Re: [lamps] Suresh Krishnan's No Objection on draft-ietf-lamps-eai-addresses-15: (with COMMENT)
Suresh Krishnan <Suresh@kaloom.com> Tue, 13 February 2018 03:53 UTC
Return-Path: <Suresh@kaloom.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D7D8126C89; Mon, 12 Feb 2018 19:53:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kaloom.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3tmvbIyGWYNo; Mon, 12 Feb 2018 19:53:22 -0800 (PST)
Received: from CAN01-TO1-obe.outbound.protection.outlook.com (mail-eopbgr670131.outbound.protection.outlook.com [40.107.67.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6A671120227; Mon, 12 Feb 2018 19:53:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kaloom.onmicrosoft.com; s=selector1-kaloom-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Vx4eu2VG8DBuOkQCc53ZE6gF8Y5rtO+4oTTM6YqO5O4=; b=I1gqnKsnM+SRw+TAbupT0ZS02OCCbe7RJzNHaZAx8eSJu/66oN1n622tavjZZObTO2Xc0kuBDF0bNPDKRAK9BZ7uLpR543zBphTP9y5Z+MLfWOMbd/nvNyy4zveBIgpGYN3ium9RhkooDkCmAngCBlX6YW82L8Tb2Cb7Su/c7qA=
Received: from YQXPR0101MB2054.CANPRD01.PROD.OUTLOOK.COM (52.132.77.143) by YQXPR0101MB2152.CANPRD01.PROD.OUTLOOK.COM (52.132.79.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.485.10; Tue, 13 Feb 2018 03:53:20 +0000
Received: from YQXPR0101MB2054.CANPRD01.PROD.OUTLOOK.COM ([fe80::2903:f315:10e0:c9c9]) by YQXPR0101MB2054.CANPRD01.PROD.OUTLOOK.COM ([fe80::2903:f315:10e0:c9c9%13]) with mapi id 15.20.0485.016; Tue, 13 Feb 2018 03:53:20 +0000
From: Suresh Krishnan <Suresh@kaloom.com>
To: Alexey Melnikov <aamelnikov@fastmail.fm>
CC: "spasm@ietf.org" <spasm@ietf.org>, "lamps-chairs@ietf.org" <lamps-chairs@ietf.org>, "draft-ietf-lamps-eai-addresses@ietf.org" <draft-ietf-lamps-eai-addresses@ietf.org>, "housley@vigilsec.com" <housley@vigilsec.com>, The IESG <iesg@ietf.org>
Thread-Topic: Suresh Krishnan's No Objection on draft-ietf-lamps-eai-addresses-15: (with COMMENT)
Thread-Index: AQHTivbpv1XskNCM9kSVrS36C/KQcaOgjUIAgAA4aoCAASDEgA==
Date: Tue, 13 Feb 2018 03:53:20 +0000
Message-ID: <31F17EFC-2DE2-4614-BAC7-6822E7C152C5@kaloom.com>
References: <151564026499.22453.4457143592887035396.idtracker@ietfa.amsl.com> <1515687117.1257366.1232046744.30F6CC88@webmail.messagingengine.com> <39EBFE0E-F7D5-4257-9254-CEC8D15C4435@kaloom.com> <1518431987.1831236.1267758584.2A4EF883@webmail.messagingengine.com>
In-Reply-To: <1518431987.1831236.1267758584.2A4EF883@webmail.messagingengine.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [45.19.110.76]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; YQXPR0101MB2152; 7:V9Es0SrsBT7S9WOrwOXUIrHt90aYJIMl4hyd5GcvJsQ63pTljdGGQDBsAceFwKYTGNr6uQSwX7yJZE+dObsfB1vdjfM6SkanDkvEloCU+sXAuaoK2yCLPaNKkqz1iGX9m/nWAnC615o/j26qOwrR3mdFaDfsstBxVM24tisWFSz/qR/fTp+jma9bO2ynLnLVmTl40bo97qUdpmg6UJmOUk560TLU/5ILb/FB/9ROvAsl56OKdSqo/aaXw+hqenNT
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: ee7bfd74-9e3c-4507-c3e4-08d5729552b2
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(7021125)(5600026)(4604075)(3008032)(4534165)(7022125)(4603075)(4627221)(201702281549075)(7048125)(7024125)(7027125)(7028125)(7023125)(2017052603307)(7153060)(7193020); SRVR:YQXPR0101MB2152;
x-ms-traffictypediagnostic: YQXPR0101MB2152:
x-microsoft-antispam-prvs: <YQXPR0101MB2152AE9C3B8867F5F18D5E5AB4F60@YQXPR0101MB2152.CANPRD01.PROD.OUTLOOK.COM>
x-exchange-antispam-report-test: UriScan:(192374486261705);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(10201501046)(3231101)(944501161)(6041288)(20161123560045)(20161123562045)(20161123564045)(20161123558120)(2016111802025)(6043046)(6072148)(201708071742011); SRVR:YQXPR0101MB2152; BCL:0; PCL:0; RULEID:; SRVR:YQXPR0101MB2152;
x-forefront-prvs: 0582641F53
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39830400003)(346002)(366004)(376002)(39380400002)(396003)(189003)(199004)(31014005)(80792005)(229853002)(36756003)(2900100001)(99286004)(68736007)(2906002)(97736004)(54906003)(316002)(5660300001)(3660700001)(3280700002)(7736002)(26005)(5250100002)(3846002)(186003)(6116002)(6346003)(82746002)(83716003)(102836004)(76176011)(93886005)(53546011)(6506007)(59450400001)(86362001)(14454004)(53936002)(33656002)(8666007)(25786009)(6486002)(72206003)(81156014)(8676002)(81166006)(106356001)(4326008)(6436002)(6916009)(2950100002)(236005)(54896002)(6246003)(478600001)(8936002)(66066001)(105586002)(6512007); DIR:OUT; SFP:1102; SCL:1; SRVR:YQXPR0101MB2152; H:YQXPR0101MB2054.CANPRD01.PROD.OUTLOOK.COM; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: kaloom.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Suresh@kaloom.com;
x-microsoft-antispam-message-info: 5DdhL4gnnWxd1GEvtith/Eyuhf/mqbhWd28bq8E+RI2ECsrzY0odUZ0utSG2w/ez18/AbXYr/ZnCi3z/HtiLMQ==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_31F17EFC2DE24614BAC76822E7C152C5kaloomcom_"
MIME-Version: 1.0
X-OriginatorOrg: kaloom.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ee7bfd74-9e3c-4507-c3e4-08d5729552b2
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Feb 2018 03:53:20.4684 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 47d58e26-f796-48e8-ac40-1c365c204513
X-MS-Exchange-Transport-CrossTenantHeadersStamped: YQXPR0101MB2152
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/Zs21OXLdqlOs3-YAYT_lkf0pfRw>
Subject: Re: [lamps] Suresh Krishnan's No Objection on draft-ietf-lamps-eai-addresses-15: (with COMMENT)
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Feb 2018 03:53:25 -0000
Hi Alexey, On Feb 12, 2018, at 5:39 AM, Alexey Melnikov <aamelnikov@fastmail.fm<mailto:aamelnikov@fastmail.fm>> wrote: Hi Suresh, On Mon, Feb 12, 2018, at 7:17 AM, Suresh Krishnan wrote: Hi Alexey, On Jan 11, 2018, at 11:11 AM, Alexey Melnikov <aamelnikov@fastmail.fm<mailto:aamelnikov@fastmail.fm>> wrote: Hi Suresh, On Thu, Jan 11, 2018, at 3:11 AM, Suresh Krishnan wrote: Suresh Krishnan has entered the following ballot position for draft-ietf-lamps-eai-addresses-15: No Objection I think some of the comparison issues brought up in RFC6943 might be relevant in the Security Considerations here. Can you be more specific? Are you thinking about confusable characters or about something else? Yep. Exactly about visually confusable characters. The document already covers that: 7. Security Considerations Use of SmtpUTF8Mailbox for certificate subjectAltName (and issuerAltName) will incur many of the same security considerations as in Section 8 in [RFC5280], but introduces a new issue by permitting non-ASCII characters in the email address local-part. This issue, as mentioned in Section 4.4 of [RFC5890] and in Section 4 of [RFC6532], is that use of Unicode introduces the risk of visually similar and identical characters which can be exploited to deceive the recipient. The former document references some means to mitigate against these attacks. I looked at RFC 6943. While it is a good document, I don't see an obvious way of referencing it. There is so much material there unrelated to Internationalization, so it is difficult to find a useful way of referencing it. If you have some specific suggestions, please let me know. I thought of putting in a reference to Section 4.2. of RFC6943 could be useful especially since I personally found the reference to [WEBER] there very useful to understand the potential attacks. That said, maybe that is only because I am a total outsider to this space and these could be well understood attacks in the community that is the target of the draft. I am fine to proceed without adding a reference. Thanks for checking to see if this is covered. Regards Suresh
- [lamps] Suresh Krishnan's No Objection on draft-i… Suresh Krishnan
- Re: [lamps] Suresh Krishnan's No Objection on dra… Alexey Melnikov
- Re: [lamps] Suresh Krishnan's No Objection on dra… Eric Rescorla
- Re: [lamps] Suresh Krishnan's No Objection on dra… Suresh Krishnan
- Re: [lamps] Suresh Krishnan's No Objection on dra… Alexey Melnikov
- Re: [lamps] Suresh Krishnan's No Objection on dra… Suresh Krishnan
- Re: [lamps] Suresh Krishnan's No Objection on dra… Russ Housley
- Re: [lamps] Suresh Krishnan's No Objection on dra… Eric Rescorla
- Re: [lamps] Suresh Krishnan's No Objection on dra… Alexey Melnikov
- Re: [lamps] Suresh Krishnan's No Objection on dra… Suresh Krishnan