IETF Logo Mail Archive

Re: [lamps] Draft addition of header protection to the LAMPS charter

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 07 January 2019 13:58 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5EA32130EA0 for <spasm@ietfa.amsl.com>; Mon, 7 Jan 2019 05:58:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.89
X-Spam-Level:
X-Spam-Status: No, score=-1.89 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hh1e4vYmTNY9 for <spasm@ietfa.amsl.com>; Mon, 7 Jan 2019 05:58:50 -0800 (PST)
Received: from che.mayfirst.org (che.mayfirst.org [IPv6:2001:470:1:116::7]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D158C130E9E for <spasm@ietf.org>; Mon, 7 Jan 2019 05:58:50 -0800 (PST)
Received: from fifthhorseman.net (ool-6c3a0662.static.optonline.net [108.58.6.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id 05D1FF99A; Mon, 7 Jan 2019 08:58:48 -0500 (EST)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 815E6201DC; Mon, 7 Jan 2019 08:58:41 -0500 (EST)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Bernie Hoeneisen <bernie@ietf.hoeneisen.ch>
Cc: spasm@ietf.org
In-Reply-To: <alpine.DEB.2.20.1901070854050.26171@softronics.hoeneisen.ch>
References: <20190104012415.AA6C3200C425F9@ary.qy> <87h8eonzxx.fsf@fifthhorseman.net> <alpine.DEB.2.20.1901051041470.26171@softronics.hoeneisen.ch> <87imz2lpi5.fsf@fifthhorseman.net> <alpine.DEB.2.20.1901070854050.26171@softronics.hoeneisen.ch>
Date: Mon, 07 Jan 2019 08:58:38 -0500
Message-ID: <87o98sk1rl.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/ek1PynuysbA13CjsCOWtqxOGItg>
Subject: Re: [lamps] Draft addition of header protection to the LAMPS charter
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Jan 2019 13:58:54 -0000

On Mon 2019-01-07 09:38:25 +0100, Bernie Hoeneisen wrote:
> What I remember from this basic websearch: In S/MIME isode, rebex, and a 
> couple of others (I don't remember the names anymore) appeared to 
> have implemented (full or partial) support for S/MIME version 3.1 / 3.2 
> Header Protection.

Isode is the implementation i was aware of.

Can you point me to the rebex implementation?  I see:

  https://www.rebex.net/secure-mail.net/features/s-mime.aspx

which says:

     Please note that only the message body is encrypted - everyone can
     still read the message headers such as From, To, Date or Subject.

If you could remember the names of the couple of others you found, or
dig them back up with another websearch, that'd be great.

> Anyways, the total number of implementations is likely rather low.

yep, that seems to be the consensus on the list.

> Maybe others on this list have further information on the implementation 
> situation of Header Protection in S/MIME, which they may want to share 
> here.

agreed, that would be great.

> Outside the S/MIME world, I can refer to the four implementations that 
> support pEp (pretty Easy privacy). pEp is specified to perform Header 
> protection (almost) the same way as described in RFC 5751.

RFC 5751 doesn't cover anything outside of S/MIME, but i agree with you
-- i want whatever header protection LAMPS specifies to work for
PGP/MIME as well.  Can you explain what the "(almost)" means in the
paragraph above?

Are you talking about "pEp email format 1" or "pEp email format 2" of
https://pep.foundation/dev/repos/internet-drafts/file/tip/pep-email/draft-marques-pep-email.mkd
or are you talking about something else?

it doesn't look to me like either of those two formats specifically are
related to RFC 5751-style headers protection -- there's no mention of
message/rfc822 content-type in the text, or in the examples, and the
headers aren't positioned as headers, but instead they're included "as
the first line" of the body (which i confess i don't understand if the
Content-Type is anything other than text/plain).

Anyway, i don't mean to have the design discussion in this thread, i'm
just trying to gather information about what's actually implementing and
using RFC 5751, so we can determine how to represent it accurately in
the charter text (if we refer to it at all).

Can we settle on a single proposal?

        --dkg

v2.23.0 | Report a Bug | By Email