Re: [lamps] Gen-ART Last Call review of draft-ietf-lamps-e2e-mail-guidance-14
Paul Kyzivat <pkyzivat@alum.mit.edu> Thu, 22 February 2024 20:41 UTC
Return-Path: <pkyzivat@alum.mit.edu>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A24ACC1519B6; Thu, 22 Feb 2024 12:41:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.009
X-Spam-Level:
X-Spam-Status: No, score=-7.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=alum.mit.edu
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4bHSCXXZk1YI; Thu, 22 Feb 2024 12:41:43 -0800 (PST)
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2100.outbound.protection.outlook.com [40.107.236.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 742D0C151532; Thu, 22 Feb 2024 12:41:42 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bJpEM3OpDB4ZLQ0xmScat1wK/aIG2DYSOm4evOvNFj6RRcXZUne96FGR1DFoJoTqgLyga4o5HeLB5mSZzeHbyTDzWQznDZUtEuaqJKIGq97SIpS2EDw4NVpJCo0zAMr1/dHfFzP6kKvdFRTPTO+uECMZJJh6cWA09JdxkV2+iH1nKBGIPf3MM6PB6Q9rs3rwLtZZ3afXEEeZx/zqLmRWkHQuQ4BG/2GIu6DbPxikmdeLQIwNUjJcSetszckJqC8Cm8Vh9tPkV0DQGN8nhVthdEIdqtQ+1ujj8fMd64+Nhu+9pPHjFXp7dNmgaCa8usUptlUCumPwBndOThFBvi0qMQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=nqZYhu5MQocZ6gS1KnqI1qaFtUgW8YGw5JAIr+h2tEw=; b=UG8AzvVSLNRyGxBnnEMc0DyXDKVnVMeEJ8ddvJBeJ/BESY517ILOGSvxHct7Wh3pJoF6NSFFnrOFTglS8AshXS3VygLUD+bJ3z/OsZDzTyJiD9s/4VGfCLWHmmm2OVaz27FX3x9DTVwSt7uc8/WkI7V2tMYOvLiulfkAs9pdjeoLYupbN3UPzT4+NPd8BzJYfMeCPLM2l+MN8sRSrnvK46NVyAknfU6OLFAt+Q7aq1zmASQ392L+FCXrbrG/kOYlTKmpek9Yjz1FdwR9oglL0qC5unw3Zh4yUzM5m27tDhBvfu2cecwbZPTawRtVZcTHzGEDd9AsONe5tMV614OcnQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 18.7.68.33) smtp.rcpttodomain=ietf.org smtp.mailfrom=alum.mit.edu; dmarc=pass (p=none sp=none pct=100) action=none header.from=alum.mit.edu; dkim=none (message not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alum.mit.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nqZYhu5MQocZ6gS1KnqI1qaFtUgW8YGw5JAIr+h2tEw=; b=FQnIrvVjSGlsv7dY5ODzO8HVHKYoXQeffu3PO7HFEWIqIJGdfCFFqQ+Ega9ozzwRted6uHuaNvP4vLsM3l+jViR+KYouICBEU6QxlCUQU2BhC2eS3j14ADXryICobuWfiYCL7kDUwlZ5n0g/b7O3EsJTTIiKdcBPH4fDl+V0Udw=
Received: from BN1PR12CA0024.namprd12.prod.outlook.com (2603:10b6:408:e1::29) by PH8PR12MB7133.namprd12.prod.outlook.com (2603:10b6:510:22e::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7316.21; Thu, 22 Feb 2024 20:41:39 +0000
Received: from BN1PEPF00004683.namprd03.prod.outlook.com (2603:10b6:408:e1:cafe::68) by BN1PR12CA0024.outlook.office365.com (2603:10b6:408:e1::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7292.42 via Frontend Transport; Thu, 22 Feb 2024 20:41:38 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 18.7.68.33) smtp.mailfrom=alum.mit.edu; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=alum.mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of alum.mit.edu designates 18.7.68.33 as permitted sender) receiver=protection.outlook.com; client-ip=18.7.68.33; helo=outgoing-alum.mit.edu; pr=C
Received: from outgoing-alum.mit.edu (18.7.68.33) by BN1PEPF00004683.mail.protection.outlook.com (10.167.243.89) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7292.25 via Frontend Transport; Thu, 22 Feb 2024 20:41:38 +0000
Received: from [192.168.1.52] (c-73-143-251-114.hsd1.ma.comcast.net [73.143.251.114]) (authenticated bits=0) (User authenticated as pkyzivat@ALUM.MIT.EDU) by outgoing-alum.mit.edu (8.14.7/8.12.4) with ESMTP id 41MKfZY9019357 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT); Thu, 22 Feb 2024 15:41:36 -0500
Message-ID: <76d354b1-7016-4c37-9976-0ff2f0dc32c5@alum.mit.edu>
Date: Thu, 22 Feb 2024 15:41:35 -0500
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, draft-ietf-lamps-e2e-mail-guidance.all@ietf.org
Cc: General Area Review Team <gen-art@ietf.org>, last-call@ietf.org, spasm@ietf.org
References: <1aa54ca6-d948-45d1-9963-4c1f5e878cdd@alum.mit.edu> <87jzmws1zq.fsf@fifthhorseman.net>
From: Paul Kyzivat <pkyzivat@alum.mit.edu>
In-Reply-To: <87jzmws1zq.fsf@fifthhorseman.net>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: BN1PEPF00004683:EE_|PH8PR12MB7133:EE_
X-MS-Office365-Filtering-Correlation-Id: 46c18b5d-c4ea-41cf-0f9d-08dc33e6ab0e
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: pjTVtXGHPg6gnviC2tdhDR3o3ghTsnWOBhCALsx7Qswph6P1Xzfdoa0FySxRtNFko/E4Wb+uEPsSvcTMWJRkiW06PvQmMHlo+NIIF4dXJG5Bb2dpQG15pzIwTkfcKrgguuuWTLnAh0x/dEHTIYVbYvLNsPpMf4CD68wMbLks+kmzmn7a2QVWMmlAnvmRg3D6H0GKeabFFQk2hH1akvm1NwfBtmQyzj+ULUtPexFjdPnbdJbHzEh0tVeBKFg9VTNKGBvhEvECKRYyqyojHcGHCmaFxogz9NLzZtFtbj68xIF2DxwNPGo7oJ9hijVDgvhGHpZlIgPo0pvoT1uirWwy+kQuvAxcfcRB1FxQxagjpbAzAVnoLWC9T6g7q777YkLShUDMjf+hy5SvpuC/50+iKUw4KU91j96M/HRyTtSmr+r0yrP/uoYWjKZV037hFUyEAcG62sj4qYAeIIzsX2KZ+qbBAeaW0IxFBRzTGd3ajvXghMk8O0xIvsGmZRZhuvoBIq4l/DdT9f7fvmKHbzSxXvoMh+T3fuJrHU1yuQqd2Y7p8QekolPKCGCcib6bcflHZOcyhHcxMrQhZNY7PZIN0NCjbjw6soeltCoqwg3dsWbD/9hEbIeYHV6Xt7V3fOcrrVD17YxOoWtO311n5fvGQQ==
X-Forefront-Antispam-Report: CIP:18.7.68.33; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:outgoing-alum.mit.edu; PTR:outgoing-alum.mit.edu; CAT:NONE; SFS:(13230031)(230273577357003)(36860700004)(46966006); DIR:OUT; SFP:1102;
X-OriginatorOrg: alum.mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Feb 2024 20:41:38.3369 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 46c18b5d-c4ea-41cf-0f9d-08dc33e6ab0e
X-MS-Exchange-CrossTenant-Id: 3326b102-c043-408b-a990-b89e477d582f
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3326b102-c043-408b-a990-b89e477d582f; Ip=[18.7.68.33]; Helo=[outgoing-alum.mit.edu]
X-MS-Exchange-CrossTenant-AuthSource: BN1PEPF00004683.namprd03.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH8PR12MB7133
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/CPWKfr0bTk6eE5Gnh_wp0LD1yCM>
Subject: Re: [lamps] Gen-ART Last Call review of draft-ietf-lamps-e2e-mail-guidance-14
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: This is the mail list for the LAMPS Working Group <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Feb 2024 20:41:47 -0000
Daniel, Thanks for the explanation. This all sounds good to me. But I do encourage you to say *something* about web server based email clients, since they are such a big part of the ecosystem. (What percentage of all emails have gmail on at least one end?) Perhaps discuss the limitations on secure email with such clients. Thanks, Paul On 2/22/24 3:00 PM, Daniel Kahn Gillmor wrote: > Hi Paul-- > > Thanks for this review! I've just staged some minor cleanup edits in > git (https://gitlab.com/dkg/e2e-mail-guidance/) that should address your > concerns. After my co-editors have had a chance to review and discuss, > we'll probably roll them up with the suggestions from other reviewers > into a new draft. > > More comments interleaved below: > > On Sat 2024-02-17 18:31:18 -0500, Paul Kyzivat wrote: >> 1) NIT: Section 9.7.2: >> >> In the following: >> >> "If such a proxy handles certificate discovery in inbound messages (see >> Appendix A.2.1), it will also need to communicate the results of that >> discovery process to its corresponding proxy for message composition >> (see Section 9.7.1)." >> >> I think there is a problem here with "... proxy ... communicate ... to >> ... proxy". Shouldn't it communicate to the MUA? > > In the transparent proxy scenario (which this section is warning about), > the proxy doesn't/can't communicate to the MUA about cryptographic > information, because the MUA is decidedly ignorant. So the text here is > as intended -- it's about the inbound proxy talking to the outbound > proxy. But i agree it could be clearer, the first proxy is now "inbound > proxy" and the second proxy is now "outbound proxy". > >> 2) NIT: Section 2.2 >> >> s/Implmenters/Implementers/ > > thanks, fixed. > >> 3) NIT: Section 8.1.1 >> >> s/rFC822Name/RFC822Name/ > > I think this should actually be rfc822Name (this is how it appears in > e.g., RFC 8705). I'll fix both instances of the term. > >> 4) NIT: Section 9.5 >> >> s/(e.g. and IMAP mailbox)/(e.g. an IMAP mailbox)/ > > thanks, fixed. > >> 5) NIT: IdNits: >> >> IdNits reports many things, most of them bogus. A couple of them look to >> me like they deserve consideration: >> >> -- Obsolete informational reference (is this intentional?): RFC 3501 >> (Obsoleted by RFC 9051) > > good catch, updated. > >> -- Duplicate reference: draft-ietf-openpgp-crypto-refresh, >> mentioned in 'I-D.ietf-openpgp-crypto-refresh', was also >> mentioned in 'I-D.ietf-openpgp-crypto-refresh-13'. > > Thanks, fixed by pointing to draft -13 uniformly. > > >> Other Comments/Questions: >> >> I found this document very informative. I wasn't aware how many issues >> there are with this feature. The work required to make an MUA comply >> with this document seems daunting. Is it expected that this will happen >> for popular MUAs? > > I agree that it is daunting. My takeaway from working as an editor on > this document is that no one has really tried to make an e-mail client > that is natively secure and easy to use from an end-to-end cryptographic > perspective before. In fact, in some of the testing i've done, i'm > reminded of the state of web browsers in about 1998, where some folks > had done some thinking about security, but what security mechanisms > existed were pretty haphazard and definitely not robust. > > We've done a lot of work on web browsers since then, including work to > explicitly document and standardize what kinds of cryptographic state > are kept, how certain (cryptographic and non-cryptographic) features > interact, and how to mitigate risks from those interactions. Sadly, no > one ever seems to have done that work for MUAs that i've been able to > find. This document can be read either as a foundation for that kind of > work, or as a wistful epistle from a future that might have been. I'd > prefer the former, of course, but we'll see. > > I don't know of any MUA that actually implements all of these > recommendations yet, though each recommendation is drawn from actual > behaviors of clients in the wild today. > > I can't speak to the intent of popular MUA developers, thouh, sadly. > >> Also, do you consider web server based implementations of email clients >> (such as gmail) to be proxies? If so it might be good to say so >> explicitly. If not, then should they be discussed separately? > > Due to the operational model of the web, I think there are some pretty > fundamental challenges to a remotely-hosted webserver-based MUA that > wants to offer end-to-end cryptographic security. > > In particular, if you assume that the webserver hosting the MUA itself > is part of the threat model, then there are many many additional > concerns that we did not include in this document. > >> When composing a reply a user may find that desired parts of a >> replied-to message have not been quoted by the MUA. (Due to the rules in >> 5.4.) Such user is likely to curse and then simply copy/paste the >> desired text. Is the MUA expected to detect this behavior and discourage it? > > My experience is that most users (outside of peculiar types like IETF > participants) have no idea that there is any quoted and attributed text > pasted into their e-mails in the first place. They simply type where > the cursor is placed ("top-posting"), and carry on, oblivious to > whatever stuff the MUA injected below their cursor. > > Such a user will not curse if there is no quoted and attributed text; > they simply won't notice. The MUAs job is to avoid accidentally leaking > the user's cleartext, not to prevent the user from deliberately leaking > cleartext. > > If the user decides to paste sensitive material of any kind into a > cleartext message (e.g., credit card numbers, passwords, or cleartext > copies of other messages) there's really nothing that an MUA can do > about it (though i can imagine some fancier MUAs having a "it looks like > this cleartext e-mail contains a credit card number; are you sure you > want to send it?" feature, the same way that some MUAs capable of simple > sentiment analysis or word selection scoring might say "this e-mail > message looks rather heated; would you like to wait 10 minutes to cool > off and review before sending it?" > > But that kind of work is pretty clearly outside the scope of > e2e-mail-guidance :) > > I really appreciate the time you took to review the draft! > > --dkg
- [lamps] Gen-ART Last Call review of draft-ietf-la… Paul Kyzivat
- Re: [lamps] Gen-ART Last Call review of draft-iet… Daniel Kahn Gillmor
- Re: [lamps] Gen-ART Last Call review of draft-iet… Paul Kyzivat
- Re: [lamps] Gen-ART Last Call review of draft-iet… Daniel Kahn Gillmor
- Re: [lamps] Gen-ART Last Call review of draft-iet… Paul Kyzivat
- Re: [lamps] Gen-ART Last Call review of draft-iet… Paul Wouters