IETF Logo Mail Archive

Re: [lamps] S/MIME fix

Phillip Hallam-Baker <phill@hallambaker.com> Wed, 16 May 2018 17:45 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5CD412D95C for <spasm@ietfa.amsl.com>; Wed, 16 May 2018 10:45:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.403
X-Spam-Level:
X-Spam-Status: No, score=-1.403 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.248, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PtALpxPG5yOS for <spasm@ietfa.amsl.com>; Wed, 16 May 2018 10:45:03 -0700 (PDT)
Received: from mail-ot0-x230.google.com (mail-ot0-x230.google.com [IPv6:2607:f8b0:4003:c0f::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1C8F81273B1 for <SPASM@ietf.org>; Wed, 16 May 2018 10:45:03 -0700 (PDT)
Received: by mail-ot0-x230.google.com with SMTP id t1-v6so1874943ott.13 for <SPASM@ietf.org>; Wed, 16 May 2018 10:45:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=a/waVUh9kaUju6ZlXFKtniKtyXekiOauLaMwmQoFP8U=; b=SuXr/IQQ82S/DliCjir8mC69NXtC9IuajpXdAXTCRZat01cRlZo2OzHnijvxYb1DCU oda6mqOf8Of6T8D/vXBgZb0t74mA9PjmWDXI9dZ/QBL6lpmqHsU+taKCj0jaYd+Ows5g fKAVE5RjKCgdaPCAvC8pL/u4d97hAKfpNYlC5fzO8rmct1y/gtGhjyUpzkO6kql1TwdX lbeuGks58NQr/9tULfxGUgCTEDPj2mgRgYXmeLTo1RO9DTGrjFDnm0Bqw0/W03Xiwax/ YjJfKIplNDPbfGpoZkolGMYduUwnKj5LCV84UbrXLoqudB6Wy9NUD8KqBmmcIyKmYpPS vGUw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=a/waVUh9kaUju6ZlXFKtniKtyXekiOauLaMwmQoFP8U=; b=fy00b/9Vx1vM2AOsYucoAkTmBGcE/RM5YRm4s6gV/Ey6hg1wWYSQ1y3y0FODWXsaMq AjgSN6fonbmNzTjoCfTBDtC9aEWlOizLgNRdqTSB3N8ftEjrCu7ZqMRQ04QxsNdrmLDC Bnx1Y7r5SSVAWaGF5q3OACZRSBjaxFn4nZy+C6YsrdtZpkdUukZfiDh24KZCS6zoVu2e qApskSXYM57IJLt3+RspUyzUVMu1D6/ExIsyF/pYRLu0HUUKDahINSDXlev97pzAO/7L qqYR+qLrNOurl+MiWwCL6fMQrGr8ADCgCbIZqWSRB4HauwtfwdhVaOYcLo8W9tw2kUGB cL8Q==
X-Gm-Message-State: ALKqPwcS4o7a5K2omD/xjGwXMGFqr5O2XEAf97LBRRwgRqtWuMUwXRQR VkDLP5KLnhYeRIDz9kMOVXmk3ffJhs27VDqs5c4=
X-Google-Smtp-Source: AB8JxZpWajSlxuMZynw1T8AvSx8XcyGRdaSJjmdNNbm72Oc0OxhKR6qNoDDhWqcBn1F14y8QCQgr/UIbMEIctf6hoWg=
X-Received: by 2002:a9d:14b9:: with SMTP id d54-v6mr1445127ote.380.1526492702456; Wed, 16 May 2018 10:45:02 -0700 (PDT)
MIME-Version: 1.0
Sender: hallam@gmail.com
Received: by 2002:a9d:23:0:0:0:0:0 with HTTP; Wed, 16 May 2018 10:45:01 -0700 (PDT)
In-Reply-To: <559ab3c7-ee5f-22b9-ef02-c091765011d2@isode.com>
References: <CAMm+Lwj=VTBHYxH-iOaqEUHxALpBfSXWG3p0+xxUnY+o4CmGvA@mail.gmail.com> <559ab3c7-ee5f-22b9-ef02-c091765011d2@isode.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Wed, 16 May 2018 13:45:01 -0400
X-Google-Sender-Auth: jjBI49o1ZZE2ZR8xvdAfVCGv58Q
Message-ID: <CAMm+LwjFsDdy2pWtrGQcLnZSM1etUyxbyx=Fi46BMn30RxV0jA@mail.gmail.com>
To: Alexey Melnikov <alexey.melnikov@isode.com>
Cc: SPASM <SPASM@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000004841aa056c5647d5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/gRvzOYbGNfxVyitroISW15lMPgQ>
Subject: Re: [lamps] S/MIME fix
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 May 2018 17:45:05 -0000

On Wed, May 16, 2018 at 10:48 AM, Alexey Melnikov <alexey.melnikov@isode.com
> wrote:

> Hi Philip,
> On 16/05/2018 15:28, Phillip Hallam-Baker wrote:
>
> Looking at eFail, surely the simplest fix is to require that an HTML
> message body be presented in a single CMS envelope presented in a single
> MIME part?
>
>
> I am not sure what you mean here. A CMS envelope can contain
> multipart/mixed within it, which is a perfectly valid use case (i.e. if one
> wants to send some encrypted text together with some encrypted attachments).
>

​Agreed.

​


> If you are talking about preventing the following construct:
>
>
> content-type: multipart/mixed; boundary=.f8231d7f-681b-442c-
> 97cc-e6c5375d059d
>
> This is a multipart message in MIME format.
>
> --.f8231d7f-681b-442c-97cc-e6c5375d059d
> content-type: text/html
>
> ...some partial HTML...
> --.f8231d7f-681b-442c-97cc-e6c5375d059d
> content-disposition: inline; filename=smime.p7m
> Content-Transfer-Encoding: base64
> content-type: application/pkcs7-mime; name=smime.p7m; smime-type=enveloped-data
>
> ...encrypted HTML...
> --.f8231d7f-681b-442c-97cc-e6c5375d059d
> content-type: text/html
>
> ...some partial HTML...
> --.f8231d7f-681b-442c-97cc-e6c5375d059d--
>
>
> i.e. a multipart/mixed that contains a mixture of text/html and
> application/pkcs7-mime, then I might agree with you. But this is not really
> an S/MIME feature, it is a generic MIME feature. So maybe this WG should
> write a document on best S/MIME implementation practices.
>

​Agreed. It is a feature of MIME which seems to have been carried over to
S/MIME without people asking WTF?​

v2.23.0 | Report a Bug | By Email