Re: [lamps] S/MIME fix
Alexey Melnikov <alexey.melnikov@isode.com> Wed, 16 May 2018 17:51 UTC
Return-Path: <alexey.melnikov@isode.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8FC1B12D9FF for <spasm@ietfa.amsl.com>; Wed, 16 May 2018 10:51:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.99
X-Spam-Level:
X-Spam-Status: No, score=-1.99 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isode.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ldmK_Rh0_qFk for <spasm@ietfa.amsl.com>; Wed, 16 May 2018 10:51:51 -0700 (PDT)
Received: from waldorf.isode.com (waldorf.isode.com [62.232.206.188]) by ietfa.amsl.com (Postfix) with ESMTP id 45453126CF6 for <SPASM@ietf.org>; Wed, 16 May 2018 10:51:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1526493110; d=isode.com; s=june2016; i=@isode.com; bh=xsI7VEsIq+FYBO+ZPCKYLsLA9Axz8lP41cs0Vs4kHm0=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=O8BH6GkRtXuf6SZdvZHyx/9AoxY+Ngqi/piXYoyv96sWT8e8wysFo4glbW3HJzkyIq5Ja2 SEOQK2FwALhA4b2J7zdyyeMdcW6+9lvM/v+NMDPtomLunbxpCZFXT4FsfCY3nLcLZVnWKu wCUxsVeVt3WcwVIHLQPCrEWhBOjw5k0=;
Received: from [172.20.1.215] (dhcp-215.isode.net [172.20.1.215]) by waldorf.isode.com (submission channel) via TCP with ESMTPSA id <WvxvtgAIWVAE@waldorf.isode.com>; Wed, 16 May 2018 18:51:50 +0100
To: Jim Schaad <ietf@augustcellars.com>, 'Phillip Hallam-Baker' <phill@hallambaker.com>, 'SPASM' <SPASM@ietf.org>
References: <CAMm+Lwj=VTBHYxH-iOaqEUHxALpBfSXWG3p0+xxUnY+o4CmGvA@mail.gmail.com> <559ab3c7-ee5f-22b9-ef02-c091765011d2@isode.com> <04ca01d3ed3c$5c158050$144080f0$@augustcellars.com>
From: Alexey Melnikov <alexey.melnikov@isode.com>
Message-ID: <951633c7-0cad-58e7-236c-bb82e44c9e9f@isode.com>
Date: Wed, 16 May 2018 18:51:32 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2
In-Reply-To: <04ca01d3ed3c$5c158050$144080f0$@augustcellars.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------54CA522A61D206B9D85D6203"
Content-Language: en-GB
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/IXVbc7BZHNjDy5cQGouigu0KxN4>
Subject: Re: [lamps] S/MIME fix
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 May 2018 17:51:53 -0000
On 16/05/2018 18:35, Jim Schaad wrote: > I will note that unless multipart/mixed has some special text > associated with it. Text/html is defined by RFC 1866 to only hold a > single HTML document. Thus building an HTML document from multiple > parts is not according to Hoyle. > Yes, but people do this anyway, as separate HTML body parts are frequently valid HTML documents. So building from pieces works most(*) of the time. (*) spam and phishing nonwithstanding. > > > Jim > > *From:*Spasm <spasm-bounces@ietf.org> *On Behalf Of *Alexey Melnikov > *Sent:* Wednesday, May 16, 2018 7:49 AM > *To:* Phillip Hallam-Baker <phill@hallambaker.com>; SPASM <SPASM@ietf.org> > *Subject:* Re: [lamps] S/MIME fix > > Hi Philip, > > On 16/05/2018 15:28, Phillip Hallam-Baker wrote: > > Looking at eFail, surely the simplest fix is to require that an > HTML message body be presented in a single CMS envelope presented > in a single MIME part? > > > I am not sure what you mean here. A CMS envelope can contain > multipart/mixed within it, which is a perfectly valid use case (i.e. > if one wants to send some encrypted text together with some encrypted > attachments). > If you are talking about preventing the following construct: > > > content-type: multipart/mixed; > boundary=.f8231d7f-681b-442c-97cc-e6c5375d059d > > This is a multipart message in MIME format. > > --.f8231d7f-681b-442c-97cc-e6c5375d059d > content-type: text/html > ....some partial HTML... > --.f8231d7f-681b-442c-97cc-e6c5375d059d > content-disposition: inline; filename=smime.p7m > Content-Transfer-Encoding: base64 > content-type: application/pkcs7-mime; name=smime.p7m; smime-type=enveloped-data > ....encrypted HTML... > --.f8231d7f-681b-442c-97cc-e6c5375d059d > content-type: text/html > ....some partial HTML... > --.f8231d7f-681b-442c-97cc-e6c5375d059d-- > > > i.e. a multipart/mixed that contains a mixture of text/html and > application/pkcs7-mime, then I might agree with you. But this is not > really an S/MIME feature, it is a generic MIME feature. So maybe this > WG should write a document on best S/MIME implementation practices. > > > This would simplify the code substantially. While it is > conceivable someone has worked out a way to make use of this > mis-feature, I for one cannot imagine why Outlook, Thunderbird or > the like would ever do anything of the sort. > > Separately, we have interest in CAA for S/MIME. Surely we should > do ACME for S/MIME as well. > > > Not surprisingly, I agree. See draft-ietf-acme-email-smime-02 > > If we are going to do that, surely we should have a discussion of > what it would take to make end to end security the default for SMTP. > > I am not necessarily thinking of this as a LAMPS thing because we > also need to get CAs, probably CABForum involved and maybe the > OpenPGP folk. > > > Best Regards, > Alexey >
- Re: [lamps] S/MIME fix Alexey Melnikov
- [lamps] S/MIME fix Phillip Hallam-Baker
- Re: [lamps] S/MIME fix Alexey Melnikov
- Re: [lamps] S/MIME fix Jim Schaad
- Re: [lamps] S/MIME fix Phillip Hallam-Baker
- Re: [lamps] S/MIME fix Alexey Melnikov
- Re: [lamps] S/MIME fix Tim Hollebeek
- Re: [lamps] S/MIME fix Phillip Hallam-Baker
- Re: [lamps] S/MIME fix Stephen Farrell
- Re: [lamps] S/MIME fix Adam Roach
- Re: [lamps] S/MIME fix Tim Hollebeek
- Re: [lamps] S/MIME fix Stephen Farrell
- Re: [lamps] S/MIME fix Russ Housley
- Re: [lamps] S/MIME fix Russ Housley
- Re: [lamps] S/MIME fix Adam Roach
- Re: [lamps] S/MIME fix Phillip Hallam-Baker
- Re: [lamps] S/MIME fix Adam Roach
- Re: [lamps] S/MIME fix Ryan Sleevi
- Re: [lamps] S/MIME fix Russ Housley
- Re: [lamps] S/MIME fix Ryan Sleevi
- Re: [lamps] S/MIME fix Phillip Hallam-Baker
- Re: [lamps] S/MIME fix Phillip Hallam-Baker
- Re: [lamps] S/MIME fix Russ Housley