Re: [lamps] S/MIME fix
Adam Roach <adam@nostrum.com> Thu, 17 May 2018 15:37 UTC
Return-Path: <adam@nostrum.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B03E12D965 for <spasm@ietfa.amsl.com>; Thu, 17 May 2018 08:37:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.88
X-Spam-Level:
X-Spam-Status: No, score=-1.88 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sSSrOZG_hE5w for <spasm@ietfa.amsl.com>; Thu, 17 May 2018 08:37:32 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 670C81270AE for <SPASM@ietf.org>; Thu, 17 May 2018 08:37:32 -0700 (PDT)
Received: from Svantevit.local (99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id w4HFbU0i039103 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Thu, 17 May 2018 10:37:31 -0500 (CDT) (envelope-from adam@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host 99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228] claimed to be Svantevit.local
To: Russ Housley <housley@vigilsec.com>
Cc: SPASM <SPASM@ietf.org>
References: <CAMm+Lwj=VTBHYxH-iOaqEUHxALpBfSXWG3p0+xxUnY+o4CmGvA@mail.gmail.com> <BN6PR14MB1106A2890EE8B9243B4EA08C83920@BN6PR14MB1106.namprd14.prod.outlook.com> <CAMm+LwhuBoQ1VHQy-=E2FODYq4Fnzs8e24Yqyfg4akwQTsqc=w@mail.gmail.com> <1e8468d7-da6c-62f1-e24b-1ee03df22606@cs.tcd.ie> <e678276f-79c2-ec3c-7df5-f70794740f77@nostrum.com> <AB332E06-E1F5-4E82-9EF8-B49846865DAC@vigilsec.com>
From: Adam Roach <adam@nostrum.com>
Message-ID: <f623981f-a379-4a94-0fda-a765a8318841@nostrum.com>
Date: Thu, 17 May 2018 10:37:25 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <AB332E06-E1F5-4E82-9EF8-B49846865DAC@vigilsec.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/husvP6z8munn-DVvyGp46XTZMeA>
Subject: Re: [lamps] S/MIME fix
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 May 2018 15:37:34 -0000
On 5/17/18 9:01 AM, Russ Housley wrote: >> To create an analogous situation for secure email, you'd need to use webcrypto in a way that stored your private key in the browser (inaccessible to the page), and develop web standards that add some affordance for web pages to hand encrypted data to the browser in a way that causes the corresponding unencrypted data to be displayed to the user, but isolated from the web page completely (e.g., rendered into an iframe that the parent cannot inspect). > I am not following you. I do not see the requirement to do anything with webcrypto. However, I completely agree with the need to isolate each portion of the multi-part. Presumably, we would need a means to generate a keypair, and to make the public key available to the webpage so that it can be conveyed to remote parties. That could be a new API, but it feels like something that could be added to webcrypto without much fuss. (I'll note that WebRTC did take the other approach, by defining an RTCPeerConnection.generateCertificate() method that is very roughly equivalent to window.crypto.subtle.generateKey(), but with the properties I describe above). Admittedly, this can all be done by the browser itself using local UI, but the general idea of the web platform is that you delegate only as little as is necessary to the browser. I mean, if you push enough of this to the local binary, and it becomes a full-fledged email client. ;) /a
- Re: [lamps] S/MIME fix Alexey Melnikov
- [lamps] S/MIME fix Phillip Hallam-Baker
- Re: [lamps] S/MIME fix Alexey Melnikov
- Re: [lamps] S/MIME fix Jim Schaad
- Re: [lamps] S/MIME fix Phillip Hallam-Baker
- Re: [lamps] S/MIME fix Alexey Melnikov
- Re: [lamps] S/MIME fix Tim Hollebeek
- Re: [lamps] S/MIME fix Phillip Hallam-Baker
- Re: [lamps] S/MIME fix Stephen Farrell
- Re: [lamps] S/MIME fix Adam Roach
- Re: [lamps] S/MIME fix Tim Hollebeek
- Re: [lamps] S/MIME fix Stephen Farrell
- Re: [lamps] S/MIME fix Russ Housley
- Re: [lamps] S/MIME fix Russ Housley
- Re: [lamps] S/MIME fix Adam Roach
- Re: [lamps] S/MIME fix Phillip Hallam-Baker
- Re: [lamps] S/MIME fix Adam Roach
- Re: [lamps] S/MIME fix Ryan Sleevi
- Re: [lamps] S/MIME fix Russ Housley
- Re: [lamps] S/MIME fix Ryan Sleevi
- Re: [lamps] S/MIME fix Phillip Hallam-Baker
- Re: [lamps] S/MIME fix Phillip Hallam-Baker
- Re: [lamps] S/MIME fix Russ Housley