Re: [lamps] HP Issue - Obfuscation of Header Fields
Russ Housley <housley@vigilsec.com> Wed, 30 September 2020 21:21 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CC143A0BB0 for <spasm@ietfa.amsl.com>; Wed, 30 Sep 2020 14:21:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lB4RetY6L3BJ for <spasm@ietfa.amsl.com>; Wed, 30 Sep 2020 14:21:53 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 72F273A0B8F for <spasm@ietf.org>; Wed, 30 Sep 2020 14:21:53 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id CB1AF300AA2 for <spasm@ietf.org>; Wed, 30 Sep 2020 17:21:50 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 1V4XwsTMdrYy for <spasm@ietf.org>; Wed, 30 Sep 2020 17:21:49 -0400 (EDT)
Received: from a860b60074bd.fios-router.home (pool-141-156-161-153.washdc.fios.verizon.net [141.156.161.153]) by mail.smeinc.net (Postfix) with ESMTPSA id 6B7FF300A26; Wed, 30 Sep 2020 17:21:49 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.17\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <alpine.DEB.2.22.394.2009302204580.1283@softronics.hoeneisen.ch>
Date: Wed, 30 Sep 2020 17:21:50 -0400
Cc: IETF LAMPS WG <spasm@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <6874A1B2-AD64-413B-ABEF-765F1231657A@vigilsec.com>
References: <alpine.DEB.2.22.394.2009302204580.1283@softronics.hoeneisen.ch>
To: Bernie Hoeneisen <bernie@ietf.hoeneisen.ch>
X-Mailer: Apple Mail (2.3445.104.17)
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/fM-Pk_nfuFPU75IebHxa1amrd94>
Subject: Re: [lamps] HP Issue - Obfuscation of Header Fields
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Sep 2020 21:21:55 -0000
The thing I recall is that we only want to obfuscate the Subject. I recall someone suggested "Encrypted Message". Also, the obfuscation should be at the senders discretion. Russ > On Sep 30, 2020, at 4:17 PM, Bernie Hoeneisen <bernie@ietf.hoeneisen.ch> wrote: > > Below a summary of the issue on 'Obfuscation of Header Fields'. If anybody wishes to discuss this topic further or does not agree with the conclusion, please speek up within the next 10 days! > > cheers, > Bernie > > > Text from slide: > - Should we recommend any specific format for obfuscation? > e.g. > - Subject: ... > - Subject: [...] > - Date: Thu, 01 Jan 1970 00:00:00 +0000 (UTC) > - Impact to certificate checking? > - Date: <set to Monday 9am of the same week> > - Message-ID: <a new randomly generated Message-ID> > - From: Obfuscated <anonymous@anonymous.invalid> > - To: Obfuscated <anonymous@anonymous.invalid> > > - Impact to Spam filtering? > > > Conclusion at IETF-108 (as I understood): > > - Only specify obfuscation if encryption is applied > - Only recommend obfuscation for the Subject HF, but not for > Date HF, From HF, To HF > > We did not discuss about whether or not to recommend a new Message-ID for the Outer Message, as the Message-ID often leaves a trace to the originator host. Unless there are strong reasons not to do so, I'd be in favour of recommending a new randomly generated Messsage-ID. Any opinions on this? > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm
- [lamps] HP Issue - Obfuscation of Header Fields Bernie Hoeneisen
- Re: [lamps] HP Issue - Obfuscation of Header Fiel… Russ Housley
- Re: [lamps] HP Issue - Obfuscation of Header Fiel… Jonathan Hammell
- Re: [lamps] HP Issue - Obfuscation of Header Fiel… Bernie Hoeneisen