[saag] Request for discussion of Mandatory Secure Mail Delivery proposal (draft-wchuang-msmd)
Wei Chuang <weihaw@google.com> Tue, 15 October 2013 19:35 UTC
Return-Path: <weihaw@google.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9B5711E8166 for <saag@ietfa.amsl.com>; Tue, 15 Oct 2013 12:35:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hK8lQABljwZq for <saag@ietfa.amsl.com>; Tue, 15 Oct 2013 12:35:47 -0700 (PDT)
Received: from mail-qa0-x22f.google.com (mail-qa0-x22f.google.com [IPv6:2607:f8b0:400d:c00::22f]) by ietfa.amsl.com (Postfix) with ESMTP id DE59D21F9BAB for <saag@ietf.org>; Tue, 15 Oct 2013 12:35:46 -0700 (PDT)
Received: by mail-qa0-f47.google.com with SMTP id k15so3519304qaq.20 for <saag@ietf.org>; Tue, 15 Oct 2013 12:35:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:from:date:message-id:subject:to:content-type; bh=XP5Yw9nVKfruYacdmea5P5zIPW1R/BDR8w1kPUeIDqo=; b=RZom+PonusmqhGAhbsJzl5+bRpYG5hQOGvMD20biQ6BrKAVuR2b9AEXkQ7h/VmYOeZ 0AEGDRov8rbjMCeuLw0mHNusDKhjhIXE1Bl2hZmuIEN4foQ71G+S/zi1CcHnv9GWUIj2 uIKTv4/HbilmZhseib2Q9sRCwXj+YWMX0AJ7sPe/93wzZjsULPTz6RGKTYwRPGPR+lpS nCgFUwvGRRBdU5HA+LNaEncEt4J8eIAbufTT3hUhKIx8L7Vz+fMPY+BLxa5X56YLfFj1 8rx9gEd0iak2Sf1j+m2KN4X9Z2vDMdmfUddKkLCbEHTIDh8JMxxqkRF5IJd1+JDmcs0X 388g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to :content-type; bh=XP5Yw9nVKfruYacdmea5P5zIPW1R/BDR8w1kPUeIDqo=; b=HWE7AMgtHy6AGTHaAwZ910VLKK1Ic3p5jz592UCod7IkJC8DR9HoAGl2ginck3G/9P UwRdhwMHa9iPLfBIDGTIADDIqsHZoNQqUDJ2ZflsMp25O2Z4FPoSR5Mjc0o3JeGZDDaC 1k3X2t6Vq9eIhJVonTl9AaAPbYw4DIbiMMZM9u+ruJ0aa+e0kRQMNAtL3k82nos6tfUT 8x3/P0WvPV3jH0QEoIY/oEdZnjVz1TtihE8EVjzq880mCeHN6HkqAU0/pgwkX19KyoEp +OeLI4vAHkX9ywrqTsxQSwbBAt9ZG0froWMbB1hA8ZXHPhtAwyZsSp+VBJmyONA9f4AE hzcA==
X-Gm-Message-State: ALoCoQnNCaFkHhCsx+f7HxUQlBOlpdZdoGE1iKUI1YNHVtAq0aqyNTjnIDdNDlTHIxRQPpEHXK0H1dPHkuuYtD1w2ra8DKkXkgcKV0juiZjuJ+Vww4C3u4QTYBF8WEh+SUVHDA/oUDuaOeONQYaKkdUr6xDDm4FsEw+hWXdmumfhjtKfA66G7/2sLWeeDcVMfv+S3AyTnVju
X-Received: by 10.224.138.4 with SMTP id y4mr27044589qat.65.1381865746272; Tue, 15 Oct 2013 12:35:46 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.229.183.132 with HTTP; Tue, 15 Oct 2013 12:35:26 -0700 (PDT)
From: Wei Chuang <weihaw@google.com>
Date: Tue, 15 Oct 2013 12:35:26 -0700
Message-ID: <CAAFsWK0n8Xa1zHcU-eD4ngrMA6_5NfCcJa8OuimA=q6gfSkAPw@mail.gmail.com>
To: apps-discuss@ietf.org, saag@ietf.org
Content-Type: multipart/alternative; boundary="001a11c29f4cef29ed04e8ccb059"
X-Mailman-Approved-At: Wed, 16 Oct 2013 08:02:50 -0700
Subject: [saag] Request for discussion of Mandatory Secure Mail Delivery proposal (draft-wchuang-msmd)
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Oct 2013 19:38:25 -0000
Hi apps-discuss and saag, Request for discussion (draft-wchuang-msmd) of a proposal to secure mail from eavesdropping and MitM attacks. I posted the primary thread to ietf-smtp@and request that all discussion go to that list . Here's the abstract: Opportunistic SMTP TLS does not enforce electronic mail delivery using TLS leading to potential loss of privacy and security. We propose an optional mail header extension "mandatory-secure-mail- delivery:" and SMTP EHLO response extension "MSMD" that indicates mail must be delivered privately using TLS and with integrity using DKIM, and thereby provide a security guarantee to the user. When mail is sent with the header indicating privacy and integrity and if the receiving party does not support this, the mail is instead bounced. To protect the mail after delivery, the destination SMTP server must advertise its capabilities as part of the EHLO response, and the sender can choose whether the destination is able to honor the privacy requirements specified on the mail header. Link to the proposal here: http://datatracker.ietf.org/doc/draft-wchuang-msmd/ -Wei PS Pardon for any IETF formatting or etiquette errors as I'm very new to the IETF process.