Re: [lamps] Common Protected Header practice documented (was "Memory Hole")
Alexey Melnikov <alexey.melnikov@isode.com> Thu, 09 July 2020 09:44 UTC
Return-Path: <alexey.melnikov@isode.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DEE2B3A09EB for <spasm@ietfa.amsl.com>; Thu, 9 Jul 2020 02:44:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isode.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G4isrtaMgJg2 for <spasm@ietfa.amsl.com>; Thu, 9 Jul 2020 02:44:07 -0700 (PDT)
Received: from waldorf.isode.com (waldorf.isode.com [62.232.206.188]) by ietfa.amsl.com (Postfix) with ESMTP id 00C8E3A09E9 for <spasm@ietf.org>; Thu, 9 Jul 2020 02:44:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1594287845; d=isode.com; s=june2016; i=@isode.com; bh=pfYgv60DMLT4clTi8jh3OcyN64ZZ3vNwqvZ75EU8b50=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=SHvx9MR/6NxgRHzoWO4PwZEUgI97M8lsHnowdRMyZ952GnfBmcAGnJkixeEWU6ChdKePj8 0tADTQO9ecglw3j2/vjIT8IPrl1CG42oNPMhOO65uQyZV+rTGtyHTlupqvo1wKuBdFhgb6 QKciuo6dIVOhxOIEEVCMdf97sI0rmWs=;
Received: from [192.168.1.222] (host81-151-37-172.range81-151.btcentralplus.com [81.151.37.172]) by waldorf.isode.com (submission channel) via TCP with ESMTPSA id <Xwbm5AAkBjm-@waldorf.isode.com>; Thu, 9 Jul 2020 10:44:05 +0100
To: Bernie Hoeneisen <bernie@ietf.hoeneisen.ch>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Cc: IETF LAMPS WG <spasm@ietf.org>
References: <87ftj3pczs.fsf@fifthhorseman.net> <alpine.DEB.2.22.394.2006141339010.57529@softronics.hoeneisen.ch>
From: Alexey Melnikov <alexey.melnikov@isode.com>
Message-ID: <63b2a258-b471-084a-37dc-695f6de2fb75@isode.com>
Date: Thu, 09 Jul 2020 10:43:42 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0
In-Reply-To: <alpine.DEB.2.22.394.2006141339010.57529@softronics.hoeneisen.ch>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------8CA5C91DAB121BB1F459F4EF"
Content-Language: en-GB
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/R-3YEtmvKRrAflUwodTv0xkTIZE>
Subject: Re: [lamps] Common Protected Header practice documented (was "Memory Hole")
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jul 2020 09:44:10 -0000
Hi Bernie, Just to close the loop on this: On 14/06/2020 15:10, Bernie Hoeneisen wrote: > Hi Daniel > > Thanks for this great document! I was finally able to read and assess > it. I believe it is quite useful to assist in finding a solution for > our chartered work item on Header Protection. > > I have some questions related to the S/MIME examples: > > 1) The examples you provide for S/MIME have a simple structure, i.e. > the body consist of a single MIME entity. How would an example look > with the solution your are proposing, if it was a tree of MIME > entities (e.g. text and html as multipart/alternative)? > > 2) In the examples (e.g. 9.2.) you are using "Content-Type: > text/plain", however the content appears to be a full "message/rfc822" > email. To me this looks like a mismatch between Media-Type and > Content. To my understanding, whatever is in "Content-Type: > text/plain" is unformated and is not guaranteed to be parsable. > However your proposal suggests to parse this to replace the outer > header fields. Have I misunderstood anything? So the protected body part in that example is: Content-Type: text/plain; charset="us-ascii"; protected-headers="v1" From: Alice Lovelace <alice@smime.example> To: Bob Babbage <bob@smime.example> Date: Tue, 26 Nov 2019 20:03:00 -0400 Subject: The FooCorp contract Message-ID: <smime-multipart-signed@protected-headers.example> Bob, we need to cancel this contract. Please start the necessary processes to make that happen today. (this is the 'smime-multipart-signed' message) Thanks, Alice -- Alice Lovelace President Example Corp This is a correct body part (using RFC 2045 terminology) of media type "text/plain". Presence of "From" or "Subject" doesn't change its media type. BNF for body part header is described in Section 3 of RFC 2045: MIME-part-headers := entity-headers [ fields ] ; Any field not beginning with ; "content-" can have no defined ; meaning and may be ignored. ; The ordering of the header ; fields implied by this BNF ; definition should be ignored. Best Regards, Alexey > Looking forward to your answer! > > cheers, > Bernie > > -- > > http://ucom.ch/ > Modern Telephony Solutions and Tech Consulting for Internet Technology > > > On Mon, 4 Nov 2019, Daniel Kahn Gillmor wrote: > >> Hey LAMPS folks-- >> >> At (and shortly after) the OpenPGP e-mail summit [0], a group of MUA >> developers went ahead and documented the way that several of us have >> been handling header protection in a backward-compatible way. >> >> This bundle of techniques used to be known as "Memory Hole" a while back >> but for a couple years now we've been calling it just "Protected >> Headers", since "Memory Hole" was confusing and weird for some people. >> >> Hopefully this document can serve as input for appendix A.1.1 of >> draft-ietf-lamps-header-protection-requirements-01 [1]. >> >> The new draft is at: >> >> https://datatracker.ietf.org/doc/draft-autocrypt-lamps-protected-headers/ >> >> (it's "draft-autocrypt-…" because it's not a single-person draft, and >> because most of the experience we have in this comes from >> implementations actively engaged in the Autocrypt project [2]. But it is >> not a formal part of the Autocrypt specifications at this time, and it >> is not intended to ever be limited to Autocrypt implementations.) >> >> To whet your appetite, the summary: >> >> ------- >> The Protected Headers scheme relies on three backward-compatible >> changes to a cryptographically-protected e-mail message: >> >> * Headers known to the composing MUA at message composition time are >> (in addition to their typical placement as Exposed Headers on the >> outside of the message) also present in the MIME header of the >> root of the Cryptographic Payload. These Protected Headers share >> cryptographic properties with the rest of the Cryptographic >> Payload. >> >> * When the Cryptographic Envelope includes encryption, any Exposed >> Header MAY be _obscured_ by a transformation (including deletion). >> >> * If the composing MUA intends to obscure any user-facing headers, >> it MAY add a decorative "Legacy Display" MIME part to the >> Cryptographic Payload which additionally duplicates the original >> values of the obscured user-facing headers. >> >> When a composing MUA encrypts a message, it SHOULD obscure the >> "Subject:" header, by using the literal string "..." (three U+002E >> FULL STOP characters) as the value of the exposed "Subject:" header. >> >> When a receiving MUA encounters a message with a Cryptographic >> Envelope, it treats the headers of the Cryptographic Payload as >> belonging to the message itself, not just the subpart. In >> particular, when rendering a header for any such message, the >> renderer SHOULD prefer the header's Protected value over its Exposed >> value. >> >> A receiving MUA that understands Protected Headers and discovers a >> Legacy Display part SHOULD hide the Legacy Display part when >> rendering the message. >> ------- >> >> Please don't be put off by the draft length -- nearly half of the >> document consists of test vectors that implementers can use to verify >> their ability to consume well-formed, protected-header messages. >> >> I'd be happy to present this work in Singapore if there's space on the >> agenda. >> >> Feedback, critiques, comments, etc, are all welcome. >> >> Regards, >> >> --dkg >> >> [0] https://wiki.gnupg.org/OpenPGPEmailSummit201910 >> [1] >> https://tools.ietf.org/html/draft-ietf-lamps-header-protection-requirements-01#appendix-A.1.1 >> [2] https://autocrypt.org/ >> > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm
- [lamps] Common Protected Header practice document… Daniel Kahn Gillmor
- Re: [lamps] Common Protected Header practice docu… Bernie Hoeneisen
- Re: [lamps] Common Protected Header practice docu… Alexey Melnikov
- Re: [lamps] Common Protected Header practice docu… Bernie Hoeneisen