[lamps] Common Protected Header practice documented (was "Memory Hole")
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 04 November 2019 21:07 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC25012002E for <spasm@ietfa.amsl.com>; Mon, 4 Nov 2019 13:07:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b=gWubMUQC; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b=V52c6/xB
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RzbXnG0J1bSB for <spasm@ietfa.amsl.com>; Mon, 4 Nov 2019 13:07:08 -0800 (PST)
Received: from che.mayfirst.org (che.mayfirst.org [IPv6:2001:470:1:116::7]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A23491200CD for <spasm@ietf.org>; Mon, 4 Nov 2019 13:07:08 -0800 (PST)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1572901627; h=from : to : subject : date : message-id : mime-version : content-type : from; bh=ntB+jlkn0ZpCWobd2+zTABMO6DA+vmPs5xnbnNPikMI=; b=gWubMUQC2/g4x8sD58O1kwiDsNV7ek4U1zu8FDr1GkObCXW24oIngq1K C76QGGue29wPyMB6Lsfsg8oFhiHdAg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1572901627; h=from : to : subject : date : message-id : mime-version : content-type : from; bh=ntB+jlkn0ZpCWobd2+zTABMO6DA+vmPs5xnbnNPikMI=; b=V52c6/xBrDgcW5vPtMehAa7oyoBbM0pPIB4IEFzGdGdAFifKtOoldBW6 jojIh14mbtBOxzxdFiUvGknDC1n2Mz3oVlqYYpljSv5OEffKkcAY003ymj iWsfMwjO666he+cx01VryvY1jS9lI96si9RHZbA7IIrdefCL/cLT1r4VMT 0RPk8KkUfhHMgpTCywApeP1m9uJRBJcJLi98z7BVI3/pFOUNPMI0jDozFA VbwnbsPST0hOv81xpNaUPUw1MSrJZssUKtQXNB0055Z0lw9IwiQNHoPBgy 3z5Eg4ii/uVKZVr90Nr1gws8RZZ2nZb/GkX8/KV5F6o1C7aKAQV5Ig==
Received: from fifthhorseman.net (unknown [38.109.115.130]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id 8A974F9A5 for <spasm@ietf.org>; Mon, 4 Nov 2019 16:07:06 -0500 (EST)
Received: by fifthhorseman.net (Postfix, from userid 1000) id CC48220403; Mon, 4 Nov 2019 16:07:03 -0500 (EST)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: IETF LAMPS WG <spasm@ietf.org>
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEXEK/AhYJKwYBBAHaRw8BAQdAr/gSROcn+6m8ijTN0DV9AahoHGafy52RRkhCZVwxhEe0K0Rh bmllbCBLYWhuIEdpbGxtb3IgPGRrZ0BmaWZ0aGhvcnNlbWFuLm5ldD6ImQQTFggAQQIbAQUJA8Jn AAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBMS8Lds4zOlkhevpwvIGkReQOOXGBQJcQsbzAhkB AAoJEPIGkReQOOXG4fkBAO1joRxqAZY57PjdzGieXLpluk9RkWa3ufkt3YUVEpH/AP9c+pgIxtyW +FwMQRjlqljuj8amdN4zuEqaCy4hhz/1DbgzBFxCv4sWCSsGAQQB2kcPAQEHQERSZxSPmgtdw6nN u7uxY7bzb9TnPrGAOp9kClBLRwGfiPUEGBYIACYWIQTEvC3bOMzpZIXr6cLyBpEXkDjlxgUCXEK/ iwIbAgUJAeEzgACBCRDyBpEXkDjlxnYgBBkWCAAdFiEEyQ5tNiAKG5IqFQnndhgZZSmuX/gFAlxC v4sACgkQdhgZZSmuX/iVWgD/fCU4ONzgy8w8UCHGmrmIZfDvdhg512NIBfx+Mz9ls5kA/Rq97vz4 z48MFuBdCuu0W/fVqVjnY7LN5n+CQJwGC0MIA7QA/RyY7Sz2gFIOcrns0RpoHr+3WI+won3xCD8+ sVXSHZvCAP98HCjDnw/b0lGuCR7coTXKLIM44/LFWgXAdZjm1wjODbg4BFxCv50SCisGAQQBl1UB BQEBB0BG4iXnHX/fs35NWKMWQTQoRI7oiAUt0wJHFFJbomxXbAMBCAeIfgQYFggAJhYhBMS8Lds4 zOlkhevpwvIGkReQOOXGBQJcQr+dAhsMBQkB4TOAAAoJEPIGkReQOOXGe/cBAPlek5d9xzcXUn/D kY6jKmxe26CTws3ZkbK6Aa5Ey/qKAP0VuPQSCRxA7RKfcB/XrEphfUFkraL06Xn/xGwJ+D0hCw==
Date: Mon, 04 Nov 2019 16:07:03 -0500
Message-ID: <87ftj3pczs.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/RGVzTkNMCTv9vrUOSGy7vG-8GpA>
Subject: [lamps] Common Protected Header practice documented (was "Memory Hole")
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Nov 2019 21:07:11 -0000
Hey LAMPS folks--
At (and shortly after) the OpenPGP e-mail summit [0], a group of MUA
developers went ahead and documented the way that several of us have
been handling header protection in a backward-compatible way.
This bundle of techniques used to be known as "Memory Hole" a while back
but for a couple years now we've been calling it just "Protected
Headers", since "Memory Hole" was confusing and weird for some people.
Hopefully this document can serve as input for appendix A.1.1 of
draft-ietf-lamps-header-protection-requirements-01 [1].
The new draft is at:
https://datatracker.ietf.org/doc/draft-autocrypt-lamps-protected-headers/
(it's "draft-autocrypt-…" because it's not a single-person draft, and
because most of the experience we have in this comes from
implementations actively engaged in the Autocrypt project [2]. But it is
not a formal part of the Autocrypt specifications at this time, and it
is not intended to ever be limited to Autocrypt implementations.)
To whet your appetite, the summary:
-------
The Protected Headers scheme relies on three backward-compatible
changes to a cryptographically-protected e-mail message:
* Headers known to the composing MUA at message composition time are
(in addition to their typical placement as Exposed Headers on the
outside of the message) also present in the MIME header of the
root of the Cryptographic Payload. These Protected Headers share
cryptographic properties with the rest of the Cryptographic
Payload.
* When the Cryptographic Envelope includes encryption, any Exposed
Header MAY be _obscured_ by a transformation (including deletion).
* If the composing MUA intends to obscure any user-facing headers,
it MAY add a decorative "Legacy Display" MIME part to the
Cryptographic Payload which additionally duplicates the original
values of the obscured user-facing headers.
When a composing MUA encrypts a message, it SHOULD obscure the
"Subject:" header, by using the literal string "..." (three U+002E
FULL STOP characters) as the value of the exposed "Subject:" header.
When a receiving MUA encounters a message with a Cryptographic
Envelope, it treats the headers of the Cryptographic Payload as
belonging to the message itself, not just the subpart. In
particular, when rendering a header for any such message, the
renderer SHOULD prefer the header's Protected value over its Exposed
value.
A receiving MUA that understands Protected Headers and discovers a
Legacy Display part SHOULD hide the Legacy Display part when
rendering the message.
-------
Please don't be put off by the draft length -- nearly half of the
document consists of test vectors that implementers can use to verify
their ability to consume well-formed, protected-header messages.
I'd be happy to present this work in Singapore if there's space on the
agenda.
Feedback, critiques, comments, etc, are all welcome.
Regards,
--dkg
[0] https://wiki.gnupg.org/OpenPGPEmailSummit201910
[1] https://tools.ietf.org/html/draft-ietf-lamps-header-protection-requirements-01#appendix-A.1.1
[2] https://autocrypt.org/
- [lamps] Common Protected Header practice document… Daniel Kahn Gillmor
- Re: [lamps] Common Protected Header practice docu… Bernie Hoeneisen
- Re: [lamps] Common Protected Header practice docu… Alexey Melnikov
- Re: [lamps] Common Protected Header practice docu… Bernie Hoeneisen