ([fe80::b9ce:8ce7:94eb:4757]) by PIO-MLT-05.exchange.corp.microsoft.com ([fe80::d940:e316:1daa:5e6a%10]) with mapi id 14.01.0218.012; Tue, 31 May 2011 10:36:05 -0700
From: Trevor Freeman <trevorf@exchange.microsoft.com>
To: "plasma@ietf.org" <plasma@ietf.org>
Thread-Topic: I-D Action: draft-freeman-message-access-control-req-01.txt
Thread-Index: AQHMHLHX8a2KjPiN6UuhyP4IEiosApSnOFoQ
Date: Tue, 31 May 2011 17:36:04 +0000
Message-ID: <E545B914D50B2A4B994F198378B1525D392F8FDA@DF-M14-10.exchange.corp.microsoft.com>
References: <20110527210451.15420.11137.idtracker@ietfa.amsl.com>
In-Reply-To: <20110527210451.15420.11137.idtracker@ietfa.amsl.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.103]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: [plasma] FW: I-D Action: draft-freeman-message-access-control-req-01.txt
X-BeenThere: plasma@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The PoLicy Augmented S/Mime \(plasma\) bof discussion list." <plasma.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/plasma>, <mailto:plasma-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/plasma>
List-Post: <mailto:plasma@ietf.org>
List-Help: <mailto:plasma-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/plasma>, <mailto:plasma-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 May 2011 17:36:11 -0000
FYI, I have updates the scenarios section with more details on the expected policy implications. I have also included the document scenario. Trevor -----Original Message----- From: i-d-announce-bounces@ietf.org [mailto:i-d-announce-bounces@ietf.org] On Behalf Of internet-drafts@ietf.org Sent: Friday, May 27, 2011 2:05 PM To: i-d-announce@ietf.org Subject: I-D Action: draft-freeman-message-access-control-req-01.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : Requirements for Message Access Control Author(s) : Trevor Freeman Jim Schaad Patrick Patterson Filename : draft-freeman-message-access-control-req-01.txt Pages : 20 Date : 2011-05-27 There are many situations where organizations want to include information which is subject to regulatory or other complex access control policy in email. Regulated information requires some form of robust access control to protect the confidentiality of the information. The Enhanced Security Services for S/MIME [rfc2634] defines an access control mechanism for S/MIME (eSSSecurityLabel). This is a signed attribute of a SignedData object which indicates the access control policy for the message. The fact that this is a signed attribute protects the integrity of the data and the binding of the label to the message but does not protect the confidentiality of the information i.e. at the point where you lean the access control policy to the data you also have access to the data. While the signature provides integrity for the label over the clear text, it is susceptible to unauthorized removal i.e. if you only have SignedData message, any MTA in the mail path can remove a signature layer and therefore remove the access control data. Encrypting the signed message protects the confidentiality of the data and protects the SignedData from unauthorized removal but this hides the ESS security label. From a regulatory enforcement perspective this is an extremely weak form of access control because cryptographic access to the data is given before the access check. The correct enforcement of the access check totally depends on the configuration of the recipients email client. Since the cryptographic access is granted before the access checks, there is no significant impediment for a recipient who is unauthorized under the policy to access the data. A stronger enforcement model is needed for regulatory control for email where cryptographic access is only granted after the access check. There are also many users on the Internet today who have some form of authentication credential but they are not X.509 certificates and who therefore cannot use S/MIME. There are now available, standard based services (e.g. [SAML-overview]) which abstract the specifics of a technology used to authenticate uses from the application itself (S/MIME in this case). Adoption of this abstraction model would enable a broader set of users who have other types to authentication credentials to be able to use S/MIME to secure email. It also allows for new authentication technology to be deployed without impacting the core S/MIME protocol. This document specifies the requirements for:- A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-freeman-message-access-control-req-01.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ This Internet-Draft can be retrieved at: ftp://ftp.ietf.org/internet-drafts/draft-freeman-message-access-control-req-01.txt _______________________________________________ I-D-Announce mailing list I-D-Announce@ietf.org https://www.ietf.org/mailman/listinfo/i-d-announce Internet-Draft directories: http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
- [plasma] FW: I-D Action: draft-freeman-message-ac… Trevor Freeman