[lamps] Re: Orie Steele's Discuss on draft-ietf-lamps-header-protection-21: (with DISCUSS and COMMENT)
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 01 July 2024 22:27 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9473AC14F6A3; Mon, 1 Jul 2024 15:27:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.407
X-Spam-Level:
X-Spam-Status: No, score=-4.407 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b="yvw9RG8L"; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b="w0tuCnej"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3hC3zKKdJDVK; Mon, 1 Jul 2024 15:27:15 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [IPv6:2001:470:1:116::7]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C7D2C14F6A0; Mon, 1 Jul 2024 15:27:14 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1719872832; h=from : to : cc : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=1Cc8l8xxtvXUpu/hkUJ85/2dlNM1AIxu0fWAunKKaSM=; b=yvw9RG8LyuHC+Pu0aiiq+CELtJvSWQHBPk3YCXmIdXdvuMy6V3ZI5aONBY3574oZTXhDg 9YKU1u0FQvpouY4CA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1719872832; h=from : to : cc : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=1Cc8l8xxtvXUpu/hkUJ85/2dlNM1AIxu0fWAunKKaSM=; b=w0tuCnejFDHbFZW4snSuGZ3WXIeHlK81wmakxki9uEkuNr70ylk30bYqsNZrMUClPPmnR f0uvB60CDcFCAO65OloA+lTHaFuN3S8VwOhewKhAMm0NIjNIe0xNOPc1WRtw7Lb71ZtvLdw Xj/xzR0u2r8Zw28l8SJ+pP6aji6gihhnOht1I0O92OqfHt79G8PserX/LNwq1EC3NHy7r5C KhHTGklj1WFew1zR5esDGtQoDZ+8BWX15pWzdUi1fI2oIiBVQUIQ+UVeaGk3Flbfkt35mDa uSa3j/eI9FLUA1YvO8LLYr99y9cIpR7lLJtbtoEZy2qNksntq0MzgdhWK+6w==
Received: from fifthhorseman.net (AMERICAN-CI.ear2.NewYork6.Level3.net [4.59.214.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1)) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id ED436F9D0; Mon, 1 Jul 2024 18:27:11 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 7538D20438; Mon, 01 Jul 2024 18:27:08 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Orie Steele <orie@transmute.industries>
In-Reply-To: <CAN8C-_+8qAe__2QfdCg=Sniw6NaC6D3gMC5YXMTvkvEUzPYj_g@mail.gmail.com>
References: <171934281036.145407.17954907827798817566@dt-datatracker-5864469bc9-n5hqk> <87tthc92bh.fsf@fifthhorseman.net> <CAN8C-_LoP=Jheo_J82q-po2OFbrEGf=4f3UcoL0hHGkFWRtwsw@mail.gmail.com> <87bk3gsy8e.fsf@fifthhorseman.net> <CAN8C-_+8qAe__2QfdCg=Sniw6NaC6D3gMC5YXMTvkvEUzPYj_g@mail.gmail.com>
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= xjMEZXEJyxYJKwYBBAHaRw8BAQdA5BpbW0bpl5qCng/RiqwhQINrplDMSS5JsO/YO+5Zi7HCi QQfFgoAMQWCZadnIAUJBdtHCwMLCQcDFQoIApsBAh4BFiEE1HcEDHDCFWpcKYVJu36RAUlea/ cACgkQu36RAUlea/edDQD+M2QjnoEyu/TjI+gRXBpXQ5jCsnnp9FdYhaSSUW/vZ8kBAJByWlj A9aMfVaVrmvgcYw7jzJz+gmZspBRB++5LZ20NzRc8ZGtnQGZpZnRoaG9yc2VtYW4ubmV0PsLA EQQTFgoAeQMLCQdHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnEu/CS CeyWwC6j4ihJr2u/z6delsF1pvYW3ufgf1L538DFQoIApsBAh4BFiEE1HcEDHDCFWpcKYVJu3 6RAUlea/cFAmWnX5AFCQXZ8EUACgkQu36RAUlea/cjVwD+ONjdHM74rAa6EEiiqaPjlptiaZx CVqFYXnib6EbZARkBAPnnR8pW8vCBnDXHKu65jNqwF3aH761NaOqqMFfppg8GzjMEZXEJyxYJ KwYBBAHaRw8BAQdAjX25Fq2Q9IUFeHy6yByIQPBnFOedFliuEiCIUzJsENDCwMUEGBYKAS1HF AAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnwqKWsw56uoWVLIFcs7ZecJ gwpsSNevWCzbviKQ8yRLUCmwK+oAQZFgoAbwWCZXEJywkQdy0WHjXNS4FHFAAAAAAAHgAgc2F sdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnEIJSOxuw2y/UJmg5M3BLpN0JYjODZpXiEVFu 1byARzMWIQR0vATEPYYIS+hnLAZ3LRYeNc1LgQAAsH8BAKg1C5LK/D7pSkXCD+jfTSP+CqM58 iHLjh4vKhpOKsTJAQCHldtEjxJ1ksPTFgG9HihHH7qc6/wvvLw77ETMpwlrAxYhBNR3BAxwwh VqXCmFSbt+kQFJXmv3BQJlp1+rBQkCF4lgAAoJELt+kQFJXmv3ydsA/2roQZ2Jm/7iUrg/2C5 ClWA/xbvPC31LyMkGGH2/rq8tAP9BgqLuCPnNTVPqeX9+9qqMmaFq7wmvjq5I+yycAw9CDc44 BGVxCcsSCisGAQQBl1UBBQEBB0BZMsRrRaaeFSYMF1ZdfRmVgBriDUIr99eDQ085BK14DgMBC AfCwAYEGBYKAG5HFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnsazAWX tEHUPmSTmcRZAIsAsNiO8k0hdjsfRlRVipgJgCmwwWIQTUdwQMcMIValwphUm7fpEBSV5r9wU CZadfqwUJAheJYAAKCRC7fpEBSV5r90AjAPwLgY1iKiFJEj32SVD5f721929l79VxQB5FlQss x1n5kQEA6Uct2tPvbB6T7p5KG3Gl+tbi7oJAuxFmpkpW5/N2Owg=
Date: Mon, 01 Jul 2024 18:27:07 -0400
Message-ID: <875xtosq84.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Message-ID-Hash: CZTXNW5Q4DGLEYNCGOBMBUEDHLZOZDAU
X-Message-ID-Hash: CZTXNW5Q4DGLEYNCGOBMBUEDHLZOZDAU
X-MailFrom: dkg@fifthhorseman.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-spasm.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: The IESG <iesg@ietf.org>, draft-ietf-lamps-header-protection@ietf.org, lamps-chairs@ietf.org, spasm@ietf.org, housley@vigilsec.com
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [lamps] Re: Orie Steele's Discuss on draft-ietf-lamps-header-protection-21: (with DISCUSS and COMMENT)
List-Id: This is the mail list for the LAMPS Working Group <spasm.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/7euR6XZ9utIdAd6aDjfOSGEBB0c>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Owner: <mailto:spasm-owner@ietf.org>
List-Post: <mailto:spasm@ietf.org>
List-Subscribe: <mailto:spasm-join@ietf.org>
List-Unsubscribe: <mailto:spasm-leave@ietf.org>
On Mon 2024-07-01 15:38:00 -0500, Orie Steele wrote: > I've changed my position to no objection. Thanks for the discussion, Orie, and for clarifying the remaining pieces too. A few more responses below. > OLD: > > ``` > A receiving implementation MUST NOT mistake the presence of an hp="cipher" > parameter in the Cryptographic Payload for the actual presence of a > Cryptographic Layer that provides encryption. > ``` > > NEW?: > > ``` > A receiving implementation which observes an hp="cipher" parameter in the > Cryptographic Payload MUST NOT process the message as if it had a > Cryptographic Layer that provides encryption. > ``` > > I think I understand the intention, my comment is that readers may > interpret "MUST NOT mistake..." differently. I think your version is actually stricter than what the original sentence is trying to say. There are two distinct signals that the recipient of a message can look at: a) they can look at whether there is actually a Cryptographic Layer that provides encryption, and b) they can look at the hp="cipher" parameter in the Cryptographic Payload, which indicates whether the sender *intended* to encrypt. These are distinct signals, unfortunately, because of how signed+encrypted messages have traditionally been constructed in e-mail. The cleartext message is typically signed, and then the signed message is wrapped in a layer of encryption. The reason we need both signals is because the sender might have sent a message that was signed-only, but then someone in the middle could simply wrap it in a layer of encryption. Without a cryptographically strong indication in the payload that the sender intended to encrypt, the recipient can't tell whether the encryption was added by some interfereing MTA while the message is in transit. Without getting into why an MTA might choose to do this (for malice or other reasons), the point is that if you want to have strong reasoning about the e2e cryptographic properties of a message, the recipient of the message needs to confirm both the state of the message as they received it *and* the sender's intent of how they meant to send it. So i wouldn't want to say that the presence of `hp="cipher"` means you *can't* treat the message as encrypted; because an actually encrypted message with `hp="cipher"` is the normal use case. What you don't want to do is to see a message that is clearly *not* encrypted, and treat it as encrypted just because you found an `hp="cipher"` parameter on the Cryptographic Payload. > I suppose the expected ABNF for the header field possibly addresses this > already. > > You might consider adding a section reference to > https://www.rfc-editor.org/rfc/rfc5322#section-4 this is the "obsolete" ABNF formats. i'd be inclined to recommend that MUAs generating modern signed mail should *not* use any of the obsolete ABNF forms. > And https://www.rfc-editor.org/rfc/rfc5322#section-3.6 for the ABNF > mentioned. this is a reasonable reference for some Header Fields, but there are almost certainly other Header Fields that aren't in RFC 5322. I think the right IANA registry to point to is: https://www.iana.org/assignments/message-headers/message-headers.xhtml#perm-headers Though that registry doesn't seem to have gotten much in the way of regular attention (e.g. the Content-Disposition entry doesn't include RFC 9078 in its Reference column, though it seems like it probably should). I don't know the right way to reference a modern f
- [lamps] Orie Steele's Discuss on draft-ietf-lamps… Orie Steele via Datatracker
- [lamps] Re: Orie Steele's Discuss on draft-ietf-l… Daniel Kahn Gillmor
- [lamps] Re: Orie Steele's Discuss on draft-ietf-l… Daniel Kahn Gillmor
- [lamps] Re: Orie Steele's Discuss on draft-ietf-l… Orie Steele
- [lamps] Re: Orie Steele's Discuss on draft-ietf-l… Daniel Kahn Gillmor
- [lamps] Re: Orie Steele's Discuss on draft-ietf-l… Orie Steele