[saag] Request for discussion of Mandatory Secure Mail Delivery proposal (draft-wchuang-msmd)
Wei Chuang <weihaw@google.com> Wed, 16 October 2013 05:26 UTC
Return-Path: <weihaw@google.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95C1821F9FBA for <saag@ietfa.amsl.com>; Tue, 15 Oct 2013 22:26:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jeyxG2mopmdA for <saag@ietfa.amsl.com>; Tue, 15 Oct 2013 22:26:58 -0700 (PDT)
Received: from mail-qe0-x235.google.com (mail-qe0-x235.google.com [IPv6:2607:f8b0:400d:c02::235]) by ietfa.amsl.com (Postfix) with ESMTP id 7E3F911E80D9 for <saag@ietf.org>; Tue, 15 Oct 2013 22:26:54 -0700 (PDT)
Received: by mail-qe0-f53.google.com with SMTP id cy11so214249qeb.12 for <saag@ietf.org>; Tue, 15 Oct 2013 22:26:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:from:date:message-id:subject:to:content-type; bh=OxFHgUNHgPFL7bl1SH2eFrqlLUVae8FnYijG4T3Iw68=; b=QXhBVQ3R4ULSK8VGYrCm0v97legVWSj52NQ/tzWKk+zihuBzakRTNdq3smLW4MCjQO nWu0k5+1UXvRyV61DIT3Sxv+COdfwd3Lfl++SMJM7VFIDQf28ZL+ey6PmY4v+vaWBaIk E9HlWyBE3UAgHPrudBLetR1To1L/ilmkfkYn4HOaNj9KBx37Ek4ZJn+hFKYIamcwU30d UNvHIxn3fnQF709CgpNA0qA7vcrrHlCAeTgixIapXt9rb/90uM+QoMBUc4u7MWlQRNq4 fpKYlOlfTvaEm/QnDH8cgYdhGoyMCH9yu/xZuP6xJmTp1odmxQHj8QMH/ytVBRUSivBu ZSeQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to :content-type; bh=OxFHgUNHgPFL7bl1SH2eFrqlLUVae8FnYijG4T3Iw68=; b=k74f2I+KWzyUc6Ar9dz6DcEoB15J/62ljPv9quy6MYGKnV9qKkrQByX5bctnTHj4Ah toYvZfVIxlQmhd+a4MOY6cZnxGy8l68EzCc9eX+FrC9AIcCJy1rUcIIlhExbCJYqA7ty GdMIUHggKyyy2tdk3N9Fr+okfQFPYYCnTcCXLpaDHnbN3lLxMPHdvQtsghOGxGJlpjKm kOiBtYPUTIDVHf1s3kFUtWt3SIUN4CIQ4PnbvUhtoYj5PZAgB8Mnw9bhgTaV9B6Ma6zn wpMO+H3Qov2rQwXYUTf5H2kFB5rcgDhA9SHP6NwupCTh+kKL+to5RT80e8mVRAEVBXZ2 VfXQ==
X-Gm-Message-State: ALoCoQl5GCCyOsscMRIC7IjESwF70OM1xkqqeJ7epWNfpubswQvllaIaV+a5AxPQ/xOVeeBNr46T5D0TIn1WKts6Gm0OiJQEcxEaVKnwDohctWchO9TwT26EGWFAn7AGU+KdH79CTiak2MPKfEd6w2gRswoZhmmpp8DLGQMab96c1c0+GORQkWSr/fRyOF5fYXrI48rHBzWg
X-Received: by 10.49.110.36 with SMTP id hx4mr1072164qeb.93.1381901211679; Tue, 15 Oct 2013 22:26:51 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.229.183.132 with HTTP; Tue, 15 Oct 2013 22:26:31 -0700 (PDT)
From: Wei Chuang <weihaw@google.com>
Date: Tue, 15 Oct 2013 22:26:31 -0700
Message-ID: <CAAFsWK01QBwCuMjvtgXNqD9WY34xsvf00ytadSZTSGPsreAqbg@mail.gmail.com>
To: saag <saag@ietf.org>
Content-Type: multipart/alternative; boundary="047d7bdc94ccd663bc04e8d4f2d5"
Subject: [saag] Request for discussion of Mandatory Secure Mail Delivery proposal (draft-wchuang-msmd)
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Oct 2013 05:26:58 -0000
Hi saag, (resend) Request for discussion (draft-wchuang-msmd) of a proposal to secure mail from eavesdropping and MitM attacks. I posted the primary thread to ietf-smtp@and request that all discussion go to that list . Here's the abstract: Opportunistic SMTP TLS does not enforce electronic mail delivery using TLS leading to potential loss of privacy and security. We propose an optional mail header extension "mandatory-secure-mail- delivery:" and SMTP EHLO response extension "MSMD" that indicates mail must be delivered privately using TLS and with integrity using DKIM, and thereby provide a security guarantee to the user. When mail is sent with the header indicating privacy and integrity and if the receiving party does not support this, the mail is instead bounced. To protect the mail after delivery, the destination SMTP server must advertise its capabilities as part of the EHLO response, and the sender can choose whether the destination is able to honor the privacy requirements specified on the mail header. Link to the proposal here: http://datatracker.ietf.org/doc/draft-wchuang-msmd/ -Wei PS Pardon for any IETF formatting or etiquette errors as I'm very new to the IETF process.