IETF Logo Mail Archive

[lamps] S/MIME fix

Phillip Hallam-Baker <phill@hallambaker.com> Wed, 16 May 2018 14:29 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 881AE12DA08 for <spasm@ietfa.amsl.com>; Wed, 16 May 2018 07:29:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.248, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sACGJjixHNVy for <spasm@ietfa.amsl.com>; Wed, 16 May 2018 07:29:04 -0700 (PDT)
Received: from mail-oi0-x234.google.com (mail-oi0-x234.google.com [IPv6:2607:f8b0:4003:c06::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B01B412EA42 for <SPASM@ietf.org>; Wed, 16 May 2018 07:29:01 -0700 (PDT)
Received: by mail-oi0-x234.google.com with SMTP id c203-v6so883559oib.7 for <SPASM@ietf.org>; Wed, 16 May 2018 07:29:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:from:date:message-id:subject:to; bh=NQX7NoojQOP3zEhrvE6+BO/LfDzY/NxX7Qc9Up0cW+o=; b=Mudas6t8KjcAW6mkySs+AhfNUPN0nQiNiSRq+DpjmGFOfh+jDEm3Rjpm/tLbceiJZe ISkSkf6TSrj9F34dvY4r2uKMpW0RpnMFn0m8qCYcE7oFFk5Wlyl1qbdEWoIBZHbPZgoG /VOFMz2OVGJqnt9JYEbjG614I0zPbmS907dcBbXTHBLJhsTOeQleFtBvarZ/9CTh1EPZ tq1nDb6EDJg4vBUUo0oPxgsCBYJiMYpDiBFg/9Pq7sMIKjUZbW3JoHJRBph3g+4MhW+9 PP9uOOCkyPImcFzn02ZrfA/CI3tLJsHlphesENpq/vWsF1EhBCOw4qBU3/rFup+rr8dM 6riw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:from:date:message-id:subject :to; bh=NQX7NoojQOP3zEhrvE6+BO/LfDzY/NxX7Qc9Up0cW+o=; b=PwK9AP94BFxE9ENwAi9K+0KLtFE59C9Dw86OsgVoXXNAJIClT715mf2T5O9pq5+sZj VR0WI417/86fAfOkkO+wsnJ4+yU+Y3jcteiWt6RimiUYn8PovJ/TLLAeyoIF62vd0VHg QkuEI+9eMOJcVNtOHTYr363I+3c/wONIcynUehOrJEAmJFLkG+4ykOaJWshnlnihkzji es+5XZVUXoHnEwqjuRg/o9NHFZYbgNvnVxalUzDcEhJkuxpMMlAwhbYphJP0px9AoqT9 kirRH4VJWTJxGBQsF4SSCd+c+8409R28XVcdT/oi/VL7f0Wq/bv6yAVsbuSxZzNbLHzC 9Sxw==
X-Gm-Message-State: ALKqPweu8ZcsBmsAFDIxwcZg7gS/3/5q9DtZiAb5JoaJ8Sys5sAS2hhp 3WGHyD7PovLih2BKOQxSrmBLOwC0cdLyHihW57g=
X-Google-Smtp-Source: AB8JxZrns9a+lPb4hMSqN3D0KGDSDD4qxLyNE+kPJvHeKqIsra8UMY13XSNdt8YxlqkqKs5H2OzJwFeRuBuY105wkXc=
X-Received: by 2002:aca:75cc:: with SMTP id q195-v6mr671367oic.319.1526480940696; Wed, 16 May 2018 07:29:00 -0700 (PDT)
MIME-Version: 1.0
Sender: hallam@gmail.com
Received: by 2002:a9d:23:0:0:0:0:0 with HTTP; Wed, 16 May 2018 07:28:59 -0700 (PDT)
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Wed, 16 May 2018 10:28:59 -0400
X-Google-Sender-Auth: RH-e6t09vITQvAdGMN9UcJAGFU4
Message-ID: <CAMm+Lwj=VTBHYxH-iOaqEUHxALpBfSXWG3p0+xxUnY+o4CmGvA@mail.gmail.com>
To: SPASM <SPASM@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000003a0a45056c538a7c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/5I06y3bWXuinrhvRro7yWY8kJ84>
Subject: [lamps] S/MIME fix
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 May 2018 14:29:17 -0000

Looking at eFail, surely the simplest fix is to require that an HTML
message body be presented in a single CMS envelope presented in a single
MIME part?

This would simplify the code substantially. While it is conceivable someone
has worked out a way to make use of this mis-feature, I for one cannot
imagine why Outlook, Thunderbird or the like would ever do anything of the
sort.


Separately, we have interest in CAA for S/MIME. Surely we should do ACME
for S/MIME as well. If we are going to do that, surely we should have a
discussion of what it would take to make end to end security the default
for SMTP.

I am not necessarily thinking of this as a LAMPS thing because we also need
to get CAs, probably CABForum involved and maybe the OpenPGP folk.


The model we have right now is that we have a lot of different camps
offering technology. Some of that technology meets the needs of a
particular community. What we do not have is a general solution or a mass
deployment strategy.

And this is really important because email security breaches have changed
the course of history in the past few months.

v2.23.0 | Report a Bug | By Email