AW: Header Protection for S/MIME
Jörg Schwenk <joerg.schwenk@rub.de> Thu, 18 October 2007 15:20 UTC
Return-path: <owner-ietf-smime@mail.imc.org>
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IiXB4-0000vZ-3y for smime-archive@lists.ietf.org; Thu, 18 Oct 2007 11:20:50 -0400
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IiXAp-0005aO-7L for smime-archive@lists.ietf.org; Thu, 18 Oct 2007 11:20:41 -0400
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l9IEpXMc066712 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 18 Oct 2007 07:51:33 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l9IEpXDg066711; Thu, 18 Oct 2007 07:51:33 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f
Received: from mx3.rz.ruhr-uni-bochum.de (mx3.rz.ruhr-uni-bochum.de [134.147.64.33]) by balder-227.proper.com (8.13.5/8.13.5) with SMTP id l9IEpVHM066695 for <ietf-smime@imc.org>; Thu, 18 Oct 2007 07:51:32 -0700 (MST) (envelope-from joerg.schwenk@rub.de)
Received: (qmail 6670 invoked by uid 271); 18 Oct 2007 14:51:22 -0000
Received: from 134.147.64.5 by mx3.rz.ruhr-uni-bochum.de (envelope-from <joerg.schwenk@rub.de>, uid 80) with qmail-scanner-2.01 (sophie: 3.05/2.49/4.21. Clear:RC:1(134.147.64.5):. Processed in 0.044054 secs); 18 Oct 2007 14:51:22 -0000
Received: from c2-3-4.rz.ruhr-uni-bochum.de (134.147.64.5) by mx3.rz.ruhr-uni-bochum.de with SMTP; 18 Oct 2007 14:51:22 -0000
Received: (qmail 24608 invoked by uid 281); 18 Oct 2007 14:51:22 -0000
Received: from 134.147.40.27 (mNHiDSxtQuUqhe27fWa1Ng==@134.147.40.27) by c2-3-4.rz.ruhr-uni-bochum.de (envelope-from <joerg.schwenk@rub.de>, uid 80) with qmail-scanner-2.01 (sophie: 3.05/2.49/4.21. Clear:RC:1(134.147.40.27):. Processed in 0.025712 secs); 18 Oct 2007 14:51:22 -0000
Received: from jotop.nds.ruhr-uni-bochum.de (HELO jotop) (mNHiDSxtQuUqhe27fWa1Ng==@134.147.40.27) by c2-3-4.rz.ruhr-uni-bochum.de with (RC4-MD5 encrypted) SMTP; 18 Oct 2007 14:51:21 -0000
From: Jörg Schwenk <joerg.schwenk@rub.de>
To: ietf-smime@imc.org
Cc: lijun.liao@nds.rub.de, 'Russ Housley' <housley@vigilsec.com>
References: <001101c8042f$20b70b20$0301a8c0@Wylie>
Subject: AW: Header Protection for S/MIME
Date: Thu, 18 Oct 2007 16:51:17 +0200
Message-ID: <02bd01c81196$56dab700$1b289386@jotop>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
X-Mailer: Microsoft Office Outlook 11
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
In-Reply-To:
Thread-Index: AcgMIZ+Hy6sUi0tPSC6AX/3QPCi4JAFRGhtg
X-MIME-Autoconverted: from quoted-printable to 8bit by balder-227.proper.com id l9IEpXHM066705
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Content-Transfer-Encoding: quoted-printable
X-MIME-Autoconverted: from 8bit to quoted-printable by balder-227.proper.com id l9IEpXMc066712
X-Spam-Score: 2.6 (++)
X-Scan-Signature: 10d3e4e3c32e363f129e380e644649be
Hi, to start the discussion on our draft [1], I'd like to explain the idea and the advantages it has (in our opinion) over the solution proposed in RFC 3851. Idea The idea is to put Information about the header in a CMS hashed subpacket. Legacy mail clients may simply ignore this subpacket (i.e. they don't recompute the hash value contained in this packet). Conforming mail clients compute an additional hash value over some normalized header fields, and include this hash value in CMS signature verification. Advantages 1. Backward compatibility: Legacy mail clients are not affected by the introduction of an additional signed subpacket. (This is in contrast to RFC 3851, where legacy clients will display only the outer header lines, without check.) 2. Flexibility: Any combination of header lines can be protected. This may range from introducing a single hashed subpacket for the most important header lines (e.g. From, Sender, To, CC, Date, Subject) to separate hashed subpackets for each line. Conforming clients may thus detect changes in sets of lines, or single lines. 3. Easy implementation: If a header line has been changed, a warning can be displayed (e.g. display the line in red). 4. Support for mailing lists: If a mail list agent changes the To header, and if To was protected by its own hashed subpacket, the mail client will display that this field has been changed. I think our draft still needs a lot of refinement, and we will be grateful for comments from this list. We have implemented a Java client as a proof-of-concept, and a thunderbird implementation is underway. [1] http://www.ietf.org/internet-drafts/draft-liao-smimeheaderprotect-00.txt Greeting Joerg www.nds.rub.de ________________________________________ Von: Russ Housley [mailto:housley@vigilsec.com] Gesendet: Donnerstag, 11. Oktober 2007 18:13 An: ietf-smime@imc.org Cc: lijun.liao@nds.rub.de; joerg.schwenk@nds.rub.de Betreff: Re: Header Protection for S/MIME I have not seen any discussion of this document on this list. It is proposing a very different approach to a problem that was discussed on this mail list. The current MSG specification includes a very different solution to this problem. We should be talking about this proposal .... Russ At 09:29 AM 10/1/2007, Turner, Sean P. wrote: The authors of the following draft wanted me to bring their draft to your attention: http://www.ietf.org/internet-drafts/draft-liao-smimeheaderprotect-00.txt spt
- Header Protection for S/MIME Turner, Sean P.
- Re: Header Protection for S/MIME Russ Housley
- RE: Header Protection for S/MIME Kemp, David P.
- Re: Header Protection for S/MIME Blake Ramsdell
- RE: Header Protection for S/MIME Kemp, David P.
- AW: Header Protection for S/MIME Jörg Schwenk
- RE: Header Protection for S/MIME Jim Schaad
- RE: Header Protection for S/MIME Kemp, David P.
- RE: Header Protection for S/MIME Lijun Liao
- AW: Header Protection for S/MIME Jörg Schwenk
- Re: AW: Header Protection for S/MIME Paul Hoffman