IETF Logo Mail Archive

AW: Header Protection for S/MIME

Jörg Schwenk <joerg.schwenk@rub.de> Thu, 18 October 2007 15:20 UTC

Return-path: <owner-ietf-smime@mail.imc.org>
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IiXB4-0000vZ-3y for smime-archive@lists.ietf.org; Thu, 18 Oct 2007 11:20:50 -0400
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IiXAp-0005aO-7L for smime-archive@lists.ietf.org; Thu, 18 Oct 2007 11:20:41 -0400
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l9IEpXMc066712 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 18 Oct 2007 07:51:33 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l9IEpXDg066711; Thu, 18 Oct 2007 07:51:33 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f
Received: from mx3.rz.ruhr-uni-bochum.de (mx3.rz.ruhr-uni-bochum.de [134.147.64.33]) by balder-227.proper.com (8.13.5/8.13.5) with SMTP id l9IEpVHM066695 for <ietf-smime@imc.org>; Thu, 18 Oct 2007 07:51:32 -0700 (MST) (envelope-from joerg.schwenk@rub.de)
Received: (qmail 6670 invoked by uid 271); 18 Oct 2007 14:51:22 -0000
Received: from 134.147.64.5 by mx3.rz.ruhr-uni-bochum.de (envelope-from <joerg.schwenk@rub.de>, uid 80) with qmail-scanner-2.01 (sophie: 3.05/2.49/4.21. Clear:RC:1(134.147.64.5):. Processed in 0.044054 secs); 18 Oct 2007 14:51:22 -0000
Received: from c2-3-4.rz.ruhr-uni-bochum.de (134.147.64.5) by mx3.rz.ruhr-uni-bochum.de with SMTP; 18 Oct 2007 14:51:22 -0000
Received: (qmail 24608 invoked by uid 281); 18 Oct 2007 14:51:22 -0000
Received: from 134.147.40.27 (mNHiDSxtQuUqhe27fWa1Ng==@134.147.40.27) by c2-3-4.rz.ruhr-uni-bochum.de (envelope-from <joerg.schwenk@rub.de>, uid 80) with qmail-scanner-2.01 (sophie: 3.05/2.49/4.21. Clear:RC:1(134.147.40.27):. Processed in 0.025712 secs); 18 Oct 2007 14:51:22 -0000
Received: from jotop.nds.ruhr-uni-bochum.de (HELO jotop) (mNHiDSxtQuUqhe27fWa1Ng==@134.147.40.27) by c2-3-4.rz.ruhr-uni-bochum.de with (RC4-MD5 encrypted) SMTP; 18 Oct 2007 14:51:21 -0000
From: Jörg Schwenk <joerg.schwenk@rub.de>
To: ietf-smime@imc.org
Cc: lijun.liao@nds.rub.de, 'Russ Housley' <housley@vigilsec.com>
References: <001101c8042f$20b70b20$0301a8c0@Wylie>
Subject: AW: Header Protection for S/MIME
Date: Thu, 18 Oct 2007 16:51:17 +0200
Message-ID: <02bd01c81196$56dab700$1b289386@jotop>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
X-Mailer: Microsoft Office Outlook 11
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
In-Reply-To:
Thread-Index: AcgMIZ+Hy6sUi0tPSC6AX/3QPCi4JAFRGhtg
X-MIME-Autoconverted: from quoted-printable to 8bit by balder-227.proper.com id l9IEpXHM066705
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Content-Transfer-Encoding: quoted-printable
X-MIME-Autoconverted: from 8bit to quoted-printable by balder-227.proper.com id l9IEpXMc066712
X-Spam-Score: 2.6 (++)
X-Scan-Signature: 10d3e4e3c32e363f129e380e644649be

Hi,

to start the discussion on our draft [1], I'd like to explain the idea and
the advantages it has (in our opinion) over the solution proposed in RFC
3851.

Idea

The idea is to put Information about the header in a CMS hashed subpacket.
Legacy mail clients may simply ignore this subpacket (i.e. they don't
recompute the hash value contained in this packet). Conforming mail clients
compute an additional hash value over some normalized header fields, and
include this hash value in CMS signature verification.

Advantages

1. Backward compatibility: Legacy mail clients are not affected by the
introduction of an additional signed subpacket. (This is in contrast to RFC
3851, where legacy clients will display only the outer header lines, without
check.)

2. Flexibility: Any combination of header lines can be protected. This may
range from introducing a single hashed subpacket for the most important
header lines (e.g. From, Sender, To, CC, Date, Subject) to separate hashed
subpackets for each line. Conforming clients may thus detect changes in sets
of lines, or single lines.

3. Easy implementation: If a header line has been changed, a warning can be
displayed (e.g. display the line in red).

4. Support for mailing lists: If a mail list agent changes the To header,
and if To was protected by its own hashed subpacket, the mail client will
display that this field has been changed.

I think our draft still needs a lot of refinement, and we will be grateful
for comments from this list.

We have implemented a Java client as a proof-of-concept, and a thunderbird
implementation is underway.

[1] http://www.ietf.org/internet-drafts/draft-liao-smimeheaderprotect-00.txt

Greeting

Joerg
www.nds.rub.de

________________________________________
Von: Russ Housley [mailto:housley@vigilsec.com] 
Gesendet: Donnerstag, 11. Oktober 2007 18:13
An: ietf-smime@imc.org
Cc: lijun.liao@nds.rub.de; joerg.schwenk@nds.rub.de
Betreff: Re: Header Protection for S/MIME

I have not seen any discussion of this document on this list.  It is
proposing a very different approach to a problem that was discussed on this
mail list.  The current MSG specification includes a very different solution
to this problem.

We should be talking about this proposal ....

Russ

At 09:29 AM 10/1/2007, Turner, Sean P. wrote:


The authors of the following draft wanted me to bring their draft to your
attention: 

http://www.ietf.org/internet-drafts/draft-liao-smimeheaderprotect-00.txt 

spt

v2.23.0 | Report a Bug | By Email