[lamps] Fwd: [Bimi] New Version Notification for draft-blank-ietf-bimi-00.txt
Wei Chuang <weihaw@google.com> Sat, 09 February 2019 16:36 UTC
Return-Path: <weihaw@google.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 790B31200ED for <spasm@ietfa.amsl.com>; Sat, 9 Feb 2019 08:36:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.5
X-Spam-Level:
X-Spam-Status: No, score=-17.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DcjhqIRHVCcK for <spasm@ietfa.amsl.com>; Sat, 9 Feb 2019 08:36:28 -0800 (PST)
Received: from mail-yw1-xc34.google.com (mail-yw1-xc34.google.com [IPv6:2607:f8b0:4864:20::c34]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1B44F12008A for <spasm@ietf.org>; Sat, 9 Feb 2019 08:36:28 -0800 (PST)
Received: by mail-yw1-xc34.google.com with SMTP id k14so2599536ywe.4 for <spasm@ietf.org>; Sat, 09 Feb 2019 08:36:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=6FcYESDilcmCobCz4G1To3xGGysOf5ujvNdVodz01Ew=; b=AdVURBQ2TuR5PajpCFxw6A4y40szgn3bO/3x9nIpqtCHGf2YgZobTAMqGYzsqpl3CP ZxMl9smMLCgliDM8r3yQ2vwND8MWdmoHgoD1y1gQGp1jkqaIloCUviv+nQo3N/slHrMe h/L57VkTpndRu8rViwH3jbmjHXr1T76gG0aRlpaX2+xI9eYF1huEFTd8IpADuZEx+77g JlhShE/CIHclyThg3IE83Dgeje1nRzmtZuAH1cUJ8nB4PeDapTYR0+uGKLxDwtFMZqmE CMpWeubOy5+gZ9vWSf+8pjGM53WvnWKVF5a7PjHh2GBB0jB4X6ViSc02aBXxWQjfj0uV SFiQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=6FcYESDilcmCobCz4G1To3xGGysOf5ujvNdVodz01Ew=; b=s6Lt7ZSxZO8LE8V7XeYMkbuhAAiD6xuWGoyk/TuT86hT/fQgA/I58ats9p7GRsXLCm x2rMEVVGsu+DgzDEDuc78MWSWhj/DvBuowsP7MoEletb2VTTMIOiZ9Pjjzb9rwH8xnQY 60uYMBgTm3jx4Sucjv3dakdDXDvBP0G06oMIy4taz2Qxu8tAaZQuhFS6CSDCKH8q3IOz FuOGhFviYh269lNR3p8dDwjFH0upGp1IDBn5TetTZHh7UJ4f6FG4BRHS10kwygwcAyqL r0ywD+opIKOwPLhKZQy10aeQl8Gd1OQ7e0qoSXaAvgrPWQVZ4aVFAMMMX48SZ/zQnle+ D/nw==
X-Gm-Message-State: AHQUAuaZIPxyP41HTBMbTzOmOnzBL5vl2mi/uHEtTqvz+EzFedVOH7XO 1fqfC6LNIf9y0l7nD0hfHB4kKr39lwHMxtC6apeSitMDkWE2og==
X-Google-Smtp-Source: AHgI3IYiPBs5l45fXJF8uTjyL9h7KoQmlQPiOtLs2m9C7uwyxa8bE6NymhT4xzCsevrM795F/UwiBhAU/guG6Oq1f70=
X-Received: by 2002:a81:52d3:: with SMTP id g202mr10571643ywb.244.1549730186024; Sat, 09 Feb 2019 08:36:26 -0800 (PST)
MIME-Version: 1.0
References: <CAD2i3WMP=-id4aCexu71fXRiVkdN3L6v5p7E1yJVRAwk0vmkfA@mail.gmail.com>
In-Reply-To: <CAD2i3WMP=-id4aCexu71fXRiVkdN3L6v5p7E1yJVRAwk0vmkfA@mail.gmail.com>
From: Wei Chuang <weihaw@google.com>
Date: Sat, 09 Feb 2019 08:36:13 -0800
Message-ID: <CAAFsWK2kUpHjGSo53=gOLrzFbnA6rqsGwyB6TyeK4xBKN=VmQw@mail.gmail.com>
To: SPASM <spasm@ietf.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="0000000000004bf3af058178ad48"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/tpbU01x9GLt7uQZ79TezC0UuHak>
Subject: [lamps] Fwd: [Bimi] New Version Notification for draft-blank-ietf-bimi-00.txt
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 09 Feb 2019 16:36:32 -0000
Hi all, I'm cross posting to the LAMPS mailing list for visibility, that there is a new mailing list for Brand Indicators for Message Identification (BIMI) which allows for logos to be displayed by an email recipient. This is of interest to LAMPS since a secured part of the specification uses X.509/PKIX certificates to carry these logos and assert a 3rd party validation. A while back, I posted here a draft requesting a new certificate Extended Key Usage value to distinguish these logo carrying certificate which linked below. Also described below is the validation procedure for the certificate based on web Extended Validation (EV) but built upon to handle the logo validation. I also have a security justification document that I hope to turn into an IETF informational draft that will help justify the security of the logo and other information carried in the certificate. We look forward to your comments and questions on the BIMI list. https://www.ietf.org/mailman/listinfo/bimi -Wei ---------- Forwarded message --------- From: Seth Blank <seth@sethblank.com> Date: Wed, Feb 6, 2019 at 12:11 PM Subject: [Bimi] New Version Notification for draft-blank-ietf-bimi-00.txt To: <bimi@ietf.org> I've uploaded two documents as I-Ds to kick off IETF discussions around BIMI. Both these documents need a good deal of work, but are ready for public discussion. For BIMI publishing and usage: - https://tools.ietf.org/html/draft-blank-ietf-bimi-00 - https://tools.ietf.org/html/draft-brotman-ietf-bimi-guidance-00 For logo validation: - https://tools.ietf.org/html/draft-chuang-bimi-certificate-00 - https://docs.google.com/document/d/10IzxkdrveDazBAvTvOUa9uCIDBwMkdmluwHEcbja42w/edit?usp=sharing At a high level, these documents have several issues to be worked through: 1) The intent is for this to be globally accessible to any domain owner, but the current mechanisms are more approachable to larger organizations in first world countries a) We need a discussion of what other validation mechanisms could work at scale (our expectation is to have several, signposted weakly in the draft) b) We need a way to properly reflect this in the proposed a= tag 2) BIMI is NOT a new authentication mechanism, nor does it make ANY claims about user security or trust in the inbox. However, in places this draft may be unclear. How do we make this clearer while still explaining why standardizing this process is important, without crossing the line into UX or trust, of which BIMI is neither? 3) Right now, security surrounding logos is limited to SVGs per https://tools.ietf.org/html/rfc6170#section-5.2. There's clearly more that's needed here, especially against attacks that rely on steganography or resizing vectors, etc. 4) Other nits for draft-blank-ietf-bimi: a) The structure needs work, as do the Introduction and Overview b) Some of the technical construction feels like it could be dramatically simplified c) Section 8.2 mentions hashes with no definition or clarity d) The uses of MTA, MUA, and Mail Receiver feel like they overlap each other left and right i) And the document is heavily focused on larger receivers where this distinction is clear, but doesn't give any thought to other receiving architectures at all, especially mail clients that are the entire stack Several authors of these documents will be in Prague, we're looking forward to the conversations over the next few weeks and face to face! Seth ---------- Forwarded message --------- From: <internet-drafts@ietf.org> Date: Wed, Feb 6, 2019 at 11:11 AM Subject: New Version Notification for draft-blank-ietf-bimi-00.txt A new version of I-D, draft-blank-ietf-bimi-00.txt has been successfully submitted by Seth Blank and posted to the IETF repository. Name: draft-blank-ietf-bimi Revision: 00 Title: Brand Indicators for Message Identification (BIMI) Document date: 2019-02-06 Group: Individual Submission Pages: 26 URL: https://www.ietf.org/internet-drafts/draft-blank-ietf-bimi-00.txt Status: https://datatracker.ietf.org/doc/draft-blank-ietf-bimi/ Htmlized: https://tools.ietf.org/html/draft-blank-ietf-bimi-00 Htmlized: https://datatracker.ietf.org/doc/html/draft-blank-ietf-bimi Abstract: Brand Indicators for Message Identification (BIMI) permits Domain Owners to coordinate with Mail User Agents (MUAs) to display brand- specific Indicators next to properly authenticated messages. There are two aspects of BIMI coordination: a scalable mechanism for Domain Owners to publish their desired indicators, and a mechanism for Mail Transfer Agents (MTAs) to verify the authenticity of the indicator. This document specifies how Domain Owners communicate their desired indicators through the BIMI assertion record in DNS and how that record is to be handled by MTAs and MUAs. The domain verification mechanism and extensions for other mail protocols (IMAP, etc.) are specified in separate documents. MUAs and mail-receiving organizations are free to define their own policies for indicator display that makes use or not of BIMI data as they see fit. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat -- bimi mailing list bimi@ietf.org https://www.ietf.org/mailman/listinfo/bimi
- [lamps] Fwd: [Bimi] New Version Notification for … Wei Chuang
- Re: [lamps] Fwd: [Bimi] New Version Notification … Stephen Farrell
- Re: [lamps] Fwd: [Bimi] New Version Notification … Wei Chuang
- Re: [lamps] Fwd: [Bimi] New Version Notification … Stephen Farrell
- Re: [lamps] Fwd: [Bimi] New Version Notification … Wei Chuang