Re: [lamps] Robert Wilton's Yes on draft-ietf-lamps-e2e-mail-guidance-15: (with COMMENT)
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 13 March 2024 22:35 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D239BC151990; Wed, 13 Mar 2024 15:35:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.312
X-Spam-Level:
X-Spam-Status: No, score=-1.312 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b="3kpcugGV"; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b="xy7s2iTz"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4gKiAprzZL9q; Wed, 13 Mar 2024 15:35:48 -0700 (PDT)
Received: from che.mayfirst.org (unknown [162.247.75.117]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C12A3C14F70E; Wed, 13 Mar 2024 15:35:47 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1710369345; h=from : to : cc : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=YOicAwj4M2of9SNihu9N3l/QhMQC04aYDFMnTDjcgfI=; b=3kpcugGVTeEYFdc8THqIHczO0GxkwH9i646HVA9vaP2xPL8azJ4IQYXrga8ZyQF29e4KR lGdDpbDYdhy72wKBA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1710369344; h=from : to : cc : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=YOicAwj4M2of9SNihu9N3l/QhMQC04aYDFMnTDjcgfI=; b=xy7s2iTzKkUb/qEOJ3p1GkynmLFlv9ClIdjxexkLWC08N6UfGknsc9DH0LFx53U2ylvd6 mdMkh3pmJm7uNTp2JuMXrQLj4a8yXEIGTgn6XRrPbRzxYrCbdYK+zqEkyYBUdc33Gfuk4eL 4ClCT7oxnFjqsWe57Y+DEEU3wFPNgie0OhNlKRjZmJ0O0B6NtCPuaH/6wvxKKE2Ht6bc2H8 ZQOQVjJQRixFcaGMQvP4KAwKvWdlJ1NXRK2X6/sT5jFWC63Uc4tP04Qs6MrI+cpydjwIoCR nr7MifhW7B44yOw5QpQ2nK3iWugZRtiu7GkU8+2EhX6Fe3uedmryCjY/p2nQ==
Received: from fifthhorseman.net (lair.fifthhorseman.net [108.58.6.98]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id 64F65F9D8; Wed, 13 Mar 2024 18:35:44 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 3FC5A212D9; Wed, 13 Mar 2024 18:04:18 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Robert Wilton <rwilton@cisco.com>, The IESG <iesg@ietf.org>
Cc: draft-ietf-lamps-e2e-mail-guidance@ietf.org, lamps-chairs@ietf.org, spasm@ietf.org, housley@vigilsec.com, housley@vigilsec.com, Aron Wussler <aron@wussler.it>
In-Reply-To: <170954923473.2121.3641123688950954795@ietfa.amsl.com>
References: <170954923473.2121.3641123688950954795@ietfa.amsl.com>
Autocrypt: addr=Daniel Kahn Gillmor; prefer-encrypt=mutual; keydata= xjMEZXEJyxYJKwYBBAHaRw8BAQdA5BpbW0bpl5qCng/RiqwhQINrplDMSS5JsO/YO+5Zi7HCi QQfFgoAMQWCZadnIAUJBdtHCwMLCQcDFQoIApsBAh4BFiEE1HcEDHDCFWpcKYVJu36RAUlea/ cACgkQu36RAUlea/edDQD+M2QjnoEyu/TjI+gRXBpXQ5jCsnnp9FdYhaSSUW/vZ8kBAJByWlj A9aMfVaVrmvgcYw7jzJz+gmZspBRB++5LZ20NzRc8ZGtnQGZpZnRoaG9yc2VtYW4ubmV0PsLA EQQTFgoAeQMLCQdHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnEu/CS CeyWwC6j4ihJr2u/z6delsF1pvYW3ufgf1L538DFQoIApsBAh4BFiEE1HcEDHDCFWpcKYVJu3 6RAUlea/cFAmWnX5AFCQXZ8EUACgkQu36RAUlea/cjVwD+ONjdHM74rAa6EEiiqaPjlptiaZx CVqFYXnib6EbZARkBAPnnR8pW8vCBnDXHKu65jNqwF3aH761NaOqqMFfppg8GzjMEZXEJyxYJ KwYBBAHaRw8BAQdAjX25Fq2Q9IUFeHy6yByIQPBnFOedFliuEiCIUzJsENDCwMUEGBYKAS1HF AAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnwqKWsw56uoWVLIFcs7ZecJ gwpsSNevWCzbviKQ8yRLUCmwK+oAQZFgoAbwWCZXEJywkQdy0WHjXNS4FHFAAAAAAAHgAgc2F sdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnEIJSOxuw2y/UJmg5M3BLpN0JYjODZpXiEVFu 1byARzMWIQR0vATEPYYIS+hnLAZ3LRYeNc1LgQAAsH8BAKg1C5LK/D7pSkXCD+jfTSP+CqM58 iHLjh4vKhpOKsTJAQCHldtEjxJ1ksPTFgG9HihHH7qc6/wvvLw77ETMpwlrAxYhBNR3BAxwwh VqXCmFSbt+kQFJXmv3BQJlp1+rBQkCF4lgAAoJELt+kQFJXmv3ydsA/2roQZ2Jm/7iUrg/2C5 ClWA/xbvPC31LyMkGGH2/rq8tAP9BgqLuCPnNTVPqeX9+9qqMmaFq7wmvjq5I+yycAw9CDc44 BGVxCcsSCisGAQQBl1UBBQEBB0BZMsRrRaaeFSYMF1ZdfRmVgBriDUIr99eDQ085BK14DgMBC AfCwAYEGBYKAG5HFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnsazAWX tEHUPmSTmcRZAIsAsNiO8k0hdjsfRlRVipgJgCmwwWIQTUdwQMcMIValwphUm7fpEBSV5r9wU CZadfqwUJAheJYAAKCRC7fpEBSV5r90AjAPwLgY1iKiFJEj32SVD5f721929l79VxQB5FlQss x1n5kQEA6Uct2tPvbB6T7p5KG3Gl+tbi7oJAuxFmpkpW5/N2Owg=
Date: Wed, 13 Mar 2024 18:04:16 -0400
Message-ID: <871q8daivz.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/ZzhkeA8XdYQrkvoeI0oZEuYS2T4>
Subject: Re: [lamps] Robert Wilton's Yes on draft-ietf-lamps-e2e-mail-guidance-15: (with COMMENT)
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: This is the mail list for the LAMPS Working Group <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Mar 2024 22:35:52 -0000
Hi Robert-- Thanks for your review of draft-ietf-lamps-e2e-mail-guidance! I've addressed most of your nits in https://gitlab.com/dkg/e2e-mail-guidance/-/merge_requests/13, which we should be able to merge soon. A brief reply below about something i offered no concrete change for: On Mon 2024-03-04 02:47:14 -0800, Robert Wilton via Datatracker wrote: > (2) p 26, sec 6.4. Signature failures > > A conformant MUA MUST NOT render a message with a failed signature as > more dangerous or more dubious than a comparable message without any > signature at all. In both cases, the Cryptographic Summary should be > Unprotected. > > Does it still make sense to flag the failed signature at all, e.g., so > potentially the receiver can warn the sender that their signature is failing? I love the idea of enabling useful feedback for this kind of thing. But the question about what to do for a failed signature seems wrapped up tightly with what to do with a *missing* signature. Surely if an attacker wants to break a signature without alerting the sender of the breakage, they can just strip it, to avoid the warning. As such, a streamlined means for providing feedback about failed or missing signatures probably needs to be designed around a mechanism related to whether to *expect* a signature in the first place. You can see a sketch of this kind of work at https://datatracker.ietf.org/doc/draft-dkg-lamps-expect-signed-mail/ , which Aron Wussler and i presented at SECDISPATCH in IETF 118. But there are some thorny questions in there, and it's not at a stage where it can be incorporated clearly in the e2e-mail-guidance document, though the "Future Work" section does explicitly call for more work on "Expectations of Cryptographic Protection". If you (or anyone) are interested in this work, it would be great to get more feedback on it. Regards, --dkg
- [lamps] Robert Wilton's Yes on draft-ietf-lamps-e… Robert Wilton via Datatracker
- Re: [lamps] Robert Wilton's Yes on draft-ietf-lam… Daniel Kahn Gillmor