Re: [lamps] Fwd: [Bimi] New Version Notification for draft-blank-ietf-bimi-00.txt
Wei Chuang <weihaw@google.com> Sat, 09 February 2019 21:54 UTC
Return-Path: <weihaw@google.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E583130F8E for <spasm@ietfa.amsl.com>; Sat, 9 Feb 2019 13:54:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.5
X-Spam-Level:
X-Spam-Status: No, score=-17.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RCx6DRGITHps for <spasm@ietfa.amsl.com>; Sat, 9 Feb 2019 13:54:46 -0800 (PST)
Received: from mail-yb1-xb29.google.com (mail-yb1-xb29.google.com [IPv6:2607:f8b0:4864:20::b29]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 60DD4130F89 for <spasm@ietf.org>; Sat, 9 Feb 2019 13:54:46 -0800 (PST)
Received: by mail-yb1-xb29.google.com with SMTP id j189so2849642ybj.9 for <spasm@ietf.org>; Sat, 09 Feb 2019 13:54:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=c0AFCs6oS64lyGr8oydde1xEXhBOxggevsEgCZE6GTY=; b=i719DtoBsJ8jZbHpF6MYKFkWCN1wjQri2gBSftgKmf1QR85xmfTlx6OzHHFzkTIYGq pPssXVRH1Wz/dCouJxRkI75wo9BAI0tzaH4l3HBnp1Wdh4F88CvPJFvHfnOf3/zRonyK 8ircC6vIO2OrV1os7aFKkiF2jUVdXegfDdrRqeQw4Zp+OXaZBL5vpjZ2MdeRWrU42rMg 7MRA6G7ke9Uc369PmtDZ8+phySLEWGYUZkJKEEmoI4zo013TDlQHfJIX96oboP4qKzD/ 0kqG3kD5X50X6ficgVbc5RXK3+5dJH/CBp0XHvD/52A8y4P9FlWmcaK/76b1V1unKbtF acNg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=c0AFCs6oS64lyGr8oydde1xEXhBOxggevsEgCZE6GTY=; b=fbE7lObFxswv2fqVVcrzupYbnfT40wj37kJOo7guOUL8NcMMibXyUCyW+FVPVEHCi6 tdXTgSekvB1Jr68jBkRk7O5rqPk9O9s085Vhj3Y9b5AnEYGf5b4RpnTbdVMTCzK+fSPd tOs0sMePhcY7/KQog3quMK+Jlb/zyUv6hIM+ONnEZ3snucp3zrfS6iFW1f30rmykpfG7 QyQPk+r+Jd0q2fv1BKJPRT9Av+yXriE/9c/p+mWEwTfzekoybJAv8qCbe3/fyK8Shida UL6t9YVQmj9nHpDkExunauEpsBRNFUW2BlrKe/Iky1vdlP0OWG7FGD/u30vHajFlER+N AeqQ==
X-Gm-Message-State: AHQUAubBtU4QkmFA3/c74CI5gl2HuwBzpvH9B/xGiErKz5gCGmIhjBYh 5vUaQ8L2DZn5xLHtzRnV6Cktu+1FJVzd8MmCyrhvcDxeywE=
X-Google-Smtp-Source: AHgI3IYG2VZyXjyp1nbb7Ul6v+gwIOqPRLc3ymbKZxGE0HfMJKJjVGWZ+6c5h1R4f6kwSvajLRP4UD41fZs7FBaIfnE=
X-Received: by 2002:a25:6645:: with SMTP id z5mr13106408ybm.314.1549749284391; Sat, 09 Feb 2019 13:54:44 -0800 (PST)
MIME-Version: 1.0
References: <CAD2i3WMP=-id4aCexu71fXRiVkdN3L6v5p7E1yJVRAwk0vmkfA@mail.gmail.com> <CAAFsWK2kUpHjGSo53=gOLrzFbnA6rqsGwyB6TyeK4xBKN=VmQw@mail.gmail.com> <3cbf4861-94ab-6623-86ad-a13d292d3393@cs.tcd.ie> <CAAFsWK2rtbmT=+KhGBWDJYd84GzsAHnH_QSVPUDL4Lx27Fv0ag@mail.gmail.com> <d5e1e259-4d12-95e6-e294-a00dd2f50092@cs.tcd.ie>
In-Reply-To: <d5e1e259-4d12-95e6-e294-a00dd2f50092@cs.tcd.ie>
From: Wei Chuang <weihaw@google.com>
Date: Sat, 09 Feb 2019 13:54:30 -0800
Message-ID: <CAAFsWK0uVcjb67QJA44X4m9_B-NnDpaoGXFvQxw+OLx7uGpFfw@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: SPASM <spasm@ietf.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="000000000000a7ba1605817d1ffe"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/JLPmCWWw1NJYhQOAnaoiznxtXho>
Subject: Re: [lamps] Fwd: [Bimi] New Version Notification for draft-blank-ietf-bimi-00.txt
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 09 Feb 2019 21:54:50 -0000
On Sat, Feb 9, 2019 at 11:45 AM Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > > > On 09/02/2019 19:05, Wei Chuang wrote: > > It is intended to support privacy, > > "In its most basic setup, a BIMI-capable MUA could retrieve that > image file directly from the site specified in the BIMI record." > > It could well be that if various actors all do the right thing, > that bimi might not be privacy invasive. If however, any of the > relevant actors aren't careful, this becomes a tracking device, > as per the quoted text above. There are enough of those in mail > bodies already and we shouldn't be standardising such tracking > schemes in headers IMO. > Privacy is something the IETF process can very much help with, by providing constraints on the parts of the specification that impacts privacy that would otherwise be overlooked or worse. Take for instance the choice of CRLs vs OCSPs. Our initial starting point in the Authindicators working group* was only requiring CRLs indeed due to privacy, and intentionally not stating anything about OCSPs. The CA that we were working with this added as optional because it was something they already supported. I don't think they meant OCSP support to be privacy invasive in any form and since we had our as required support for CRLs we were fine. What the IETF process can do is provide many additionally eyes on the specification, with a strong interest in security and privacy. Making privacy mandatory in the specification is something that the IETF process can make sure happens. * The Authindicators working group is an informal group of individuals and companies in the space of email providers and authentication consultancy that has been developing BIMI so far. The intent now is to bring the BIMI specification to IETF if possible for further feedback and standardization work. -Wei I see no merit in bimi myself, only downsides. > > S. > > > > though it is up to email providers and > > clients to do the right thing. It uses certificates that carry the logo > > (and other identity information) and assert 3rd party validation without > > interacting with another server. Our intent is that these certificates > are > > meant to be fetched at delivery and stored by email provider for the > > client, though such a fetch could be done by the client at use. Along > > those lines, for revocation checks, the guidelines requires that CAs to > > provide CRLs though OCSPs are allowed. > > > > -Wei > > > > On Sat, Feb 9, 2019 at 8:53 AM Stephen Farrell < > stephen.farrell@cs.tcd.ie> > > wrote: > > > >> > >> I've not yet subscribed to that bimi list but... > >> > >> As a user of email I do not want more crap in messages that > >> user agents might de-reference thereby increasing how much > >> I am tracked and my devices' attack surfaces. So my starting > >> position is that I need to be convinced bimi is not just a > >> bad idea. > >> > >> S. > >> > >> On 09/02/2019 16:36, Wei Chuang wrote: > >>> Hi all, > >>> > >>> I'm cross posting to the LAMPS mailing list for visibility, that there > >> is a > >>> new mailing list for Brand Indicators for Message Identification (BIMI) > >>> which allows for logos to be displayed by an email recipient. This is > of > >>> interest to LAMPS since a secured part of the specification uses > >> X.509/PKIX > >>> certificates to carry these logos and assert a 3rd party validation. A > >>> while back, I posted here a draft requesting a new certificate Extended > >> Key > >>> Usage value to distinguish these logo carrying certificate which linked > >>> below. Also described below is the validation procedure for the > >>> certificate based on web Extended Validation (EV) but built upon to > >> handle > >>> the logo validation. I also have a security justification document > that > >> I > >>> hope to turn into an IETF informational draft that will help justify > the > >>> security of the logo and other information carried in the certificate. > >> We > >>> look forward to your comments and questions on the BIMI list. > >>> https://www.ietf.org/mailman/listinfo/bimi > >>> > >>> -Wei > >>> > >>> ---------- Forwarded message --------- > >>> From: Seth Blank <seth@sethblank.com> > >>> Date: Wed, Feb 6, 2019 at 12:11 PM > >>> Subject: [Bimi] New Version Notification for > draft-blank-ietf-bimi-00.txt > >>> To: <bimi@ietf.org> > >>> > >>> > >>> I've uploaded two documents as I-Ds to kick off IETF discussions around > >>> BIMI. Both these documents need a good deal of work, but are ready for > >>> public discussion. > >>> > >>> For BIMI publishing and usage: > >>> - https://tools.ietf.org/html/draft-blank-ietf-bimi-00 > >>> - https://tools.ietf.org/html/draft-brotman-ietf-bimi-guidance-00 > >>> > >>> For logo validation: > >>> - https://tools.ietf.org/html/draft-chuang-bimi-certificate-00 > >>> - > >>> > >> > https://docs.google.com/document/d/10IzxkdrveDazBAvTvOUa9uCIDBwMkdmluwHEcbja42w/edit?usp=sharing > >>> > >>> At a high level, these documents have several issues to be worked > >> through: > >>> > >>> 1) The intent is for this to be globally accessible to any domain > owner, > >>> but the current mechanisms are more approachable to larger > organizations > >> in > >>> first world countries > >>> a) We need a discussion of what other validation mechanisms could > work > >>> at scale (our expectation is to have several, signposted weakly in the > >>> draft) > >>> b) We need a way to properly reflect this in the proposed a= tag > >>> > >>> 2) BIMI is NOT a new authentication mechanism, nor does it make ANY > >> claims > >>> about user security or trust in the inbox. However, in places this > draft > >>> may be unclear. How do we make this clearer while still explaining why > >>> standardizing this process is important, without crossing the line into > >> UX > >>> or trust, of which BIMI is neither? > >>> > >>> 3) Right now, security surrounding logos is limited to SVGs per > >>> https://tools.ietf.org/html/rfc6170#section-5.2. There's clearly more > >>> that's needed here, especially against attacks that rely on > steganography > >>> or resizing vectors, etc. > >>> > >>> 4) Other nits for draft-blank-ietf-bimi: > >>> > >>> a) The structure needs work, as do the Introduction and Overview > >>> b) Some of the technical construction feels like it could be > >>> dramatically simplified > >>> c) Section 8.2 mentions hashes with no definition or clarity > >>> d) The uses of MTA, MUA, and Mail Receiver feel like they overlap > each > >>> other left and right > >>> i) And the document is heavily focused on larger receivers where > >>> this distinction is clear, but doesn't give any thought to other > >> receiving > >>> architectures at all, especially mail clients that are the entire stack > >>> > >>> Several authors of these documents will be in Prague, we're looking > >> forward > >>> to the conversations over the next few weeks and face to face! > >>> > >>> Seth > >>> > >>> ---------- Forwarded message --------- > >>> From: <internet-drafts@ietf.org> > >>> Date: Wed, Feb 6, 2019 at 11:11 AM > >>> Subject: New Version Notification for draft-blank-ietf-bimi-00.txt > >>> > >>> > >>> A new version of I-D, draft-blank-ietf-bimi-00.txt > >>> has been successfully submitted by Seth Blank and posted to the > >>> IETF repository. > >>> > >>> Name: draft-blank-ietf-bimi > >>> Revision: 00 > >>> Title: Brand Indicators for Message Identification (BIMI) > >>> Document date: 2019-02-06 > >>> Group: Individual Submission > >>> Pages: 26 > >>> URL: > >>> https://www.ietf.org/internet-drafts/draft-blank-ietf-bimi-00.txt > >>> Status: > https://datatracker.ietf.org/doc/draft-blank-ietf-bimi/ > >>> Htmlized: https://tools.ietf.org/html/draft-blank-ietf-bimi-00 > >>> Htmlized: > >> https://datatracker.ietf.org/doc/html/draft-blank-ietf-bimi > >>> > >>> > >>> Abstract: > >>> Brand Indicators for Message Identification (BIMI) permits Domain > >>> Owners to coordinate with Mail User Agents (MUAs) to display brand- > >>> specific Indicators next to properly authenticated messages. There > >>> are two aspects of BIMI coordination: a scalable mechanism for > Domain > >>> Owners to publish their desired indicators, and a mechanism for Mail > >>> Transfer Agents (MTAs) to verify the authenticity of the indicator. > >>> This document specifies how Domain Owners communicate their desired > >>> indicators through the BIMI assertion record in DNS and how that > >>> record is to be handled by MTAs and MUAs. The domain verification > >>> mechanism and extensions for other mail protocols (IMAP, etc.) are > >>> specified in separate documents. MUAs and mail-receiving > >>> organizations are free to define their own policies for indicator > >>> display that makes use or not of BIMI data as they see fit. > >>> > >>> > >>> > >>> > >>> Please note that it may take a couple of minutes from the time of > >> submission > >>> until the htmlized version and diff are available at tools.ietf.org. > >>> > >>> The IETF Secretariat > >>> > >>> > >>> _______________________________________________ > >>> Spasm mailing list > >>> Spasm@ietf.org > >>> https://www.ietf.org/mailman/listinfo/spasm > >>> > >> > > > > > > _______________________________________________ > > Spasm mailing list > > Spasm@ietf.org > > https://www.ietf.org/mailman/listinfo/spasm > > >
- [lamps] Fwd: [Bimi] New Version Notification for … Wei Chuang
- Re: [lamps] Fwd: [Bimi] New Version Notification … Stephen Farrell
- Re: [lamps] Fwd: [Bimi] New Version Notification … Wei Chuang
- Re: [lamps] Fwd: [Bimi] New Version Notification … Stephen Farrell
- Re: [lamps] Fwd: [Bimi] New Version Notification … Wei Chuang