Re: [lamps] S/MIME fix
Alexey Melnikov <alexey.melnikov@isode.com> Wed, 16 May 2018 14:49 UTC
Return-Path: <alexey.melnikov@isode.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0246C12D7E8 for <spasm@ietfa.amsl.com>; Wed, 16 May 2018 07:49:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isode.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j3R0R99_TISe for <spasm@ietfa.amsl.com>; Wed, 16 May 2018 07:49:12 -0700 (PDT)
Received: from waldorf.isode.com (waldorf.isode.com [62.232.206.188]) by ietfa.amsl.com (Postfix) with ESMTP id CFCAC127078 for <SPASM@ietf.org>; Wed, 16 May 2018 07:49:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1526482151; d=isode.com; s=june2016; i=@isode.com; bh=hvY8Alz7O9PvIElQ01+9slORD56vsK4s/iuTnEQJD+o=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=SShxBUD8K68WHj1REnUlas4lwZeGrubT4nTxKGK4FsLFe+qIwJN6nyEh2rToZhHJux6p2S SMQ9A0VRodtzWkCcucTcux8lXjC75BZ/+CZ7VlkZ22fOyG41Y+4XTvRbhrRS2VX0VQCNVQ rEiYGd8kdXQYBKcsGzRdS4zSdqJrkpQ=;
Received: from [172.20.1.215] (dhcp-215.isode.net [172.20.1.215]) by waldorf.isode.com (submission channel) via TCP with ESMTPSA id <WvxE5gAIWYZq@waldorf.isode.com>; Wed, 16 May 2018 15:49:11 +0100
To: Phillip Hallam-Baker <phill@hallambaker.com>, SPASM <SPASM@ietf.org>
References: <CAMm+Lwj=VTBHYxH-iOaqEUHxALpBfSXWG3p0+xxUnY+o4CmGvA@mail.gmail.com>
From: Alexey Melnikov <alexey.melnikov@isode.com>
Message-ID: <559ab3c7-ee5f-22b9-ef02-c091765011d2@isode.com>
Date: Wed, 16 May 2018 15:48:54 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2
In-Reply-To: <CAMm+Lwj=VTBHYxH-iOaqEUHxALpBfSXWG3p0+xxUnY+o4CmGvA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------FEB60CAF51A444A2821E9D55"
Content-Language: en-GB
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/-GzfP2EFQ2oLC2T_BjPoKoNQh8s>
Subject: Re: [lamps] S/MIME fix
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 May 2018 14:49:14 -0000
Hi Philip, On 16/05/2018 15:28, Phillip Hallam-Baker wrote: > Looking at eFail, surely the simplest fix is to require that an HTML > message body be presented in a single CMS envelope presented in a > single MIME part? I am not sure what you mean here. A CMS envelope can contain multipart/mixed within it, which is a perfectly valid use case (i.e. if one wants to send some encrypted text together with some encrypted attachments). If you are talking about preventing the following construct: content-type: multipart/mixed; boundary=.f8231d7f-681b-442c-97cc-e6c5375d059d This is a multipart message in MIME format. --.f8231d7f-681b-442c-97cc-e6c5375d059d content-type: text/html ...some partial HTML... --.f8231d7f-681b-442c-97cc-e6c5375d059d content-disposition: inline; filename=smime.p7m Content-Transfer-Encoding: base64 content-type: application/pkcs7-mime; name=smime.p7m; smime-type=enveloped-data ...encrypted HTML... --.f8231d7f-681b-442c-97cc-e6c5375d059d content-type: text/html ...some partial HTML... --.f8231d7f-681b-442c-97cc-e6c5375d059d-- i.e. a multipart/mixed that contains a mixture of text/html and application/pkcs7-mime, then I might agree with you. But this is not really an S/MIME feature, it is a generic MIME feature. So maybe this WG should write a document on best S/MIME implementation practices. > This would simplify the code substantially. While it is conceivable > someone has worked out a way to make use of this mis-feature, I for > one cannot imagine why Outlook, Thunderbird or the like would ever do > anything of the sort. > > > Separately, we have interest in CAA for S/MIME. Surely we should do > ACME for S/MIME as well. Not surprisingly, I agree. See draft-ietf-acme-email-smime-02 > If we are going to do that, surely we should have a discussion of what > it would take to make end to end security the default for SMTP. > > I am not necessarily thinking of this as a LAMPS thing because we also > need to get CAs, probably CABForum involved and maybe the OpenPGP folk. Best Regards, Alexey
- Re: [lamps] S/MIME fix Alexey Melnikov
- [lamps] S/MIME fix Phillip Hallam-Baker
- Re: [lamps] S/MIME fix Alexey Melnikov
- Re: [lamps] S/MIME fix Jim Schaad
- Re: [lamps] S/MIME fix Phillip Hallam-Baker
- Re: [lamps] S/MIME fix Alexey Melnikov
- Re: [lamps] S/MIME fix Tim Hollebeek
- Re: [lamps] S/MIME fix Phillip Hallam-Baker
- Re: [lamps] S/MIME fix Stephen Farrell
- Re: [lamps] S/MIME fix Adam Roach
- Re: [lamps] S/MIME fix Tim Hollebeek
- Re: [lamps] S/MIME fix Stephen Farrell
- Re: [lamps] S/MIME fix Russ Housley
- Re: [lamps] S/MIME fix Russ Housley
- Re: [lamps] S/MIME fix Adam Roach
- Re: [lamps] S/MIME fix Phillip Hallam-Baker
- Re: [lamps] S/MIME fix Adam Roach
- Re: [lamps] S/MIME fix Ryan Sleevi
- Re: [lamps] S/MIME fix Russ Housley
- Re: [lamps] S/MIME fix Ryan Sleevi
- Re: [lamps] S/MIME fix Phillip Hallam-Baker
- Re: [lamps] S/MIME fix Phillip Hallam-Baker
- Re: [lamps] S/MIME fix Russ Housley