Re: [secdir] Secdir last call review of draft-ietf-jmap-core-12

Benjamin Kaduk <kaduk@mit.edu> Sat, 05 January 2019 18:51 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ECDF1130E5F; Sat, 5 Jan 2019 10:51:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mit.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 67JI9sr7WF7L; Sat, 5 Jan 2019 10:50:58 -0800 (PST)
Received: from NAM04-CO1-obe.outbound.protection.outlook.com (mail-eopbgr690127.outbound.protection.outlook.com [40.107.69.127]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 43C3A130E36; Sat, 5 Jan 2019 10:50:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=U4qBFEilrMVxyRi03lzFdQ/pftifXnXKPXiZf7I6wzQ=; b=xLVULcrGjY8kcZLgVmTQZlKJledGEjUFV9ZGJlZIelYdcF00xKil8tXKVm5iubTHj/sA4RvX2sjukLfErsSwvNZIB2+aj8/lSYufJ1Ea4ZCL2jQ6a27QccJkfw74qqfgLlRNQbv8Jgfi2NdOIJ8vtlF472t3oJeXi1ZLFIknK4g=
Received: from BL0PR0102CA0011.prod.exchangelabs.com (2603:10b6:207:18::24) by DM6PR01MB4025.prod.exchangelabs.com (2603:10b6:5:2e::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1495.6; Sat, 5 Jan 2019 18:50:56 +0000
Received: from CO1NAM03FT034.eop-NAM03.prod.protection.outlook.com (2a01:111:f400:7e48::209) by BL0PR0102CA0011.outlook.office365.com (2603:10b6:207:18::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1495.6 via Frontend Transport; Sat, 5 Jan 2019 18:50:55 +0000
Authentication-Results: spf=pass (sender IP is 18.9.28.11) smtp.mailfrom=mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of mit.edu designates 18.9.28.11 as permitted sender) receiver=protection.outlook.com; client-ip=18.9.28.11; helo=outgoing.mit.edu;
Received: from outgoing.mit.edu (18.9.28.11) by CO1NAM03FT034.mail.protection.outlook.com (10.152.80.177) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1471.13 via Frontend Transport; Sat, 5 Jan 2019 18:50:55 +0000
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x05IookR031194 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 5 Jan 2019 13:50:52 -0500
Date: Sat, 5 Jan 2019 12:50:50 -0600
From: Benjamin Kaduk <kaduk@mit.edu>
To: "Kurt Andersen (IETF)" <kurta+ietf@drkurt.com>
CC: Tero Kivinen <kivinen@iki.fi>, IETF JMAP Mailing List <jmap@ietf.org>, <draft-ietf-jmap-core.all@ietf.org>, <secdir@ietf.org>, <iesg@ietf.org>
Message-ID: <20190105185050.GB28515@kduck.kaduk.org>
References: <154651703823.29557.748556981627156046@ietfa.amsl.com> <CABuGu1oM4qBcMNxh=rnWCSD-tVJYcNmDaL+orwBqq=OAvKWOZg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CABuGu1oM4qBcMNxh=rnWCSD-tVJYcNmDaL+orwBqq=OAvKWOZg@mail.gmail.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:18.9.28.11; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(39860400002)(136003)(396003)(376002)(346002)(2980300002)(199004)(189003)(786003)(26826003)(16586007)(58126008)(54906003)(50466002)(14444005)(26005)(5660300001)(316002)(86362001)(486006)(53546011)(47776003)(36906005)(46406003)(106002)(33656002)(8676002)(9686003)(8936002)(336012)(23726003)(106466001)(53416004)(508600001)(2906002)(186003)(476003)(305945005)(1076003)(246002)(97756001)(6246003)(76176011)(356004)(11346002)(88552002)(426003)(956004)(104016004)(446003)(55016002)(75432002)(4326008)(126002)(7696005)(229853002)(18370500001); DIR:OUT; SFP:1102; SCL:1; SRVR:DM6PR01MB4025; H:outgoing.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-auth-1.mit.edu; A:1; MX:1;
X-Microsoft-Exchange-Diagnostics: 1; CO1NAM03FT034; 1:PlfI+GeI6MxeSjShGoVlfz4+XgoxeUeT7eKrQok4qNNChohdUO+Cts4u6Tfs5G2WbIES9ZhXvAwJYYYnN2fl2BUOMNYAkxOS9fJKHsQshKhH/Nhp9ahn2XgnlUU/GdEW
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 29262ba7-f578-4174-18db-08d6733eb971
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600109)(711020)(4608076)(4709027)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7153060); SRVR:DM6PR01MB4025;
X-Microsoft-Exchange-Diagnostics: 1; DM6PR01MB4025; 3:lQALM+D9bfmBnQ7BHDYaotEZj1og8m3elrmDOz/nLj0DJZXKl2NWqRUyAk0af55dICaCkkKPPjgx6pveLZJe0DTqeICQwh1uWhZ1fpyWoAZzbPIWB+otqbYYJe9Z02Z709vrNQkCKMp1m4YZter88zhpTQFH+AZYHX8+G6C4PhBMSjFam+587JFbslIoFBqqIMT7cMURdz1Zh8/NRxN64bLItC2u960VJTnNUBy1Q6IuJycxXMtXv1Urqc2v5DpZQsHRw7SKkl8EgRkO/bmeEgKfBJJVsIdSn8aI0A2hnGQTjaJbp+lQAEFa8iAhuo/yDKSn/xp6ObbTiT2GWNVwydcIC8S3OGhlBBGMvRmpUEtSUDaJ3rRFsfUv670Vrg9s; 25:L6hPVeAggpoQBcmCRq7j+ewxAZ9DpfOSoGr2s8C3RyF+PLOFJGz22Atyo+SYigmQQKRtk1mR0dz3Nq+ZVHCHuERMb+vIfE5yEfSm9uXnkTfy3nyKprhSXXRjOjriJYTCjIBupQQXPwxjJIRH7dBjwdqovXeBPdWsH/l83chKntLb4xxqB8RynoTaZxSyv1wz3hWgOtqCwklDBPhyM0riK5OnTskuUue09OQJS15t2/sdQoqBpuAWMM3lxaVrpxOIHeBVgtMlvvnfkSXo8XTOy4R9SaHgPNtwWsYh0OvzarBRhmNLM+u5wYU29e/TZGfHUkuDNpAgI+XmHu9fqiELuw==
X-MS-TrafficTypeDiagnostic: DM6PR01MB4025:
X-Microsoft-Exchange-Diagnostics: 1; DM6PR01MB4025; 31:d3lVnjdTDV9My1oXn50jCHXhGo0YjcbX4E3Apn6eCQM0Crvw6W+zunQ6qkpRz+wY7xXgrfdEwOPewKQb92lUridYx6JRiQS02b6ufRX0yrwCNmJlqxqWRSx7MU9yuqRfHWuKvyricwaOqCcjUFhDGhP5OF501N8l1vsl6AQXkQeqwaMVuBkjUuo8lNqCLSG67FSrFA8GxwL8emmwGzfut1nNXCWaqOBvaRXQojtdTAw=; 20:GChGfZsc7XyvPT5IbMQeIDvZQUwWOA30B8iqFQIIRYBGAnR4U9HOXVVcENAc0UaMAjL437grA5FjeSdxf9ZYIC1d4XP1890X3N/UObuUu4gZ/1bZ71dBhql2r/HoJYC9EUptjqK5bi//+YJbIevsbbgfLX4wR3WqorcI8E65HPkUVikXjzgMltrBcw2cv94GHeynQiSsAZ3iBScfg6JmG/QHfio+QTEYr8mc4yDKPyphKWb3JK/QsljFCUmLq3UijJF44DlxUzhg/j0oDbSxf7F9LxveSC3rKLUQ2tm9EUAUFhT3/4PyhgUaJEHbIfh1OypGJed935OL24Y22xuM5qBE0Ci2j3LD4gu86CcnlYR6XnKa1V/QOo1dbeEUaiaZSl7n3flq7HSKtGS0zkLNXcJdEAbivn+zbmjnVAJta+Mmhpo1Csfe1q+1W5Q9RYZPRrtedqnEwB5wzK4qJYesCUNa5EbmTrQaRXCf0DexMS/wkRjv3C7Ko4ITAR+iFbBq
X-Microsoft-Antispam-PRVS: <DM6PR01MB40254449011964EF8650746FA08F0@DM6PR01MB4025.prod.exchangelabs.com>
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(3230021)(908002)(999002)(5005026)(6040522)(8220060)(2401047)(8121501046)(93006095)(93004095)(3231475)(944501520)(4982022)(52105112)(10201501046)(3002001)(6041310)(20161123558120)(20161123562045)(201703131423095)(201702281528075)(201702281529075)(20161123555045)(201703061421075)(20161123560045)(20161123564045)(201708071742011)(7699051)(76991095); SRVR:DM6PR01MB4025; BCL:0; PCL:0; RULEID:; SRVR:DM6PR01MB4025;
X-Microsoft-Exchange-Diagnostics: 1; DM6PR01MB4025; 4:fnwkLcuWCQXQj8yisPbcE6trpRgB/nRaJwBiKwdbCSM2rEnKhy9vifUYVWtQvHBX2hTTCxRnNf6HxzDucmU1Z1fXYP3x8P7n9d1a2A1ZzVFa7sfHNavPoFekyCZ8zeFd4Zy+CoLdBoSWhHMqUb1qkFOZRI/fwrYT1Xz4Qk0YzrUHfu7Tvdr9gbZsFfDXzRfavmg2wy59SHO8VrhNGFpWcHuaZAa6f3cVUekJZYTld+/YEynuR3FnKdlhpzguiN6r/o7y39Qf5FqjePoxLfpX3W13vCRGzb9giq3qhiuhI9L3BZ5Iu23ef3RZXJRARw4i
X-Forefront-PRVS: 09086FB5C5
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM6PR01MB4025; 23:nmbYMX32bKEl9fJK1345xnMwtjIKOYVpMzBk7zaMb?= =?us-ascii?Q?Yn6slbG8fSO6G25LvkjA5I6rdfBw57NscsOdl5QwiLviuo2jtfkyTP5rN3FM?= =?us-ascii?Q?1B+dyWGkGRjkeyWwa5/PkVrSDg1WIemmh9uJbSTLGeUNAIN5w7xQ2bM22Osr?= =?us-ascii?Q?ohsCyMikJa76C5U3FrunNKbPv8bQ9/UCEbndrNY/vBrWZTrt72vTwEXlOjTo?= =?us-ascii?Q?2N0M0q8vlX4uH6RT+82OX+ySijmN4qftsD65vVS/TmT4MAhjZlb67bSyW8Ia?= =?us-ascii?Q?Zgsf03ofJPRIG+zpBrnGMy1qpk20Z5DqcsESdmy0oS5fymtDDCMQRRLVK1t1?= =?us-ascii?Q?aHkhg4Dtenay3c3qaBFPvtiL1BXCDRXTMQjWQd5MMXQmN+RAgfSCe/wn1Q67?= =?us-ascii?Q?w315/8TPD4mREAQHWs96XwavyQR2br5pBFVWmdqcU28QUgFvBR4TT8V7IZLy?= =?us-ascii?Q?MSIm2AWDoYwI2FrMwnOsueE4eZZelGbzAXssIeKgTheInGcW14oLa25ixv1h?= =?us-ascii?Q?pAmn4b93XbKdBFFJMQAIqQdpy0nwmjxbGDmQKMpETdhOtcXJ2yMlklwyguSk?= =?us-ascii?Q?KIKzKoGRd7GiMovGVKBoQDIhD0GfJBtqt3QPfBiT5WHKoU8S5BUX0E46DrwK?= =?us-ascii?Q?QQ8/k/Lkbl2AruXzunFhNNyNgUgKLV//znv5T88EWO4Eq4ndPrmWAKTdw6aq?= =?us-ascii?Q?2IZR3LIi4nYF/LRzw0iU6v0WNtYnzQJGwAAMhULUi5SHVVVaRlEr4x79mN1U?= =?us-ascii?Q?CXZBybtdu5aPMpVuJ6dkjBSZNTcKgaQQdXYBdXHnULUrEV8SkmYAdFkNm5Bq?= =?us-ascii?Q?DyfP8oKci+sYxyDbQ2hycvBeStEwulGGCWitRkc0pxXYHGXhDnQZylQXvsBb?= =?us-ascii?Q?GYx+qKIuZxaWq4SqN50B12wPZNan2OsxTH10Vh/jksPsC8m8MvGOl1iteNLd?= =?us-ascii?Q?lc+a3vn0zZisvb4ghwkd8LDtQ17ZLscku6o/xZvC1TnA5E7YpInbPBsb+olx?= =?us-ascii?Q?yxHRTKIYPhl9ZddRn6Kf79xYRnenYG9EGvfD8mPFG6Q0TN6yhJDW2Xkqnaso?= =?us-ascii?Q?EW1VZn4SiL2DZ2sGATT9UzxJaJPxMDAOCQ43qP34eut+iHC6eghK9ip/Jfx3?= =?us-ascii?Q?pj57rJM7lffHz1FjEv2hxFjadKUymBC5M7f8xY4Dx2DY4bvyoskD1WvqHT5E?= =?us-ascii?Q?iXdCnojdOMcCbGn/nKKFBfyAvdkR+pypM/j/j1ZTfdVQZUmoq9HAuo1NLcqU?= =?us-ascii?Q?2WocfZLAH5TKwi9iS4=3D?=
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: PSZUr9TGyK0f9zV6t+v5V7ikLhSGDMslcAWAnKl61rXQQ9XTRD/rcj+KnnUCegDgIbxdgJIYDlmkpIqP9MXaCdzxxYHh5jp5rVngfOc0JwIanlsNB+hbjCQzGrrA03mRBBdL39b70ynO3kc7IRunwdec7Q03lNWHSYAnxAa3Sf+oDBdccZl7vkTg18REXnVS5ldHfyAacNv3pHWYsufgVyUkyrKE099HL4IVVrbBijYcMPMfHQvRP/YoI6syY1V2b8zhPoDj07hsLYJDOgj4qa2EZ1HWRM/aLMaLBQn3Mk8hMAyJc++2vXC7AcZrAPoX
X-Microsoft-Exchange-Diagnostics: 1; DM6PR01MB4025; 6:PB+zKsOwT4cAGY5IDB+TtnEVVINlHrJG52pX1BSgk7NMCtqwv7WQ/znmCVFYbfsZvKwO4cwKUrJzjehc8pwrsVrVNst5ibo+wRr8685nCfaaMwvPJcb/krAaB238sGnWjdh0UK2CK9bZIx3nt4cYfW24beFBRNf+O4mWFVLd/vO6oXxgwruUmlQybi5xj3b7zYG/QouT5vRp7OwmhcKSfiCVaZyea0TwjHccyEhDm8KC3eVZCJJ0bfjviUhwmgbd9C1qXPJqP3+lcjQ3RM1/otcUOKS0D5txoWbbaKAbrEzbQyeYt/+iv7hGfyfYLGFmD1cTIQh8YfgwJw+sFA00dt1J7gs3+tKH/Jfj3YuQiGOfFxiu6FC4QFYxiv+dCAM6zU2Bbu4Ib0IxUnkqTHb/dzb7smiH5RMN09yzOFuttruzJo8cue10VBhMkR413wXsMafCx1lZJL1+cZcu+8yJ0A==; 5:ipad+kuBVGpcp6J/3fOWSKcwyRXkwwTZgOgxwySBbXqOLBHTAl/4t/wLx2DO+XK+ZOR2Sa+vrMaYDxosVwCsHvFa/QKSb1LdK92/vtoI5B3PBvwU3EjVz0nL0p/c/3bUZuTn8ILg+hTbsZyYG2XKEVvKZdvTwSD3AaXxWzaP0sMNkvFasa0BFi7FuxCqWI5TS1398VtBCoTWlHPe/oHR7g==; 7:AcnpFXoZ8YQyUmZKCNHBcwom0gAhvOf7SqGXIV8ClZ5J/wu7XDxGtSifzbXUJAOamKKaERT49aiyFLBQuO6fs1tPk1T+j2GXL9+W972jxC2KgRnwDX9ODy3C+69nN67mlVzC+0yzw7uUD5po1b3zJA==
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Jan 2019 18:50:55.1023 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 29262ba7-f578-4174-18db-08d6733eb971
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=64afd9ba-0ecf-4acf-bc36-935f6235ba8b; Ip=[18.9.28.11]; Helo=[outgoing.mit.edu]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR01MB4025
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/yRWXfoiTdcT_4J9cieotzaiTzaE>
Subject: Re: [secdir] Secdir last call review of draft-ietf-jmap-core-12
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Jan 2019 18:51:01 -0000

[I wrote this before I noticed that half the thread was stuck in my spam
quarantine.  Some of the points were made already, but I've left my text
unchanged to avoid making it even less comprehensible that it was to start
with.]

On Thu, Jan 03, 2019 at 09:21:12AM -0800, Kurt Andersen (IETF) wrote:
> On Thu, Jan 3, 2019 at 4:04 AM Tero Kivinen <kivinen@iki.fi>; wrote:
> 
> > Reviewer: Tero Kivinen
> > Review result: Has Issues
> >
> > This document also has quite a lot of privacy concerns which are not
> > addressed by it. For example email delivery and event notifications can
> > leak lots of information even to passive attackers.
> >
> 
> How is this any different than the risks present in current mechanisms
> (websockets, HTTP, MAPI, IMAP, etc.)? I don't see this as a new risk being
> introduced by the JMAP protocol.

But where is it documented for those other protocols?

> Of course sharing mailboxes between multiple users (one of the
> > examples given in 1.6.2), has lots of privacy issues.
> >
> 
> Again, this is not a new risk being introduced by JMAP. It seems unfair to
> saddle the JMAP protocol with the responsibility of documenting a
> comprehensive set of privacy and security risks for bad or risky behaviours
> that have been a wide part of common practice for decades.

In general, we need to either document ourselves or point to existing
documentation of the security considerations relating to protocols we
publish.  "Everybody already does [bad practice X]" does not excuse us from
ensuring that the risks are adequately documented.  Is it unfair?  Perhaps.
But the IETF consensus so far seems to be that we need to properly document
that which we cannot make secure, and if we're the first one to actually
document it properly, then we do incur the extra burden of doing things
right.

-Benjamin