IETF Logo Mail Archive

[lamps] HP Issue - Obfuscation of Header Fields

Bernie Hoeneisen <bernie@ietf.hoeneisen.ch> Wed, 30 September 2020 20:17 UTC

Return-Path: <bernie@ietf.hoeneisen.ch>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28E6E3A0B6D for <spasm@ietfa.amsl.com>; Wed, 30 Sep 2020 13:17:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BSZ6-8d6WYMo for <spasm@ietfa.amsl.com>; Wed, 30 Sep 2020 13:17:35 -0700 (PDT)
Received: from softronics.hoeneisen.ch (softronics.hoeneisen.ch [IPv6:2a01:4f8:c0c:15fc::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 71DFD3A0B6C for <spasm@ietf.org>; Wed, 30 Sep 2020 13:17:35 -0700 (PDT)
Received: from localhost ([127.0.0.1]) by softronics.hoeneisen.ch with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.93) (envelope-from <bernie@ietf.hoeneisen.ch>) id 1kNiXd-0009it-P0 for spasm@ietf.org; Wed, 30 Sep 2020 22:17:33 +0200
Date: Wed, 30 Sep 2020 22:17:33 +0200
From: Bernie Hoeneisen <bernie@ietf.hoeneisen.ch>
X-X-Sender: bhoeneis@softronics.hoeneisen.ch
To: IETF LAMPS WG <spasm@ietf.org>
Message-ID: <alpine.DEB.2.22.394.2009302204580.1283@softronics.hoeneisen.ch>
User-Agent: Alpine 2.22 (DEB 394 2020-01-19)
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="US-ASCII"
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Mail-From: bernie@ietf.hoeneisen.ch
X-SA-Exim-Scanned: No (on softronics.hoeneisen.ch); SAEximRunCond expanded to false
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/SV-ZD2ZcfjOaliEHc1w7rHFcRls>
Subject: [lamps] HP Issue - Obfuscation of Header Fields
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Sep 2020 20:17:37 -0000

Below a summary of the issue on 'Obfuscation of Header Fields'. If anybody 
wishes to discuss this topic further or does not agree with the 
conclusion, please speek up within the next 10 days!

cheers,
  Bernie


Text from slide:
- Should we recommend any specific format for obfuscation?
   e.g.
   - Subject: ...
   - Subject: [...]
   - Date: Thu, 01 Jan 1970 00:00:00 +0000 (UTC)
     - Impact to certificate checking?
   - Date: <set to Monday 9am of the same week>
   - Message-ID: <a new randomly generated Message-ID>
   - From: Obfuscated <anonymous@anonymous.invalid>
   - To: Obfuscated <anonymous@anonymous.invalid>

- Impact to Spam filtering?


Conclusion at IETF-108 (as I understood):

- Only specify obfuscation if encryption is applied
- Only recommend obfuscation for the Subject HF, but not for
   Date HF, From HF, To HF

We did not discuss about whether or not to recommend a new Message-ID for 
the Outer Message, as the Message-ID often leaves a trace to the 
originator host. Unless there are strong reasons not to do so, I'd be in 
favour of recommending a new randomly generated Messsage-ID. Any opinions 
on this?

v2.23.0 | Report a Bug | By Email