Re: [lamps] Martin Duke's Yes on draft-ietf-lamps-e2e-mail-guidance-15: (with COMMENT)
Martin Duke <martin.h.duke@gmail.com> Thu, 14 March 2024 00:53 UTC
Return-Path: <martin.h.duke@gmail.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A1782C14F616; Wed, 13 Mar 2024 17:53:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.104
X-Spam-Level:
X-Spam-Status: No, score=-7.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L2WTOXAFs15D; Wed, 13 Mar 2024 17:53:38 -0700 (PDT)
Received: from mail-ua1-x92a.google.com (mail-ua1-x92a.google.com [IPv6:2607:f8b0:4864:20::92a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B4B9BC14F600; Wed, 13 Mar 2024 17:53:38 -0700 (PDT)
Received: by mail-ua1-x92a.google.com with SMTP id a1e0cc1a2514c-7dae66def19so227658241.0; Wed, 13 Mar 2024 17:53:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1710377617; x=1710982417; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=OeR4BKWCuP2IdqQWh2dV/0yBI0G03qm0GnTUl+L9YxY=; b=XSfIGeN5Tg6xl2tIYtoDrq24lPA7sA5MQizw6bRC/e/4+l+uMvej0az2GMLpLnOt5E 289o368bCX1Sxlltkm5SMUpPeLon7Cl6sXEAm8EzprBVDGPiJdm+x/KAIruudDeKshNh WZ2hDRt9Jpu9u32ECQ8z/lx25NdYBL/9TB7yfZA4PaDL0y6moIkvoATt0EG9QhClXmiG Da9CazwwDjXkj/arV+Ecsz0fadnDt2vY9ckewjrAo8kNtwM5Lcadlp1jaLwrQtcTpMqF 9P/kZdjWwUQBKHJu1mJNa6SNbrUAJzpZTBuJ845/OIb43zePvi5O+HXEHVe/JKyNt1ky i6hg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710377617; x=1710982417; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=OeR4BKWCuP2IdqQWh2dV/0yBI0G03qm0GnTUl+L9YxY=; b=nOz2Hj1gjPzkIPC6/79uliHDNyZpGZVz/8Lt3ElDnhBcYrx/neABGaP/+V2AU8luD6 K71QoaP1TbOWP7yObrgc5x4/ANl7XTyJTXZWYnKsWvnMXovKWvI/1M8XH97S+S9irDYX G0gsN4ojWocp/ppdG8XvOAEEpDaKU7cOBWVRbPRYF5VYWEprq/S19hRsiFgz/5iNiDMe Bd9Bnp6LGk5CPG99FTK/Qd91/0+1WU1ziFoqIBKNJqccEvhksAPxUiiKiTJuF8YHHnRD 4wJ7TU70W8QgOvnueeF2A9ppXDU7jtKJIJsLck8O/MFXAdFJJQdRv/2viJpszIQTCCc9 +lcw==
X-Forwarded-Encrypted: i=1; AJvYcCUx/q9ypBNzHT2cZexNTeONxF7ehveicAelZGtApsLlI/LOPbiKu8zE3Th6fOjwdRzZ76A4xsB8B7/ixxYR9HhgRwl2SIBbPweImTTbzk5pZ1NQXyyguPgNK97EAh+xP9+FRmiTHR4LHhh4gPpwc6mNmakeQk724dgm+HlXLDYQlwEo
X-Gm-Message-State: AOJu0YxugYRJ8tlM5ZEgMlXJxadOrSfd4MHndlXzzVmxc0pGH7nVuF2e YbQfqo0cyiX5cI/oPVkyBf5AZllqhWzfqiD6milp3N4ptnVe6c4R1zPZjv6i9GwIFB2iihs/pzW pahpEdefHFSr+V2U5SbTr5OFBh9A=
X-Google-Smtp-Source: AGHT+IHm4CUWAonipeJ/y/qS2bPFHzS04XQFV7Tws65G762LZT7WYxWCDN8Yrs4Pe1iZluR6VvP97peUdgExUB/5lxk=
X-Received: by 2002:a05:6102:292b:b0:474:c445:fada with SMTP id cz43-20020a056102292b00b00474c445fadamr696678vsb.20.1710377617631; Wed, 13 Mar 2024 17:53:37 -0700 (PDT)
MIME-Version: 1.0
References: <170967311991.24872.5143269839183143624@ietfa.amsl.com> <87y1al8yrc.fsf@fifthhorseman.net>
In-Reply-To: <87y1al8yrc.fsf@fifthhorseman.net>
From: Martin Duke <martin.h.duke@gmail.com>
Date: Wed, 13 Mar 2024 17:53:27 -0700
Message-ID: <CAM4esxQTqxjsX=JQneARtUyQwOQceHZtoLaEmJ_TNiiZ1507Lw@mail.gmail.com>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Cc: The IESG <iesg@ietf.org>, draft-ietf-lamps-e2e-mail-guidance@ietf.org, LAMPS Chairs <lamps-chairs@ietf.org>, LAMPS <spasm@ietf.org>, Russ Housley <housley@vigilsec.com>
Content-Type: multipart/alternative; boundary="00000000000054af680613945271"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/1j6fat1R0Lb62lK4Ke8PFPrqPxg>
Subject: Re: [lamps] Martin Duke's Yes on draft-ietf-lamps-e2e-mail-guidance-15: (with COMMENT)
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: This is the mail list for the LAMPS Working Group <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Mar 2024 00:53:42 -0000
Thanks for considering the comment. I'm fine with the change, though I have little technical judgment about the specific guidance. On Wed, Mar 13, 2024, 17:04 Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote: > Hi Martin-- > > Thanks for your review of draft-ietf-lamps-e2e-mail-guidance. > > On Tue 2024-03-05 13:11:59 -0800, Martin Duke via Datatracker wrote: > > Would it be worthwhile to discuss the handling of encrypted email with > obsolete > > ciphers, as is done in (6.4) for signatures? > > This is a great point, since the document deals with store-and-forward > systems and historical/legacy data, some of which is likely to contain > this kind of stale mechanic. I'm tracking this as: > > https://gitlab.com/dkg/e2e-mail-guidance/-/issues/17 > > I've also proposed a new subsection, next to the "signature failures" > subsection, to address this concern in a similar way to the way the > draft already handles "Errant Encryption Layers": > > https://gitlab.com/dkg/e2e-mail-guidance/-/merge_requests/14 > > The proposed text reads: > > ------ > ## Weak Encryption > > Sometimes, a MUA might encounter a message with a well-formed > Cryptographic Envelope that uses a form of encryption with substantial > known flaws. > For example, a PGP/MIME message might use a Symmetrically Encrypted Data > packet, which is known to have malleable ciphertext (see {{Section 5.7 of > I-D.ietf-openpgp-crypto-refresh-13}}). > ِAs another example, an S/MIME message may use an `enveloped-data` MIME > part with a `contentEncryptionAlgorithm` of `rc2-cbc` with > `rc2ParameterVersion` of 160, meaning a 40-bit key (see {{Section 5.2 of > ?RFC3370}}), which is widely considered breakable via brute force with > moderate hardware investment in 2024. > As cryptanalysis and hardware capacities advance, an implementation may > widen the scope of what encryption mechanisms are considered weak. > > A receiving MUA MUST warn the user that such a message has a known > weakness. > The receiving MUA MAY decline to decrypt such a message at all. > If it decides to decrypt a message with a weak encryption layer, it MUST > NOT indicate in the message's Cryptographic Summary that the message was > encrypted, as the confidentiality of the message is suspect. > This is similar to the approach taken in {{errant-encryption-layer}} for > messages with an Errant Encryption Layer. > > Like the Errant Encryption Layer situation, there is an asymmetry between > rendering and replying to a message with weak encryption. > The guidance in {{reply-to-errant-encryption}} should be followed when > replyingn to a message with weak encryption as well. > > A receiving MUA MAY also treat historically archived messages with weak > encryption differently from modern messages. > For example, if an encryption algorithm was known to be weak in 2005, then > a message that appears to have been encrypted with that algorithm in 1995 > might decrypted with a warning, as an archival service. > But a message that appears to have been encrypted with that same weak > algorithm in 2015 might be quarantined as a likely attack. > > There are several possible ways to distinguish a historical message from a > modern one, including: > > - The message timestamp (e.g., the `Date` header field) > - The time the message was first observed on the network (e.g., delivery > of a new message via IMAP from a mailbox that had recently checked) > - The timestamp in any signature observed in the message > - The message structure (a message composed using protocol elements that > were invented after the encryption algorithm was known weak is likely to be > an attack than a legitimate archival message) > ----- > > > If this proposed text is too controversial to accept, and we can't > manage to arrive at non-controversial guidance, i'd be happy to consider > a short note in the Future Work appendix to flag this as something to be > considered later. > > Regards, > > --dkg > > >
- [lamps] Martin Duke's Yes on draft-ietf-lamps-e2e… Martin Duke via Datatracker
- Re: [lamps] Martin Duke's Yes on draft-ietf-lamps… Daniel Kahn Gillmor
- Re: [lamps] Martin Duke's Yes on draft-ietf-lamps… Martin Duke