Re: [plasma] S/MIME for document control

Trevor Freeman <trevorf@exchange.microsoft.com> Fri, 04 February 2011 17:57 UTC

Return-Path: <trevorf@exchange.microsoft.com>
X-Original-To: plasma@core3.amsl.com
Delivered-To: plasma@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 85F713A69B3 for <plasma@core3.amsl.com>; Fri, 4 Feb 2011 09:57:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.599
X-Spam-Level:
X-Spam-Status: No, score=-110.599 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t04Nog97-N6l for <plasma@core3.amsl.com>; Fri, 4 Feb 2011 09:57:51 -0800 (PST)
Received: from mail.exchange.microsoft.com (mail7.exchange.microsoft.com [131.107.1.27]) by core3.amsl.com (Postfix) with ESMTP id 332453A69CD for <plasma@ietf.org>; Fri, 4 Feb 2011 09:57:36 -0800 (PST)
Received: from df-h14-02.exchange.corp.microsoft.com (157.54.78.140) by DF-G14-02.exchange.corp.microsoft.com (157.54.87.56) with Microsoft SMTP Server (TLS) id 14.1.218.15; Fri, 4 Feb 2011 10:01:01 -0800
Received: from DF-MLT-01.exchange.corp.microsoft.com (157.54.94.40) by DF-H14-02.exchange.corp.microsoft.com (157.54.78.140) with Microsoft SMTP Server (TLS) id 14.1.270.2; Fri, 4 Feb 2011 10:01:01 -0800
Received: from DF-M14-12.exchange.corp.microsoft.com ([fe80::7c94:4036:120:c95f]) by DF-MLT-01.exchange.corp.microsoft.com ([157.54.94.40]) with mapi id 14.01.0218.012; Fri, 4 Feb 2011 10:01:01 -0800
From: Trevor Freeman <trevorf@exchange.microsoft.com>
To: Phillip Hallam-Baker <hallam@gmail.com>, "plasma@ietf.org" <plasma@ietf.org>
Thread-Topic: [plasma] S/MIME for document control
Thread-Index: AQHLxIUGzegIBrtNEUyNiy5kHWJPY5PxnR3A
Date: Fri, 4 Feb 2011 18:01:01 +0000
Message-ID: <E545B914D50B2A4B994F198378B1525D1AC868A7@DF-M14-12.exchange.corp.microsoft.com>
References: <AANLkTim9-k0vn4JhW6-YHU12OMLgxGHdqmCf+4Q9Aw0P@mail.gmail.com>
In-Reply-To: <AANLkTim9-k0vn4JhW6-YHU12OMLgxGHdqmCf+4Q9Aw0P@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.104]
Content-Type: multipart/alternative; boundary="_000_E545B914D50B2A4B994F198378B1525D1AC868A7DFM1412exchange_"
MIME-Version: 1.0
Subject: Re: [plasma] S/MIME for document control
X-BeenThere: plasma@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "The PoLicy Augmented S/Mime \(plasma\) bof discussion list." <plasma.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/plasma>, <mailto:plasma-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/plasma>
List-Post: <mailto:plasma@ietf.org>
List-Help: <mailto:plasma-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/plasma>, <mailto:plasma-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Feb 2011 17:58:01 -0000

Hi Phil,

I think document or files are a good direction to go as an extension of the work. Ultimately the goal is to be able to provide consistent policy enforcement of polices on information regardless where that information is in email or in a file. As a byproduct we have to be able to use a much broader set of credential types e.g. this must work if the user just has a password.  The motivation to split the WS-trust piece out was that it can be reused for other scenarios such as document protection. We have discussed drafting how to use CMS with OPC which would deliver both generic file protection as well as cover the major document format standards. We felt stating with email was a good first step. There are a lot of scenarios playing out today where email would be the logical chose IF it could deliver higher assurance on the privacy front. My bank cannot send be my statement via email, nor can my doctor send me test results.

Just protecting documents and files is not a good paradigm. Users would have to understand that the information they type in the message was insecure but the information in the attachment was secure. That is way too much of a leap of trust in the user. If we start with email they that will cover the attachments which makes things better than they are today. If we have enough volunteers to draft specs we can look to add documents and files using the same approach sooner rather than later. We need to get the first set of deliverables underway before we extend the scope.

Trevor

From: plasma-bounces@ietf.org [mailto:plasma-bounces@ietf.org] On Behalf Of Phillip Hallam-Baker
Sent: Friday, February 04, 2011 8:03 AM
To: plasma@ietf.org
Subject: [plasma] S/MIME for document control

I have been thinking for a while that S/MIME is probably less useful as a mail security feature as a document security feature.

Imagine that I could tag a file from Word or Excel with a security policy so that it woud be automatically saved in an encrypted CMS package with decryption keys for both me and a document server.

That would be the best way to make sure that the document is encrypted end-to-end which these days means securing the document in the end point mobile device as at least as great a priority as on the wire.

There are CMS systems for inside enterprises, but use seems to be marginal at best and the most interesting/confidential documents in a commercial environment are almost exclusively those that have to be passed to other companies to fullfil their function. I.e. the ones exchanged with lawyers, customers etc. Even patient records need to be exchanged with specialists from other hospitals.


There is a relevant patent that covers the efficient way to do this -  http://www.freepatentsonline.com/5481613.html, issued in 1994. Currently assigned to Entrust I believe. Thats only three years and a few months.



--
Website: http://hallambaker.com/