IETF Logo Mail Archive

Re: [lamps] Proposed addition of header protection to the LAMPS charter

Russ Housley <housley@vigilsec.com> Fri, 21 December 2018 13:03 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 39A2D124BAA for <spasm@ietfa.amsl.com>; Fri, 21 Dec 2018 05:03:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4OqsXW2FcYHg for <spasm@ietfa.amsl.com>; Fri, 21 Dec 2018 05:03:12 -0800 (PST)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4077712426A for <spasm@ietf.org>; Fri, 21 Dec 2018 05:03:12 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 699383009FB for <spasm@ietf.org>; Fri, 21 Dec 2018 08:03:10 -0500 (EST)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id p9W7pPOLdUik for <spasm@ietf.org>; Fri, 21 Dec 2018 08:03:09 -0500 (EST)
Received: from [192.168.1.161] (pool-108-45-137-105.washdc.fios.verizon.net [108.45.137.105]) by mail.smeinc.net (Postfix) with ESMTPSA id F3D5130005C; Fri, 21 Dec 2018 08:03:08 -0500 (EST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <alpine.DEB.2.20.1812211039240.882@softronics.hoeneisen.ch>
Date: Fri, 21 Dec 2018 08:03:09 -0500
Cc: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, LAMPS WG <spasm@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <6C7FBB0D-1146-4DE8-AA56-76B0586C8807@vigilsec.com>
References: <DC188C55-6FDE-4E64-9151-54815E96B50B@vigilsec.com> <87bm5hxdn0.fsf@fifthhorseman.net> <alpine.DEB.2.20.1812211039240.882@softronics.hoeneisen.ch>
To: Bernie Hoeneisen <bernie@ietf.hoeneisen.ch>
X-Mailer: Apple Mail (2.3445.102.3)
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/DrLTyD5j1uuNk4U-2WrjDfIFeOc>
Subject: Re: [lamps] Proposed addition of header protection to the LAMPS charter
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Dec 2018 13:03:14 -0000

Bernie:
> 
> I am confused about the origin of the "proposed charter text" you are refering to and suggesting to amend:
> 
>> +7. Specify a mechanism for the cryptographic protection of e-mail
>> +headers.  Most current implementations protect only the body of the
>> +message, which leaves significant room for attacks against
>> +otherwise-protected messages.  Cryptographic protection (both for
>> +signatures and encryption) which applies to the headers in conjunction
>> +with the message body are necessary to close significant security and
>> +usability gaps in cryptographically-protected electronic mail.
> 
> Who drafted this charter text proposal and where has this been published before? I have been unable to find any traces on this mailing list. Does this origine from an IETF external source? Or is there some (hidden?) venue I am not aware of?
> 
> Thanks in advance for enlightening me on this process question.

This was discussed at the last two IETF meeting, and an individual Internet-Draft was posted.  In the room at the Bangkok IETF, people thought this was something the group should work on.  It is not covered by the current charter, so DKG is proposing charter text.

Russ

v2.23.0 | Report a Bug | By Email