Re: [secdir] Secdir last call review of draft-ietf-jmap-core-12

Barry Leiba <barryleiba@computer.org> Fri, 04 January 2019 00:31 UTC

Return-Path: <barryleiba@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61E5913139F; Thu, 3 Jan 2019 16:31:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8DfxrA0QpGJW; Thu, 3 Jan 2019 16:31:43 -0800 (PST)
Received: from mail-io1-f43.google.com (mail-io1-f43.google.com [209.85.166.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B276131392; Thu, 3 Jan 2019 16:31:43 -0800 (PST)
Received: by mail-io1-f43.google.com with SMTP id s22so28400127ioc.8; Thu, 03 Jan 2019 16:31:43 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=/lHtNsfmhEuWLztp8kozShaHhIyxsp7bffxLLvOMEyM=; b=S7BWYxANcmhS/CwLz/AIt3d5h5NORzultpIMLvx04y956DvundqFt3yJwwl96vjHOZ /iEQnawqVUfVO7/e54HiGMOedbMtJyOpOPY3I1A1KF01d/gtSXevyRbve41uAVOsQjuy d2hN7hgpXRqZ6rSJ6Jpm+1bX6Nq6i9szMqGiHpnIx332GNEiPm/4+CjxDXBCLljFzPhI uu168QzrJryX1kF/OfJguDCKmbt150l/NZJOVLGK9BPNMQ/a8k+m2pIlmyXgw3FJej+M mK+nVqc3h0w4pIvzu5u/0HKlXtCHd9inbCa6cjqt3U62ABqyzPJod1q7KLFc/qrV3XMC fMiQ==
X-Gm-Message-State: AJcUukeITUI5fAYiyO86C0Wn3oFYtrVuTkufjD8qLPe4ro1+ihkd7zb6 4zOg20sqNbo+xqeEoc9yeM9bUonRYQtxyTGuLTjgtsIv
X-Google-Smtp-Source: ALg8bN47cmj+6JaA3NVDOxVCFEiyRVdPu1k07xUmsUnp6H0ieXZa+yexzHpHJGNm7/i1wiPS+4DE2Bab65DAkXg1eR4=
X-Received: by 2002:a6b:6814:: with SMTP id d20mr26970253ioc.76.1546561902248; Thu, 03 Jan 2019 16:31:42 -0800 (PST)
MIME-Version: 1.0
References: <154651703823.29557.748556981627156046@ietfa.amsl.com> <CABuGu1oM4qBcMNxh=rnWCSD-tVJYcNmDaL+orwBqq=OAvKWOZg@mail.gmail.com>
In-Reply-To: <CABuGu1oM4qBcMNxh=rnWCSD-tVJYcNmDaL+orwBqq=OAvKWOZg@mail.gmail.com>
From: Barry Leiba <barryleiba@computer.org>
Date: Fri, 4 Jan 2019 08:31:31 +0800
Message-ID: <CALaySJ+-CCiQbgkF8fb_+60yD8t=UHKAPZqBuDZRZQ6NYppu0Q@mail.gmail.com>
To: "Kurt Andersen (IETF)" <kurta+ietf@drkurt.com>
Cc: IETF JMAP Mailing List <jmap@ietf.org>, Tero Kivinen <kivinen@iki.fi>, draft-ietf-jmap-core.all@ietf.org, secdir@ietf.org
Content-Type: multipart/alternative; boundary="000000000000ce8899057e9700a4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/sI9ee5s01HCv5fKB9fbOoBhlW0s>
Subject: Re: [secdir] Secdir last call review of draft-ietf-jmap-core-12
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Jan 2019 00:31:46 -0000

I think that advice to use TLS whenever possible is the extent of what
makes sense to say here.

As to shared folders, that is neither “bad” nor “risky”: it’s necessary for
many use cases.  For example, IETF itself uses shared IMAP folders to serve
up our mailing lists.  Help desks will use a shared inbox for, say,
ithelp@example.com, to allow multiple agents to handle questions and
complaints, while maintaining accountability (each agent has a separate
login, so their activity is tracked).

Barry

On Fri, Jan 4, 2019 at 1:21 AM Kurt Andersen (IETF) <kurta+ietf@drkurt.com>;
wrote:

> On Thu, Jan 3, 2019 at 4:04 AM Tero Kivinen <kivinen@iki.fi>; wrote:
>
>> Reviewer: Tero Kivinen
>> Review result: Has Issues
>>
>> This document also has quite a lot of privacy concerns which are not
>> addressed by it. For example email delivery and event notifications can
>> leak lots of information even to passive attackers.
>>
>
> How is this any different than the risks present in current mechanisms
> (websockets, HTTP, MAPI, IMAP, etc.)? I don't see this as a new risk being
> introduced by the JMAP protocol.
>
> Of course sharing mailboxes between multiple users (one of the
>> examples given in 1.6.2), has lots of privacy issues.
>>
>
> Again, this is not a new risk being introduced by JMAP. It seems unfair to
> saddle the JMAP protocol with the responsibility of documenting a
> comprehensive set of privacy and security risks for bad or risky behaviours
> that have been a wide part of common practice for decades.
>
> --Kurt Andersen
>