IETF Logo Mail Archive

Re: [lamps] S/MIME fix

Russ Housley <housley@vigilsec.com> Thu, 17 May 2018 18:58 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA500127058 for <spasm@ietfa.amsl.com>; Thu, 17 May 2018 11:58:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uz70v5U80Iyw for <spasm@ietfa.amsl.com>; Thu, 17 May 2018 11:58:04 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7CC06126C25 for <SPASM@ietf.org>; Thu, 17 May 2018 11:58:04 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 65A1B300A2D for <SPASM@ietf.org>; Thu, 17 May 2018 14:58:02 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 2vj2ZItHmeWI for <SPASM@ietf.org>; Thu, 17 May 2018 14:58:01 -0400 (EDT)
Received: from a860b60074bd.home (pool-108-45-101-150.washdc.fios.verizon.net [108.45.101.150]) by mail.smeinc.net (Postfix) with ESMTPSA id E6C85300435; Thu, 17 May 2018 14:58:00 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Message-Id: <858D7264-5B1D-4834-B122-CE49C1B89A32@vigilsec.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_46A27AF6-0D02-4B1E-AEA7-7B3C80A52A26"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Thu, 17 May 2018 14:58:01 -0400
In-Reply-To: <CAErg=HF9hMZwPsZUAK81WigdmGLTGaRK7bJ=BrjnHhjBWvYNLg@mail.gmail.com>
Cc: SPASM <SPASM@ietf.org>
To: Ryan Sleevi <ryan-ietf@sleevi.com>
References: <CAMm+Lwj=VTBHYxH-iOaqEUHxALpBfSXWG3p0+xxUnY+o4CmGvA@mail.gmail.com> <BN6PR14MB1106A2890EE8B9243B4EA08C83920@BN6PR14MB1106.namprd14.prod.outlook.com> <CAMm+LwhuBoQ1VHQy-=E2FODYq4Fnzs8e24Yqyfg4akwQTsqc=w@mail.gmail.com> <1e8468d7-da6c-62f1-e24b-1ee03df22606@cs.tcd.ie> <e678276f-79c2-ec3c-7df5-f70794740f77@nostrum.com> <AB332E06-E1F5-4E82-9EF8-B49846865DAC@vigilsec.com> <f623981f-a379-4a94-0fda-a765a8318841@nostrum.com> <CAMm+LwjFqv4JiRLTBAcZB+EvBC0nH53jgBaCfFfaGTa5QSbrZw@mail.gmail.com> <c6424d23-493c-8831-41c1-2ebcc808b7c9@nostrum.com> <CAErg=HF9hMZwPsZUAK81WigdmGLTGaRK7bJ=BrjnHhjBWvYNLg@mail.gmail.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/fhCJuCRZ5MNXZ6HeU8Qsj-9E3J8>
Subject: Re: [lamps] S/MIME fix
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 May 2018 18:58:07 -0000

Ryan:

It seems to me that the LAMPS WG should say something about how to avoid the eFail attack in the Security Considerations of draft-ietf-lamps-rfc5751.

Russ


> On May 17, 2018, at 2:53 PM, Ryan Sleevi <ryan-ietf@sleevi.com> wrote:
> 
> I'm having trouble understanding how the current discussion relates to the LAMPS work. It sounds from Phil's initial message, is that this isn't related to LAMPS. There's been suggestions that this might be the CA/Browser Forum (despite the CA/Browser Forum not even having a proposed charter to clean this up), that this might be a W3C/WHATWG issue (despite the browsers explicitly rejecting some of these proposals), or perhaps somewhere else.
> 
> For my own understanding, is there a concrete proposal for either a document or work LAMPS should take on? Otherwise, would it be better to have this discussion elsewhere?
> 
> On Thu, May 17, 2018 at 11:51 AM, Adam Roach <adam@nostrum.com <mailto:adam@nostrum.com>> wrote:
> On 5/17/18 10:46 AM, Phillip Hallam-Baker wrote:
>> I am composing this in Gmail right now. And there is my outlook client in the window underneath. ​The Web browser is not just a full fledged email client, it is the client of choice.
> 
> I don't want to get too far down the rabbit hole of semantics here, but claiming that a browser is an email client because it can run Gmail is fully congruent with claiming your operating system is an email client because it can run Outlook.
> 
> More to the point: you know what I meant.
> 
> /a
> 
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org <mailto:Spasm@ietf.org>
> https://www.ietf.org/mailman/listinfo/spasm <https://www.ietf.org/mailman/listinfo/spasm>
> 
>

v2.23.0 | Report a Bug | By Email