Re: [Spasm] Updating S/MIME handling of message/rfc822?
Alexey Melnikov <alexey.melnikov@isode.com> Fri, 20 May 2016 08:49 UTC
Return-Path: <alexey.melnikov@isode.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0182A12D55D for <spasm@ietfa.amsl.com>; Fri, 20 May 2016 01:49:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.425
X-Spam-Level:
X-Spam-Status: No, score=-3.425 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isode.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BJcrNCRxN0uV for <spasm@ietfa.amsl.com>; Fri, 20 May 2016 01:49:23 -0700 (PDT)
Received: from waldorf.isode.com (waldorf.isode.com [62.232.206.188]) by ietfa.amsl.com (Postfix) with ESMTP id 2E1F512D0B0 for <spasm@ietf.org>; Fri, 20 May 2016 01:49:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1463734162; d=isode.com; s=selector; i=@isode.com; bh=HW3iknwG+Iu/uUqA8Z8qkejNRtdhnxIh8NRYCDzUcwM=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=bIzPRa7EfcrAzBFHFZsTmoseovlf0QagLK/rxEaZaFWr8qyCIkrKPAT3kLPjPxCH3GIzDE GY2YgrzgOgL/n6Ys4hbBQhu1FajABcNqCBJJvNTu+QcVPfqJ0rdd3vAtD1KRpSIHLbnN+6 QDPUhRxmOkvM7ukcwkrBR+tgxELlHu4=;
Received: from [192.168.0.6] (cpc5-nmal20-2-0-cust24.19-2.cable.virginm.net [92.234.84.25]) by waldorf.isode.com (submission channel) via TCP with ESMTPSA id <Vz7PkQBntKS2@waldorf.isode.com>; Fri, 20 May 2016 09:49:22 +0100
X-SMTP-Protocol-Errors: PIPELINING
From: Alexey Melnikov <alexey.melnikov@isode.com>
X-Mailer: iPad Mail (13E238)
In-Reply-To: <CAAFsWK3QCidCOaPnRU9ddZOWCiu+3szAG=8m=DaaCVJc+LWWww@mail.gmail.com>
Date: Fri, 20 May 2016 09:57:42 +0100
Message-Id: <30C73B49-D0EF-4E8B-8268-0FDFCB2BDE13@isode.com>
References: <CAAFsWK0hHQySouJPQZBfDVKTJdoyY7HLEoVAD=tbFhDhNyjLxg@mail.gmail.com> <CAAFsWK3QCidCOaPnRU9ddZOWCiu+3szAG=8m=DaaCVJc+LWWww@mail.gmail.com>
To: Wei Chuang <weihaw@google.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="Apple-Mail-EACBF82A-35D1-4B57-9E7C-A175B783654F"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/spasm/YcX0QmOHHwdcqHO9WsaB-UUPbfw>
Cc: spasm@ietf.org
Subject: Re: [Spasm] Updating S/MIME handling of message/rfc822?
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 May 2016 08:49:25 -0000
Hi, > On 19 May 2016, at 18:59, Wei Chuang <weihaw@google.com> wrote: > > In case anyone is interested in this topic, I found this draft that provides a better direction than what I had proposed. > > https://tools.ietf.org/html/draft-melnikov-smime-header-signing-01 Feel free to borrow text and fold it into other documents. > -Wei > >> On Fri, May 13, 2016 at 4:09 PM, Wei Chuang <weihaw@google.com> wrote: >> Hi, >> >> I would like to propose that draft-schaad-rfc5751-bis-00 further specify >> handling message/rfc822 processing and specify how to merge message headers from >> decrypted/decoded non message/rfc822 types mime parts. If we can clarify header >> processing this could provide significant improvement in privacy as revealing >> headers like subject can reveal a great deal about the content of the message >> and even metadata like date can be used with traffic analysis to reveal hidden >> recipients (Bcc). >> >> There already exists "Securing Header Fields" as experimental RFC7508. This >> proposes that certain message header fields are signed and verified, and >> optionally can replace or delete the field. This provides a high degree of >> flexibility and one approach would be to standard track this. But this RFC >> requires a fairly significant change to S/MIME / CMS processing steps, and there >> would be a deployed base that would find it difficult to interoperate with. >> Another more feasibile approach is to clarify RFC5751 message/rfc822 language. >> Likely this can get most of the header hiding benefit with a smaller change to >> CMS processing. >> >> This proposes that if it is desirable to protect header integrity and privacy >> that message/rfc822 be used as specifed in RFC5280. However this instead of >> presenting both the outer header (original) and the inner header >> (message/rfc822) part to the recipient, this proposes that when the CMS >> processing is done, the inner headers in message/rfc822 update the outer ones. >> If there is a conflict between the inner and outer, then the inner header >> replaces the outer ones. Body content in message/rfc822 part replaces that of >> the parent as well. Further there should a signed attribute that tells the >> recipient to protect header integrity and privacy upon reply or forwarding of >> the message. There also should be a capability specified as well. Before >> sending the message implementations would move these headers to the >> message/rfc822 part, leaving those header fields unspecified in the sent >> outer message header. >> >> Compliant implementations should protect at least these message headers: >> Subject >> Date >> References >> Message-ID >> Keywords >> Original-XXX >> This list is not meant to be exhaustive. A complete list generated >> from (http://www.iana.org/assignments/message-headers/message-headers.xhtml) can >> be done at a later time. This list also makes no attempt to hide transport >> artifacts like the trace headers as these are outside of the control of the >> sender and recipient, or the sender and recipient headers as these are needed by >> transport. (Other much more heavy weight approaches are better suited to handle >> hiding those headers) >> >> thanks, >> -Wei > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm
- [Spasm] Updating S/MIME handling of message/rfc82… Wei Chuang
- Re: [Spasm] Updating S/MIME handling of message/r… Wei Chuang
- Re: [Spasm] Updating S/MIME handling of message/r… Alexey Melnikov