[Spasm] Updating S/MIME handling of message/rfc822?
Wei Chuang <weihaw@google.com> Fri, 13 May 2016 23:09 UTC
Return-Path: <weihaw@google.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 086D312D620 for <spasm@ietfa.amsl.com>; Fri, 13 May 2016 16:09:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.696
X-Spam-Level:
X-Spam-Status: No, score=-3.696 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qNFV8bnjWAwl for <spasm@ietfa.amsl.com>; Fri, 13 May 2016 16:09:01 -0700 (PDT)
Received: from mail-oi0-x236.google.com (mail-oi0-x236.google.com [IPv6:2607:f8b0:4003:c06::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D1A012D608 for <spasm@ietf.org>; Fri, 13 May 2016 16:09:01 -0700 (PDT)
Received: by mail-oi0-x236.google.com with SMTP id k142so193671626oib.1 for <spasm@ietf.org>; Fri, 13 May 2016 16:09:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:from:date:message-id:subject:to; bh=7ci1TPR8LOP9L5Rj8uhLE6Chf05zlobvaJdQ/PF5fi0=; b=hv4I4vraTUGEkM0SVhBFUUY+K3HQ2WeSM6phBDHIRj1Plna1wcORE3Fr7C3tby7xNQ tJS11Uoh/2+mOD/6BoB94xaYdtqj1XPMDeA5bYkzbUcZu/gPYBo5N3PGF6qpkpUrq80F DXBV2qvq8ZI+AMaKnsRMHFVUP3MD2ijqX+hp5q+215eTvJlRGj+R/jMp4r4CL4sAc7ge xY8YS3eWSCbvnLWCc3vOrb1NLy2aFhlruC9kS+SV7QZoL02TqQNY+g4kxaiHYyuvdnLU 9xwrADJ5/zy57ey4IzjEAeWo+D2NBzqXPtO3W4yhmtO/vEw7vG0zL689HfS1UjNlXoSU sBuQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=7ci1TPR8LOP9L5Rj8uhLE6Chf05zlobvaJdQ/PF5fi0=; b=Bo0FljwQeR8VTwVrCnsLnuKqEk8Kl5YfNN7Q/GDRwAgYUygCt91hKqThZ62WUpSvm4 pAKWStre9eYLYrNs4MXhkdZwDpyOYkO9Gzj9vDqLCbsf6SeGLMuASusc9SND9g+WGN8/ 74R8iiWGJENR55clKy5zvw1yA7oDa44o6Xfv0neFWLscl3//zxr2KcqlGNkU1vI6FKE6 1EuemKP3Kb/BMn90nZq1/6d4wYlZKHsDtAwSKjuw1/7+WM9bT5ueLmaaQLBN1bSIpIMf y5Hr9t+Aj/+AwuqzQjWVyG64vhej5+f7APr+ZyRlQBxXldORqoyrC4Qf7v0BSYSH+qoX BHVQ==
X-Gm-Message-State: AOPr4FWY236Tsm4AJWIiAIbVRxHx+I2eUqnniYC7K7zfUVQ/jVGLmVgD+t2b/K5fDbAxdlTQKBRHf5KkeVu0tSYX
X-Received: by 10.202.252.135 with SMTP id a129mr9222018oii.128.1463180940808; Fri, 13 May 2016 16:09:00 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.157.32.202 with HTTP; Fri, 13 May 2016 16:09:00 -0700 (PDT)
From: Wei Chuang <weihaw@google.com>
Date: Fri, 13 May 2016 16:09:00 -0700
Message-ID: <CAAFsWK0hHQySouJPQZBfDVKTJdoyY7HLEoVAD=tbFhDhNyjLxg@mail.gmail.com>
To: spasm@ietf.org
Content-Type: multipart/alternative; boundary="001a113df28038684e0532c15c3d"
Archived-At: <http://mailarchive.ietf.org/arch/msg/spasm/C1KufhPR7AvGSt1vuXkEbg3xtuA>
Subject: [Spasm] Updating S/MIME handling of message/rfc822?
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 May 2016 23:09:04 -0000
Hi, I would like to propose that draft-schaad-rfc5751-bis-00 further specify handling message/rfc822 processing and specify how to merge message headers from decrypted/decoded non message/rfc822 types mime parts. If we can clarify header processing this could provide significant improvement in privacy as revealing headers like subject can reveal a great deal about the content of the message and even metadata like date can be used with traffic analysis to reveal hidden recipients (Bcc). There already exists "Securing Header Fields" as experimental RFC7508. This proposes that certain message header fields are signed and verified, and optionally can replace or delete the field. This provides a high degree of flexibility and one approach would be to standard track this. But this RFC requires a fairly significant change to S/MIME / CMS processing steps, and there would be a deployed base that would find it difficult to interoperate with. Another more feasibile approach is to clarify RFC5751 message/rfc822 language. Likely this can get most of the header hiding benefit with a smaller change to CMS processing. This proposes that if it is desirable to protect header integrity and privacy that message/rfc822 be used as specifed in RFC5280. However this instead of presenting both the outer header (original) and the inner header (message/rfc822) part to the recipient, this proposes that when the CMS processing is done, the inner headers in message/rfc822 update the outer ones. If there is a conflict between the inner and outer, then the inner header replaces the outer ones. Body content in message/rfc822 part replaces that of the parent as well. Further there should a signed attribute that tells the recipient to protect header integrity and privacy upon reply or forwarding of the message. There also should be a capability specified as well. Before sending the message implementations would move these headers to the message/rfc822 part, leaving those header fields unspecified in the sent outer message header. Compliant implementations should protect at least these message headers: Subject Date References Message-ID Keywords Original-XXX This list is not meant to be exhaustive. A complete list generated from (http://www.iana.org/assignments/message-headers/message-headers.xhtml) can be done at a later time. This list also makes no attempt to hide transport artifacts like the trace headers as these are outside of the control of the sender and recipient, or the sender and recipient headers as these are needed by transport. (Other much more heavy weight approaches are better suited to handle hiding those headers) thanks, -Wei
- [Spasm] Updating S/MIME handling of message/rfc82… Wei Chuang
- Re: [Spasm] Updating S/MIME handling of message/r… Wei Chuang
- Re: [Spasm] Updating S/MIME handling of message/r… Alexey Melnikov