Re: [lamps] S/MIME fix
Alexey Melnikov <alexey.melnikov@isode.com> Wed, 16 May 2018 14:54 UTC
Return-Path: <alexey.melnikov@isode.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C30F412DA13 for <spasm@ietfa.amsl.com>; Wed, 16 May 2018 07:54:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isode.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7GAbqiPWrzIx for <spasm@ietfa.amsl.com>; Wed, 16 May 2018 07:53:56 -0700 (PDT)
Received: from waldorf.isode.com (waldorf.isode.com [62.232.206.188]) by ietfa.amsl.com (Postfix) with ESMTP id 76A8712E8CC for <SPASM@ietf.org>; Wed, 16 May 2018 07:53:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1526482435; d=isode.com; s=june2016; i=@isode.com; bh=rJRJJj6Ugc/ruWjzKwvOc6qqK1J9khFTFYAHOdY5fVc=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=pR2ZCoMurYuVRCYZHxQUe7dM6rZKIubzTmGO69mq4QNOJbMxZM50j0bojJMFlXD6lqlhgN QX7BdR8hYPohZ4WvG6n1Dv8QqQPmjpksLT4sg+21W21fqW/koC16uInMahXa6ue4x+8MYO GHx/ga7UufquyBijMjhRWjBalHkgLI0=;
Received: from [172.20.1.215] (dhcp-215.isode.net [172.20.1.215]) by waldorf.isode.com (submission channel) via TCP with ESMTPSA id <WvxGAwAIWYVu@waldorf.isode.com>; Wed, 16 May 2018 15:53:55 +0100
From: Alexey Melnikov <alexey.melnikov@isode.com>
To: Phillip Hallam-Baker <phill@hallambaker.com>, SPASM <SPASM@ietf.org>
References: <CAMm+Lwj=VTBHYxH-iOaqEUHxALpBfSXWG3p0+xxUnY+o4CmGvA@mail.gmail.com> <559ab3c7-ee5f-22b9-ef02-c091765011d2@isode.com>
Message-ID: <1cf69c7f-9497-f816-3117-68a7be18767d@isode.com>
Date: Wed, 16 May 2018 15:53:39 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2
In-Reply-To: <559ab3c7-ee5f-22b9-ef02-c091765011d2@isode.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------A84341CFB3A537F8303B9F03"
Content-Language: en-GB
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/US_w41UTopMuPKpuZvWGY4JoeOk>
Subject: Re: [lamps] S/MIME fix
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 May 2018 14:54:09 -0000
On 16/05/2018 15:48, Alexey Melnikov wrote: > Hi Philip, > > On 16/05/2018 15:28, Phillip Hallam-Baker wrote: >> Looking at eFail, surely the simplest fix is to require that an HTML >> message body be presented in a single CMS envelope presented in a >> single MIME part? > > I am not sure what you mean here. A CMS envelope can contain > multipart/mixed within it, which is a perfectly valid use case (i.e. > if one wants to send some encrypted text together with some encrypted > attachments). > If you are talking about preventing the following construct: > > > content-type: multipart/mixed; > boundary=.f8231d7f-681b-442c-97cc-e6c5375d059d > > This is a multipart message in MIME format. > --.f8231d7f-681b-442c-97cc-e6c5375d059d > content-type: text/html > > ...some partial HTML... > --.f8231d7f-681b-442c-97cc-e6c5375d059d > content-disposition: inline; filename=smime.p7m > Content-Transfer-Encoding: base64 > content-type: application/pkcs7-mime; name=smime.p7m; smime-type=enveloped-data > > ...encrypted HTML... > --.f8231d7f-681b-442c-97cc-e6c5375d059d > content-type: text/html > > ...some partial HTML... > --.f8231d7f-681b-442c-97cc-e6c5375d059d-- > > i.e. a multipart/mixed that contains a mixture of text/html and > application/pkcs7-mime, then I might agree with you. Implementations that can validate HTML should check that each body part contains valid HTML. So if it detects partial HTML, it should reject displaying it or concatenating it into a single HTML object that might end up syntactically valid. > But this is not really an S/MIME feature, it is a generic MIME > feature. So maybe this WG should write a document on best S/MIME > implementation practices.
- Re: [lamps] S/MIME fix Alexey Melnikov
- [lamps] S/MIME fix Phillip Hallam-Baker
- Re: [lamps] S/MIME fix Alexey Melnikov
- Re: [lamps] S/MIME fix Russ Housley
- Re: [lamps] S/MIME fix Jim Schaad
- Re: [lamps] S/MIME fix Phillip Hallam-Baker
- Re: [lamps] S/MIME fix Alexey Melnikov
- Re: [lamps] S/MIME fix Tim Hollebeek
- Re: [lamps] S/MIME fix Phillip Hallam-Baker
- Re: [lamps] S/MIME fix Stephen Farrell
- Re: [lamps] S/MIME fix Adam Roach
- Re: [lamps] S/MIME fix Tim Hollebeek
- Re: [lamps] S/MIME fix Stephen Farrell
- Re: [lamps] S/MIME fix Russ Housley
- Re: [lamps] S/MIME fix Russ Housley
- Re: [lamps] S/MIME fix Adam Roach
- Re: [lamps] S/MIME fix Phillip Hallam-Baker
- Re: [lamps] S/MIME fix Adam Roach
- Re: [lamps] S/MIME fix Ryan Sleevi
- Re: [lamps] S/MIME fix Russ Housley
- Re: [lamps] S/MIME fix Ryan Sleevi
- Re: [lamps] S/MIME fix Phillip Hallam-Baker
- Re: [lamps] S/MIME fix Phillip Hallam-Baker