IETF Logo Mail Archive

Re: [lamps] Draft addition of header protection to the LAMPS charter

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Fri, 04 January 2019 20:49 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A54D1130E9A for <spasm@ietfa.amsl.com>; Fri, 4 Jan 2019 12:49:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.89
X-Spam-Level:
X-Spam-Status: No, score=-1.89 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h0L20Cjmcnn8 for <spasm@ietfa.amsl.com>; Fri, 4 Jan 2019 12:49:21 -0800 (PST)
Received: from che.mayfirst.org (che.mayfirst.org [IPv6:2001:470:1:116::7]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6154A130E8F for <spasm@ietf.org>; Fri, 4 Jan 2019 12:49:21 -0800 (PST)
Received: from fifthhorseman.net (unknown [38.109.115.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id 5D331F99B; Fri, 4 Jan 2019 15:49:19 -0500 (EST)
Received: by fifthhorseman.net (Postfix, from userid 1000) id E27B82027E; Fri, 4 Jan 2019 15:19:48 -0500 (EST)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: John R Levine <johnl@taugh.com>
Cc: spasm@ietf.org, bernie@ietf.hoeneisen.ch
In-Reply-To: <alpine.OSX.2.21.1901041201150.93160@ary.qy>
References: <20190104012415.AA6C3200C425F9@ary.qy> <87h8eonzxx.fsf@fifthhorseman.net> <alpine.OSX.2.21.1901041201150.93160@ary.qy>
Date: Fri, 04 Jan 2019 15:19:45 -0500
Message-ID: <8736q8npjy.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/qbCqz1LhJE-33AKKLyxiUZz2Wak>
Subject: Re: [lamps] Draft addition of header protection to the LAMPS charter
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Jan 2019 20:49:24 -0000

On Fri 2019-01-04 12:06:35 -0500, John R Levine wrote:
> That doesn't strike me as a meaningful distinction.  We designed DKIM
> so polciy about assigning selectors and where signatures are added are
> out of scope.  On my mail system, every DKIM signature has a unique
> selector.

Hm, that creates an interesting metadata phone-home situation!  Thanks
for pointing it out.  and taugh.com is a signed zone as well.  So you're
re-signing your zone with every message sent, or do you have a batch of
pre-signed selectors, and you just tick them off and regenerate a batch
when you're running low?  (apologies for the off-topic nature here --
feel free to reply to me privately on this if you want).

> On the other hand, I'm pretty sure I know of systems where S/MIME 
> signatures are generated and checked in MTAs and mailing list packages.

yep, understood.  I know such systems exist.  How would you expect DKIM
signatures to interact with protected encrypted headers?  do you think
this should be part of the scope of this work in LAMPS?

> My preference would be to leave out the prior history catalog completely.

Leaving out the prior history catalog works for me, too.

     --dkg

v2.23.0 | Report a Bug | By Email