IETF Logo Mail Archive

Re: [lamps] Draft addition of header protection to the LAMPS charter

Russ Housley <housley@vigilsec.com> Fri, 11 January 2019 18:56 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 69D6F1286D9 for <spasm@ietfa.amsl.com>; Fri, 11 Jan 2019 10:56:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LFS9v0gMy9st for <spasm@ietfa.amsl.com>; Fri, 11 Jan 2019 10:56:47 -0800 (PST)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BBFCA127AC2 for <spasm@ietf.org>; Fri, 11 Jan 2019 10:56:47 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id C5A4F300A01 for <spasm@ietf.org>; Fri, 11 Jan 2019 13:38:29 -0500 (EST)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id g02KVfL8WrVB for <spasm@ietf.org>; Fri, 11 Jan 2019 13:38:28 -0500 (EST)
Received: from a860b60074bd.fios-router.home (pool-108-45-137-105.washdc.fios.verizon.net [108.45.137.105]) by mail.smeinc.net (Postfix) with ESMTPSA id 67D3C300064; Fri, 11 Jan 2019 13:38:28 -0500 (EST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <87imyvcb3m.fsf@fifthhorseman.net>
Date: Fri, 11 Jan 2019 13:56:45 -0500
Cc: LAMPS WG <spasm@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <7DC69A08-3A4E-4D57-B490-179B8E4A411E@vigilsec.com>
References: <DC188C55-6FDE-4E64-9151-54815E96B50B@vigilsec.com> <87bm5hxdn0.fsf@fifthhorseman.net> <1194C123-1234-4B86-8EC1-26CE577CAFDA@vigilsec.com> <BB06AD4F-5F6F-4986-9ADC-04B44E34D0DE@vigilsec.com> <87imyvcb3m.fsf@fifthhorseman.net>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
X-Mailer: Apple Mail (2.3445.102.3)
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/uAXxzcW3gSivku7J2A8o9YKdPQA>
Subject: Re: [lamps] Draft addition of header protection to the LAMPS charter
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Jan 2019 18:56:50 -0000

I prefer this wording as well.

Russ


> On Jan 11, 2019, at 1:17 PM, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote:
> 
> On Thu 2019-01-10 13:21:45 -0500, Russ Housley wrote:
>> We seem to have moved on to other topics.  Does that mean we have settled on the text we want the IESG to add to the charter?
>> 
>>   7. Cryptographic protection of electronic mail headers: A
>>   mechanism to address this in S/MIME has been standardized
>>   in RFC 5751. The WG shall define solutions (both for
>>   signature and encryption) to close significant privacy,
>>   security and usability gaps in cryptographically-protected
>>   electronic mail.
> 
> I like the push and am happy to move forward with a charter that
> includes e-mail header protection.  But I'm a bit concerned about this
> text for mainly stylistic reasons -- the above text only mentions
> headers explicitly in the part before the colon, and it doesn't match
> the form of the other bullet points that are currently in the charter
> (no other bullet point starts with a set-off title like this; no other
> bullet point says "The WG shall…", etc).
> 
> I propose the following revision that matches the style of the existing
> charter elements (using Bernie's notation, i'll call this DKG-2):
> 
> --- BEGIN DKG-2 ---
> 
> 7. Update the specification for the cryptographic protection of e-mail
> headers - both for signatures and encryption - to improve the
> implementation situation with respect to privacy, security and usability
> in cryptographically-protected electronic mail.  Most current
> implementations of cryptographically-protected electronic mail protect
> only the body of the message, which leaves significant room for attacks
> against otherwise-protected messages.
> 
> --- END DKG-2 ---
> 
> if the group prefers the text Russ cited, i can live with it too.  i'd
> like to move on to the actual specification work.
> 
> Regards,
> 
>        --dkg

v2.23.0 | Report a Bug | By Email