[Spasm] Spasm work for mail header security?
Wei Chuang <weihaw@google.com> Fri, 27 May 2016 18:00 UTC
Return-Path: <weihaw@google.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A371F12DB24 for <spasm@ietfa.amsl.com>; Fri, 27 May 2016 11:00:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.126
X-Spam-Level:
X-Spam-Status: No, score=-4.126 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z_Z9_hOMueWR for <spasm@ietfa.amsl.com>; Fri, 27 May 2016 11:00:06 -0700 (PDT)
Received: from mail-oi0-x230.google.com (mail-oi0-x230.google.com [IPv6:2607:f8b0:4003:c06::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0723012DB41 for <spasm@ietf.org>; Fri, 27 May 2016 10:59:58 -0700 (PDT)
Received: by mail-oi0-x230.google.com with SMTP id k23so185615943oih.0 for <spasm@ietf.org>; Fri, 27 May 2016 10:59:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:from:date:message-id:subject:to; bh=mqtpL+o5w7tkc3OIT8qTk+cgYngHRWJFsYXo0v1yTE4=; b=mk2jXZxdbwWvaTamtmr0FNBZL3+/Mff82Crcr8d6xROEM774ST4C8f3LZL1cMBjixi QYMp6G5J2iOVJWw2G5qowt0ijha9lgqrBgckyf4U9Zw44Vx73YmRAAXvXBw4HseTQ48K dmlWwPyV3ouya8yUlsmbyj6x7S8YPAMauxMiylfOpKW6AmD7EE+bGn9a4ntB1FTdv1IY NHfm5RtdFC5OJyb34MPp0PX9N0MZlc6arMruF2ZOzUT2qE95Vsn51FS/1aOTUdvLeWei dDH5sY2ubZJw76SqA5S6JPJbzgZnckbzpe6JRc/9w0b7MvS2FLgZ5tGBYhidjUZ1q25c 7D8A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=mqtpL+o5w7tkc3OIT8qTk+cgYngHRWJFsYXo0v1yTE4=; b=b2GDj7RkRKH7hO6Vw4iAOaypORfLYzaVYwi8XtuASwfyCqx9WlDsMKmuwFu18CcsdN PqWWzJm5tYIPwEhXBi716BBpJQ7t149fhokoG8ok5OQnfZzT8jxqVMq/vGZAzqgKa1CN AhfZ2v1OLSpL3UM/0gRCKbmcuc7rhPIZGz97/Vqq0lA8p+XR1EsWVlzPQDW8xLXOSoah eiy7HTybVDu83f1tegvnxHopoyWzT6IWIQCpQIyEzcvgqdh9f01L7tJI40+tQ13tK6Cp h8p3Eh5WitRdI3fzYMIwu8hNvDzTBLYBuRJTahqYvTTfcHaNmDFt4M9313viOM3NPhub eZHw==
X-Gm-Message-State: ALyK8tLzqp9q24ILGGQX0cbxciLtp/PTAlGSFwCwX6OPl4oB7/vo6tdLwv1F7fxvHWC8vbRqmv6GnLKHwiRsNw7k
X-Received: by 10.157.11.103 with SMTP id p36mr11021676otd.21.1464371997285; Fri, 27 May 2016 10:59:57 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.157.1.67 with HTTP; Fri, 27 May 2016 10:59:56 -0700 (PDT)
From: Wei Chuang <weihaw@google.com>
Date: Fri, 27 May 2016 10:59:56 -0700
Message-ID: <CAAFsWK03N=GV_EgKHscOA3_QBh-cZ2TSmYRr2UZYAP_mLRMhXA@mail.gmail.com>
To: spasm@ietf.org
Content-Type: multipart/alternative; boundary="001a1135d108b7ff3f0533d6ac21"
Archived-At: <http://mailarchive.ietf.org/arch/msg/spasm/Lxqb6vttvJBhXFemners6X1CHn8>
Subject: [Spasm] Spasm work for mail header security?
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 May 2016 18:00:07 -0000
Hi folks, Header privacy and security with S/MIME (and PGP) has long been an important topic. One just has to look in the S/MIME archive to see that it has been discussed at least four times with mention of significant discussions at IETF meetings. While mechanisms are well described in RFC 5751 (header wrapping in message/rfc822) and alternatively in RFC 7508 (Secured Headers as signed attributes), when to use it and what headers should be secured are both open issues and should be standardized. The latter I'm told is hard issue but if progress can be made standardizing just the behavior for "Subject" much progress will be made. So I'm asking if Spasm is interested in working on this? The work could be incorporated into draft-schaad-rfc5751-bis-00 or as a new draft. I'm willing to work on an implementation for this. thanks, -Wei
- [Spasm] Spasm work for mail header security? Wei Chuang