Re: [lamps] Advertising S/MIME capabilities in a certificate?
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 27 November 2019 15:25 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF3801209B3 for <spasm@ietfa.amsl.com>; Wed, 27 Nov 2019 07:25:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b=yVFZ3TGX; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b=0l2Xsz4G
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M6wyEo3BaXtG for <spasm@ietfa.amsl.com>; Wed, 27 Nov 2019 07:25:40 -0800 (PST)
Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 92A5D12081E for <spasm@ietf.org>; Wed, 27 Nov 2019 07:25:40 -0800 (PST)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1574868336; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=nQdoLARTEb/Mi6kAZmYp/zQSqSJwbGsDRoMraWUevEI=; b=yVFZ3TGXZjYDaXQrE9GYzYZwRW2/1nPslIQCXDG9lwBP5o5uNVZhHEuS zUupnSj0+CixH098rz0nflSdQ1JmCw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1574868336; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=nQdoLARTEb/Mi6kAZmYp/zQSqSJwbGsDRoMraWUevEI=; b=0l2Xsz4GsOhwJsLGWbkVt5fn1Q2+M324LlOaGWJIpArdnrX0dyETBL7B Zh1KJ986kMW2l0bmweTkDTSMG7br4Z1/vEDpcTfnE17zkts49BTtudwj2Q fE5CMtxh+MJaMFI+NoUspFV0QOYoVG2TaWySV70lX9h2KKSv+O2q0tWXPD WLYSBHTcLcoJ6YzSdLOYpvWSypnjt5gTams5U41AxpMpsvDNciVl5IjhAR ebMUUuCP+NVAPxFfPF7tZNuuGvJ6C8dd/8RPxvbhRol2FpybiPgk5Tq8pE Nyi3kT+OT0ufBKRhb5CbZX2XsKziIiNBWpzypLXJEAmFwILJLmZyHA==
Received: from fifthhorseman.net (unknown [38.109.115.130]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id 1A2DAF9A9; Wed, 27 Nov 2019 10:25:36 -0500 (EST)
Received: by fifthhorseman.net (Postfix, from userid 1000) id D81152046E; Wed, 27 Nov 2019 23:25:32 +0800 (+08)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Jim Schaad <ietf@augustcellars.com>, 'LAMPS WG' <spasm@ietf.org>
In-Reply-To: <069701d5a4d1$37c95840$a75c08c0$@augustcellars.com>
References: <87blt4i2ye.fsf@fifthhorseman.net> <053201d5a34b$56e34fb0$04a9ef10$@augustcellars.com> <877e3ngnza.fsf@fifthhorseman.net> <066401d5a493$fb5c5de0$f21519a0$@augustcellars.com> <87o8wyfdjv.fsf@fifthhorseman.net> <069701d5a4d1$37c95840$a75c08c0$@augustcellars.com>
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEXEK/AhYJKwYBBAHaRw8BAQdAr/gSROcn+6m8ijTN0DV9AahoHGafy52RRkhCZVwxhEe0K0Rh bmllbCBLYWhuIEdpbGxtb3IgPGRrZ0BmaWZ0aGhvcnNlbWFuLm5ldD6ImQQTFggAQQIbAQUJA8Jn AAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBMS8Lds4zOlkhevpwvIGkReQOOXGBQJcQsbzAhkB AAoJEPIGkReQOOXG4fkBAO1joRxqAZY57PjdzGieXLpluk9RkWa3ufkt3YUVEpH/AP9c+pgIxtyW +FwMQRjlqljuj8amdN4zuEqaCy4hhz/1DbgzBFxCv4sWCSsGAQQB2kcPAQEHQERSZxSPmgtdw6nN u7uxY7bzb9TnPrGAOp9kClBLRwGfiPUEGBYIACYWIQTEvC3bOMzpZIXr6cLyBpEXkDjlxgUCXEK/ iwIbAgUJAeEzgACBCRDyBpEXkDjlxnYgBBkWCAAdFiEEyQ5tNiAKG5IqFQnndhgZZSmuX/gFAlxC v4sACgkQdhgZZSmuX/iVWgD/fCU4ONzgy8w8UCHGmrmIZfDvdhg512NIBfx+Mz9ls5kA/Rq97vz4 z48MFuBdCuu0W/fVqVjnY7LN5n+CQJwGC0MIA7QA/RyY7Sz2gFIOcrns0RpoHr+3WI+won3xCD8+ sVXSHZvCAP98HCjDnw/b0lGuCR7coTXKLIM44/LFWgXAdZjm1wjODbg4BFxCv50SCisGAQQBl1UB BQEBB0BG4iXnHX/fs35NWKMWQTQoRI7oiAUt0wJHFFJbomxXbAMBCAeIfgQYFggAJhYhBMS8Lds4 zOlkhevpwvIGkReQOOXGBQJcQr+dAhsMBQkB4TOAAAoJEPIGkReQOOXGe/cBAPlek5d9xzcXUn/D kY6jKmxe26CTws3ZkbK6Aa5Ey/qKAP0VuPQSCRxA7RKfcB/XrEphfUFkraL06Xn/xGwJ+D0hCw==
Date: Wed, 27 Nov 2019 10:25:32 -0500
Message-ID: <87imn5fij7.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/p3aKjED2xT0hkai0lBdavR1CI_M>
Subject: Re: [lamps] Advertising S/MIME capabilities in a certificate?
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Nov 2019 15:25:43 -0000
On Tue 2019-11-26 19:17:34 -0800, Jim Schaad wrote: > I am not aware of one. As Stefan was at Microsoft at the time, I > assume that they may have issued some, but it would be easy to just > create a template with the extension in it so that no special work > would be needed on the client side to generate or for the server to > decide if to include it. Right, but this is contingent on agreeing on what the actual byte sequence is that would represent such a certificate. While we have the spec, a concrete test vector goes a long way toward ensuring that different implementers actually agree on how to interpret the spec. > I think that this depends on who you believe should be able to control > things. A company will want to restrict what is to be used even if > the client is advertising that it can do additional things. The > company would be more than willing to re-issue new certificates as > needed if the set of algorithms is changing. I imagine that a company's willingness to re-issue might depend on how expensive it is (in terms of $$, and in terms of employee time and expertise, and in terms of management overhead) to issue a new certificate. Consider also that certificate re-issuance opens the question of expiration dates, etc (i.e. should the new certificate expire at the same time as the old one? or should it expire the same duration *from issuance* as the old one?). None of these are super challenging decisions, but they are operational decisions to make, and they require input/time from different staff, which increases the management overhead. > On the other hand an individual is much more likely to just use > messages to send capabilities and not assume that people are going to > be able to find certificates from some type of "global" repository in > order to find out what capabilities exist. sure, but "find certificates from a global repo" only matters for sending mail having never received anything from the peer. Once the sender has received at least one message from the peer, they have this potential capability conflict to resolve. I suppose when an individual is sending messages, the sent message will include the certificate as well, so the sender can always just copy the capability set from the certificate into the message if they want to absolve the peer from grappling with this issue. But if the capability set in the message *differs* from the capability set in the certificate, the fact that no well-defined policy exists for the recipient to disambiguate seems like a problem for the ecosystem. So far, in this thread, three possible disambiguation policies have been mentioned, all with different results for the recipient: Given the most-recently received message that announces S/MIME capabilities and a certificate which also advertises S/MIME capabilities: - use S/MIME capabilities from certificate - use S/MIME capabilities from the message - use the union of S/MIME capabilities from the certificate and the message (of course, there might be others). Is there some reason that we shouldn't try to specify one of these as the expected canonical disambiguation? Should we provide guidance to MUAs about what capabilities to announce in messages that they send with a given certificate that also contains capabilities? --dkg
- [lamps] Advertising S/MIME capabilities in a cert… Daniel Kahn Gillmor
- Re: [lamps] Advertising S/MIME capabilities in a … Dmitry Belyavsky
- Re: [lamps] Advertising S/MIME capabilities in a … Jim Schaad
- Re: [lamps] Advertising S/MIME capabilities in a … Daniel Kahn Gillmor
- Re: [lamps] Advertising S/MIME capabilities in a … Jim Schaad
- Re: [lamps] Advertising S/MIME capabilities in a … Daniel Kahn Gillmor
- Re: [lamps] Advertising S/MIME capabilities in a … Jim Schaad
- Re: [lamps] Advertising S/MIME capabilities in a … Daniel Kahn Gillmor
- Re: [lamps] Advertising S/MIME capabilities in a … Russ Housley