IETF Logo Mail Archive

Re: [lamps] Proposed addition of header protection to the LAMPS charter

"John Levine" <johnl@taugh.com> Thu, 20 December 2018 03:54 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 93360130F4A for <spasm@ietfa.amsl.com>; Wed, 19 Dec 2018 19:54:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.699
X-Spam-Level:
X-Spam-Status: No, score=-1.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1536-bit key) reason="fail (message has been altered)" header.d=iecc.com header.b=eWt64v7L; dkim=fail (1536-bit key) reason="fail (message has been altered)" header.d=taugh.com header.b=ZNGAg7sc
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w1uM-_YdC301 for <spasm@ietfa.amsl.com>; Wed, 19 Dec 2018 19:54:42 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D6209130F1A for <spasm@ietf.org>; Wed, 19 Dec 2018 19:54:41 -0800 (PST)
Received: (qmail 23958 invoked by uid 100); 20 Dec 2018 03:54:38 -0000
Date: Thu, 20 Dec 2018 03:54:38 -0000
Message-ID: <pvf3pu$ms1$1@gal.iecc.com>
From: John Levine <johnl@taugh.com>
To: spasm@ietf.org
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:subject:references:cleverness; s=5d8e.5c1b127e.k1812; i=news@user.iecc.com; bh=AvanKBIJNaFOzHOMbxIGMunXfCnHr1uapEMmtLNHzkQ=; b=eWt64v7LQxzJWgQeqMlChGDE8VqMiB3SzMPCkv52m7HwxuDp13VmsprKhSJyGXKKtdKplRr0Jau6BlkwBtfFxTauVTtM+XJ/fZB5Vby0y6zTiQdL0H88J/qWjV58lWqBwFiyk0SPaMR8YxHmP4CBAPP1YcwaL0v85x/vAlrkW8ERxpPZ7LUxh1Fk8aUcCiP/ljqUvt5yJz9zdw+Exb7H5KHQlO3ZcozM5rMfD27Bdz+Z+L705IeDLPUJ164rrQbG
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:subject:references:cleverness; s=5d8e.5c1b127e.k1812; olt=news@user.iecc.com; bh=AvanKBIJNaFOzHOMbxIGMunXfCnHr1uapEMmtLNHzkQ=; b=ZNGAg7sc1iDqdId4xHo4LzzcmPY0nNRgGc6wsdAyYrcL+d5dbym9H2Yqap1gRNt9Jz/28fSoQB0Haw+qxu1dV0Br5N9QLlfsBQnnIg3Wjvy1PH34yX6bhxKkemu8hjchR4D03keIhZIZs5W0o1NMDedTGhlERhYYT6bk2TWJI0l+bskUFzkTjF7V2dKbR/W/tV43WxDtw5K5oGBbdN9PZkX1AnWpiuQlbvCXybY4rxu4lDJnyU75KKlJFasb0v6C
Organization: Taughannock Networks
References: <DC188C55-6FDE-4E64-9151-54815E96B50B@vigilsec.com><DC188C55-6FDE-4E64-9151-54815E96B50B@vigilsec.com> <87bm5hxdn0.fsf@fifthhorseman.net>
Cleverness: some
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
Originator: johnl@iecc.com (John Levine)
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/KhyC-w7XcYPK2avsjygHjgFCuV0>
Subject: Re: [lamps] Proposed addition of header protection to the LAMPS charter
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Dec 2018 03:54:43 -0000

In article <87bm5hxdn0.fsf@fifthhorseman.net>,
Daniel Kahn Gillmor  <dkg@fifthhorseman.net> wrote:
>--- a/lamps-charter.txt
>+++ b/lamps-charter.txt
>@@ -58,6 +58,14 @@ certificate for a trust anchor, which is often called a Root
> Certification Authority (CA) certificate, to identify the next
> public key that will be used by the trust anchor.
> 
>+7. Specify a mechanism for the cryptographic protection of e-mail
>+headers.  Most current implementations protect only the body of the
>+message, which leaves significant room for attacks against
>+otherwise-protected messages.  Cryptographic protection (both for
>+signatures and encryption) which applies to the headers in conjunction
>+with the message body are necessary to close significant security and
>+usability gaps in cryptographically-protected electronic mail.
>+
> In addition, the LAMPS WG may investigate other updates to documents
> produced by the PKIX and S/MIME WGs, but the LAMPS WG shall not adopt
> any of these potential work items without rechartering.
>
>happy to hear any concerns or suggestions for improvement!

Seems reasonable but you might want to be sure you're clear why this
is different from DKIM, which does after all sign headers now.

-- 
Regards,
John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly

v2.23.0 | Report a Bug | By Email