IETF Logo Mail Archive

Re: [lamps] Proposed addition of header protection to the LAMPS charter

Hernâni Marques (p≡p foundation) <hernani.marques@pep.foundation> Wed, 07 November 2018 05:29 UTC

Return-Path: <hernani.marques@pep.foundation>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44A6B130E1A for <spasm@ietfa.amsl.com>; Tue, 6 Nov 2018 21:29:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.621
X-Spam-Level:
X-Spam-Status: No, score=-1.621 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FROM_EXCESS_BASE64=0.979, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zLQdPRejMomU for <spasm@ietfa.amsl.com>; Tue, 6 Nov 2018 21:29:31 -0800 (PST)
Received: from dragon.pibit.ch (dragon.pibit.ch [94.231.81.244]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B9964127333 for <spasm@ietf.org>; Tue, 6 Nov 2018 21:29:30 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by dragon.pibit.ch (Postfix) with ESMTP id 118E7171C06C; Wed, 7 Nov 2018 06:29:28 +0100 (CET)
Received: from dragon.pibit.ch ([127.0.0.1]) by localhost (dragon.pibit.ch [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oedAchDsJgvc; Wed, 7 Nov 2018 06:29:25 +0100 (CET)
Received: from [192.168.43.177] (unknown [1.46.42.239]) by dragon.pibit.ch (Postfix) with ESMTPSA id 3867A171C057; Wed, 7 Nov 2018 06:29:22 +0100 (CET)
To: Alexey Melnikov <alexey.melnikov@isode.com>, John Levine <johnl@taugh.com>
Cc: spasm@ietf.org, housley@vigilsec.com
References: <20181106045754.7331F2007FC274@dhcp-8071.meeting.ietf.org> <987D26CC-FB16-4266-BC72-96AE9AE8FE3A@isode.com>
From: "Hernâni Marques (p≡p foundation)" <hernani.marques@pep.foundation>
Openpgp: id=31733E0C598D3A1CF70955D6CB5738652768F7E9
Message-ID: <0195d3fd-a8e8-815a-25fa-db862289211c@pep.foundation>
Date: Wed, 07 Nov 2018 06:29:20 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.3.0
MIME-Version: 1.0
In-Reply-To: <987D26CC-FB16-4266-BC72-96AE9AE8FE3A@isode.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="TlPDpdB4EKLU6UD3DjPu0wlCRbKihucS1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/_l8sWgatgET6UNHOihPIlKfPoYs>
Subject: Re: [lamps] Proposed addition of header protection to the LAMPS charter
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Nov 2018 05:29:33 -0000

On 06.11.18 06:29, Alexey Melnikov wrote:

>> On 6 Nov 2018, at 11:57, John Levine <johnl@taugh.com> wrote:
>>
>> In article <DC188C55-6FDE-4E64-9151-54815E96B50B@vigilsec.com> you write:
>>> 3) If it results in an RFC, would you implement?
>>
>> Not to be an old grouch or anything, but anything that affects mail
>> user interfaces is dismayingly hard to do well and easy to do in ways
>> that nobody wants to use.  When we were looking at anti-DMARC hacks
>> for the IETF mailing lists I wrote a mail reflector that wrapped
>> messages in various ways and sent them back so people could see how
>> they looked in their mail programs.  The only thing that was
>> consistent from one MUA to another was that they looked awful.
>>
>> I think header protection is a fine idea, but without some code to try
>> and see if it's usable, we're far too likely to end up with yet
>> another paper spec.
> 
> I am planning to test existing S/MIME clients that are ignorant of header protection to see how they behave. My hope is that one of 2 proposals described in my draft will result in much better UI experience for such clients. I will send results of my testing to the mailing list.

From pEp side we can also provide valuable feedback how things behave in
the field, as we're running extensive interoperability / doing trials in
within larger companies and for that adapting: e.g., there exist
extensive tests for the Microsoft world in S/MIME and PGP contexts (e.g,
w/ Symantec PGP).

-- 
p≡p foundation: https://pep.foundation/

v2.23.0 | Report a Bug | By Email