From 7366acafec906ae0545461a780e1f52af414e138 Mon Sep 17 00:00:00 2001 From: Bernie Hoeneisen Date: Fri, 5 Jul 2019 22:55:58 +0200 Subject: [PATCH] version rollover --- lamps-header-protection/Makefile | 4 +- ...t-luck-lamps-pep-header-protection-03.html | 984 +++++++++++++ ...ft-luck-lamps-pep-header-protection-03.txt | 952 ++++++++++++ ...ft-luck-lamps-pep-header-protection-03.xml | 1276 +++++++++++++++++ ...draft-luck-lamps-pep-header-protection.mkd | 2 +- 5 files changed, 3215 insertions(+), 3 deletions(-) create mode 100644 lamps-header-protection/archive/draft-luck-lamps-pep-header-protection-03.html create mode 100644 lamps-header-protection/archive/draft-luck-lamps-pep-header-protection-03.txt create mode 100644 lamps-header-protection/archive/draft-luck-lamps-pep-header-protection-03.xml diff --git a/lamps-header-protection/Makefile b/lamps-header-protection/Makefile index c6f9e726..b2ae7424 100644 --- a/lamps-header-protection/Makefile +++ b/lamps-header-protection/Makefile @@ -1,7 +1,7 @@ #!/usr/bin/make -f NAME := draft-luck-lamps-pep-header-protection -REV := 03 +REV := 04 DRAFT := $(NAME)-$(REV) OUTPUTS = $(DRAFT).xml $(DRAFT).txt $(DRAFT).html @@ -12,7 +12,6 @@ all: $(OUTPUTS) $(DRAFT).xml: $(NAME).mkd \ ../shared/author_tags/claudio_luck.mkd \ - ../shared/author_tags/bernie_hoeneisen.mkd \ ../shared/references/implementation-status.mkd \ ../shared/text-blocks/key-words-rfc2119.mkd \ ../shared/text-blocks/terms-intro.mkd \ @@ -25,6 +24,7 @@ $(DRAFT).xml: $(NAME).mkd \ # ../shared/ascii-arts/basic-msg-flow.mkd \ # ../shared/ascii-arts/pep_id_system.mkd \ # to match backslash at the end of the previous line + # ../shared/author_tags/bernie_hoeneisen.mkd \ kramdown-rfc2629 $(NAME).mkd > $(DRAFT).xml $(DRAFT).txt: $(DRAFT).xml diff --git a/lamps-header-protection/archive/draft-luck-lamps-pep-header-protection-03.html b/lamps-header-protection/archive/draft-luck-lamps-pep-header-protection-03.html new file mode 100644 index 00000000..c60e4eeb --- /dev/null +++ b/lamps-header-protection/archive/draft-luck-lamps-pep-header-protection-03.html @@ -0,0 +1,984 @@ + + + + + + + pretty Easy privacy (pEp): Progressive Header Disclosure + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Network Working GroupC. Luck
Internet-DraftpEp Foundation
Intended status: InformationalJuly 05, 2019
Expires: January 6, 2020
+ +

pretty Easy privacy (pEp): Progressive Header Disclosure
+ draft-luck-lamps-pep-header-protection-03

+ +

Abstract

+

Issues with email header protection in S​/​MIME have been recently raised in the IETF LAMPS Working Group. The need for amendments to the existing specification regarding header protection was expressed.

+

The pretty Easy privacy (pEp) implementations currently use a mechanism quite similar to the currently standardized message wrapping for S​/​MIME. The main difference is that pEp is using PGP/MIME instead, and adds space for carrying public keys next to the protected message.

+

In LAMPS, it has been expressed that whatever mechanism will be chosen, it should not be limited to S​/​MIME, but also applicable to PGP/MIME.

+

This document aims to contribute to this discussion and share the pEp implementation experience with email header protection.

+

Status of This Memo

+

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

+

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

+

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

+

This Internet-Draft will expire on January 6, 2020.

+

Copyright Notice

+

Copyright (c) 2019 IETF Trust and the persons identified as the document authors. All rights reserved.

+

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

+ + +
+

Table of Contents

+ + +

+1. Introduction +

+

A range of protocols for the protection of electronic mail (email) exist, which allow to assess the authenticity and integrity of the email headers section, or selected header fields, but limited to a domain-level perspective. Specifically these are DomainKeys Identified Mail (DKIM) [RFC6376] and Sender Policy Framework (SPF) [RFC7208] and Domain-based Message Authentication, Reporting, and Conformance (DMARC) [RFC7489]. These protocols, while essential to responding to a range of attacks on email, do not offer full End-to-End protection to the headers section and are not capable of providing privacy regarding the information represented therein.

+

The need for means of Data Minimization, which includes data spareness and hiding of all information technically hideable, has grown in importance over the past years.

+

A standard for End-to-End protection of the email headers section exists for S​/​MIME since version 3.1. (cf. [RFC8551]):

+

+ + +

No mechanism for header protection has been standardized for [PGPMIME] yet.

+

End-to-End protection for the email headers section is currently not widely implemented – neither for messages protected by means of S​/​MIME nor PGP/MIME. At least two variants of header protection are known to be implemented. A recently submitted Internet-Draft [I-D.melnikov-lamps-header-protection] discusses the two variants and the challenges with header protection for S​/​MIME. The two variants are referred to as:

+

+ + +

pEp (pretty Easy privacy) [I-D.birk-pep] for email [I-D.marques-pep-email] already implements an option quite similar to Option 2, adapting the S​/​MIME standards to PGP/MIME (cf. Section 2, ff.). Existing implementations of pEp have also added inbound support for “Memory Hole” referred to above as Option 1, thus being able to study the differences and the implementator’s challenges.

+

pEp now also supports the “forwarded=no” attribute proposed in [I-D.melnikov-lamps-header-protection], and further described in Section 2.3.

+

Interoperability and implementation symmetry between PGP/MIME and S​/​MIME is planned by pEp, but still in an early stage of development.

+

This document describes Progressive Header Disclosure as implemented in the “pEp message format version 2”. This format inherently offers header protection as a side effect, but is only intended for use only with signed-and-encrypted messages. The feature of protecting headers may be used independently by mail user agents otherwise not wanting to conform to pEp standards (Section 2, ff.).

+

+1.1. Requirements Language +

+

The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in this document are to be interpreted as described in [RFC2119].

+

+1.2. Terms +

+

The following terms are defined for the scope of this document:

+

+ + +

+2. Message Format for Progressive Header Disclosure +

+

+2.1. Compatibility +

+

The pEp message format version 2 is designed such that a receiving Mail User Agent (MUA), which is OpenPGP-compliant but not pEp-compliant, still has built-in capability to properly verify the integrity of the mail, decode it and display all information of the original mail to the user. The recovered protected message is selfsufficiently described, including all protected header fields.

+

The pEp message format version 2 (as used by all the various pEp implementations, cf. Section 9) is similar to what is standardized for S​/​MIME in [RFC8551]:

+

+ + +

+2.2. Inner Message +

+

Note: this section is for your information only. It does not add requirements for the header protection feature to work.

+

The pEp message format requires the innermost protected message to follow a fixed MIME structure and to consist of exactly one human-readable message which is represented in plain or HTML format. Both plain and html entities MUST represent the same message to the user. Any attachment to the message must be laid out in a flat list. No additional multipart entities are allowed in the pEp message.

+

These restrictions permit to build mail user agents which are immune to the EFAIL attacks.

+

This message is herein further referred to as the “pEp inner message”.

+

A mail user agent wanting to follow this standard, SHOULD transform any “original message” into a “pEp inner message” for safe representation on the receiving side.

+

+2.3. Content-Type Parameter “forwarded” +

+

One caveat of the design is that the user interaction with message/rfc822 entities varies considerably across different mail user agents. No standard is currently available which enables MUAs to reliably determine whenever a nested message/rfc822 entity is meant to blend the containing message, or if it was effectively intended to be forwarded as a file document. pEp currently implements the proposal described by [I-D.melnikov-lamps-header-protection], 3.2, which defines a new Content-Type header field parameter with name “forwarded”, for the MUA to distinguish between a forwarded message and a nested message for the purpose of header protection, i.e., using “forwarded=no”.

+

+2.4. Outer Message +

+

With pEp message format version 2, the pEp standardized message is equally wrapped in a message/rfc822 entity, but this time being in turn wrapped in a multipart/mixed entity. The purpose of the additional nesting is to allow for public keys of the sender to be stored alongside the original message while being protected by the same mechanism.

+

For the case of PGP/MIME, the currently only implemented MIME encryption protocol implemented in pEp, the top-level entity called the “outer message” MUST contain:

+

+ + +

Notes on the current pEp client implementations:

+

+ + +

This is an example of the top-level MIME entity, before being encrypted and signed:

+
+    MIME-Version: 1.0
+    Content-Type: multipart/mixed;
+                  boundary="6b8b4567327b23c6643c986966334873"
+
+
+    --6b8b4567327b23c6643c986966334873
+    Content-Type: message/rfc822; forwarded="no"
+
+    From: John Doe <jdoe@machine.example>
+    To: Mary Smith <mary@example.net>
+    Subject: Example
+    Date: Fri, 30 Jun 2018 09:55:06 +0200
+    Message-ID: <05d0526e-41c4-11e9-8828@pretty.Easy.privacy>
+    X-Pep-Version: 2.0
+    MIME-Version: 1.0
+    Content-Type: multipart/alternative;
+                  boundary="29fe9d2b2d7f6a703c1bffc47c162a8c"
+
+    --29fe9d2b2d7f6a703c1bffc47c162a8c
+    Content-Type: text/plain; charset="utf-8"
+    Content-Transfer-Encoding: quoted-printable
+    Content-Disposition: inline; filename="msg.txt"
+
+    p=E2=89=A1p for Privacy by Default.
+    -- =20
+    Sent from my p=E2=89=A1p for Android.
+
+    --29fe9d2b2d7f6a703c1bffc47c162a8c
+    Content-Type: text/html; charset="utf-8"
+    Content-Transfer-Encoding: quoted-printable
+
+    p=E2=89=A1p for Privacy by Default.<br>
+    -- <br>
+    Sent from my p=E2=89=A1p for Android.<br>
+
+    --29fe9d2b2d7f6a703c1bffc47c162a8c--
+    --6b8b4567327b23c6643c986966334873
+    Content-Type: application/pgp-keys
+    Content-Disposition: attachment; filename="pEpkey.asc"
+
+    -----BEGIN PGP PUBLIC KEY BLOCK-----
+
+    ...
+    -----END PGP PUBLIC KEY BLOCK-----
+
+    --6b8b4567327b23c6643c986966334873--
+
+

+2.5. Transport Message +

+

In pEp message format 2 the “outer message” consists of a full RFC822 message with body and a minimal set of header fields, just those necessary to conform to MIME multipart standards.

+

The “outer message” should be encrypted and carry a signature according to the MIME encryption standards. The resulting message is the transport message which a root entity of type multipart/encrypted.

+

A minimal set of header fields should be set on the “transport message”, as to permit delivery, without disclosing private information.

+

The structure of the transport message may be altered in-transit, e.g. through mailing list agents, or inspection gateways.

+

Signing and encrypting a message with MIME Security with [PGPMIME], yields a message with the following complete MIME structure, seen across the encryption layer:

+
+    = multipart/encrypted; protocol="application/pgp-encrypted";
+      + application/pgp-encrypted [ Version: 1 ]
+      + application/octet-stream; name="msg.asc"
+        {
+          Content-Disposition: inline; filename="msg.asc";
+        }
+           |
+          [ opaque encrypted structure ]
+           |
+           { minimal headers }
+           + multipart/mixed
+             + message/rfc822; forwarded="no";
+                  |
+                 { protected message headers }
+                 + multipart/mixed
+                   + multipart/alternate
+                     + text/plain
+                     + text/html
+                   + application/octet-stream [ attachmet_1 ]
+                   + application/octet-stream [ attachmet_2 ]
+             + application/pgp-keys
+
+
+

The header fields of the sub-part of type application/octet-stream SHOULD be modified to ensure that:

+

+ + +

+2.6. S/MIME Compatibility +

+

Interoperability and implementation symmetry between PGP/MIME and S​/​MIME is on the roadmap of pEp.

+

+3. Candidate Header Fields for Header Protection +

+

By default, all headers of the original message SHOULD be wrapped with the original message, with one exception:

+

+ + +

+4. Stub Outside Headers +

+

The outer message requires a minimal set of headers to be in place for being eligible for transport. This includes the “From”, “To”, “Cc”, “Bcc”, “Subject” and “Message-ID” header fields. The protocol hereby defined also depends on the “MIME-Version”, “Content-Type”, “Content-Disposition” and eventually the “Content-Transport-Encoding” header field to be present.

+

Submission and forwarding based on SMTP carries “from” and “receivers” information out-of-band, so that the “From” and “To” header fields are not strictly necessary. Nevertheless, “From”, “Date”, and at least one destination header field is mandatory as per [RFC5322]. They SHOULD be conserved for reliability.

+

The following header fields should contain a verbatim copy of the header fields of the inner message:

+

+ + +

The entries with an asterisk mark (*) should only be set if also present in the original message.

+

Clients which follow pEp standards MUST set the header field value for “Subject” to “=?utf-8?Q?p=E2=89=A1p?=” or “pEp”. Clients which do not adhere to all pEp standards should set the header field value of “Subject” to a descriptive stub value. An example used in practice is

+

+ + +

The following header fields MUST be initialized with proper values according to the MIME standards:

+

+ + +

+5. Processing Incoming Email under Progressive Header Disclosure +

+

[[ TODO ]]

+

+5.1. Processing of Signed-only Email +

+

pEp either engages in a signed-and-encrypted communication or in an unsigned plaintext communication. Inbound signatures attached to plaintext messages are duly verified but cannot enhance the perceived quality of the message in the user interface (while an invalid signature degrades the perception) [I-D.birk-pep].

+

+5.2. Incoming Filter Processing +

+

The Mail User Agent may implement outgoing filtering of mails, which may veto, alter, redirect or replicate the messages. The functionality may be implemented on the mailbox server and be configurable through a well-known protocol, e.g., by means of The Sieve Mail-Filtering Language [RFC5490], or be implemented client-side, or in a combination of both.

+

A mailbox server, which is required to process the full range of possible filters, is requiring plaintext access to the header fields.

+

In an End-to-End-encryption context, which pEp enforces by default, upon first reception of the message the mailbox server is limited to see the transport- relevant headers of the outer wrapper message. A pEp client configured to trust the server (“trusted server” setting [I-D.marques-pep-email]) will later download the encrypted message, decrypt it and replace the copy on the server by the decrypted copy.

+

+5.2.1. Staged Filtering of Inbound Messages +

+

Inbound messages are expected to be delivered to the inbox while still being encrypted. At this point in time, server-side filtering can only evaluate the unprotected header fields in the wrapper message.

+

In an End-to-End-encryption context, which pEp enforces by default, the mailbox server is limited to see the transport-relevant headers of the outer wrapper message only upon first delivery. A pEp client configured to trust the server (“trusted server” setting [I-D.marques-pep-email]) will eventually download the encrypted message, decrypt it locally and replace the copy on the server by the decrypted copy. Server-side message filters SHOULD be able to detect such post-processed messages, and apply the pending filters. The client SHOULD easily reflect the post-filtered messages in the user interface.

+

+5.3. Outgoing Filter Processing +

+

The Mail User Agent may implement outgoing filtering of emails, which may veto, alter or replicate the email. They may also hint the MUA to store a copy in an alternate “Sent” folder.

+

Filters which veto the sending or do alter the mail or replicate it (e.g., mass-mail generators) SHOULD be completed prior to applying protection, and thus also prior to applying header protection. Redirection to alternate “Sent” folders MUST NOT be decided prior to applying protection, but MUAs MAY abide from this restriction if they implement the “trusted server” option and the option is selected for the specific mailbox server; in this case, MUAs MUST NOT allow to redirect a message to an untrusted server by these rules, to prevent information leakage to the untrusted server.

+

[[ TODO: Mention implicit filter for minimal color-rating for message replication. ]]

+

[[ TODO: How to produce key-export-mails manually this way? That is, what about non-pEp-mode? ]]

+

+6. Security Considerations +

+

[[ TODO ]]

+

+7. Privacy Considerations +

+

[[ TODO ]]

+

+8. IANA Considerations +

+

This document has no actions for IANA.

+

+9. Implementation Status +

+

+9.1. Introduction +

+

This section records the status of known implementations of the protocol defined by this specification at the time of posting of this Internet-Draft, and is based on a proposal described in [RFC7942]. The description of implementations in this section is intended to assist the IETF in its decision processes in progressing drafts to RFCs. Please note that the listing of any individual implementation here does not imply endorsement by the IETF. Furthermore, no effort has been spent to verify the information presented here that was supplied by IETF contributors. This is not intended as, and must not be construed to be, a catalog of available implementations or their features. Readers are advised to note that other implementations may exist.

+

According to [RFC7942], “[…] this will allow reviewers and working groups to assign due consideration to documents that have the benefit of running code, which may serve as evidence of valuable experimentation and feedback that have made the implemented protocols more mature. It is up to the individual working groups to use this information as they see fit.”

+

+9.2. Current software implementing pEp +

+

The following software implementing the pEp protocols (to varying degrees) already exists:

+

+ + +

pEp for Android, iOS and Outlook are provided by pEp Security, a commercial entity specializing in end-user software implementing pEp while Enigmail/pEp is pursued as community project, supported by the pEp Foundation.

+

All software is available as Free Software and published also in source form.

+

+10. Acknowledgements +

+

The authors would like to thank the following people who have provided significant contributions or feedback for the development of this document: Krista Bennett, Volker Birk, Bernie Hoeneisen and Hernani Marques.

+

+11. References

+

+11.1. Normative References

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
[I-D.birk-pep] +Marques, H. and B. Hoeneisen, "pretty Easy privacy (pEp): Privacy by Default", Internet-Draft draft-birk-pep-03, March 2019.
[I-D.marques-pep-email] +Marques, H., "pretty Easy privacy (pEp): Email Formats and Protocols", Internet-Draft draft-marques-pep-email-02, October 2018.
[I-D.melnikov-lamps-header-protection] +Melnikov, A., "Considerations for protecting Email header with S​/​MIME", Internet-Draft draft-melnikov-lamps-header-protection-00, October 2018.
[PGPMIME] +Elkins, M., Del Torto, D., Levien, R. and T. Roessler, "MIME Security with OpenPGP", RFC 3156, DOI 10.17487/RFC3156, August 2001.
[RFC2046] +Freed, N. and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types", RFC 2046, DOI 10.17487/RFC2046, November 1996.
[RFC2119] +Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997.
[RFC4880] +Callas, J., Donnerhacke, L., Finney, H., Shaw, D. and R. Thayer, "OpenPGP Message Format", RFC 4880, DOI 10.17487/RFC4880, November 2007.
[RFC4949] +Shirey, R., "Internet Security Glossary, Version 2", FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007.
[RFC5322] +Resnick, P., "Internet Message Format", RFC 5322, DOI 10.17487/RFC5322, October 2008.
[RFC5490] +Melnikov, A., "The Sieve Mail-Filtering Language -- Extensions for Checking Mailbox Status and Accessing Mailbox Metadata", RFC 5490, DOI 10.17487/RFC5490, March 2009.
[RFC6376] +Crocker, D., Hansen, T. and M. Kucherawy, "DomainKeys Identified Mail (DKIM) Signatures", STD 76, RFC 6376, DOI 10.17487/RFC6376, September 2011.
[RFC7208] +Kitterman, S., "Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1", RFC 7208, DOI 10.17487/RFC7208, April 2014.
[RFC7489] +Kucherawy, M. and E. Zwicky, "Domain-based Message Authentication, Reporting, and Conformance (DMARC)", RFC 7489, DOI 10.17487/RFC7489, March 2015.
[RFC8551] +Schaad, J., Ramsdell, B. and S. Turner, "Secure/Multipurpose Internet Mail Extensions (S​/​MIME) Version 4.0 Message Specification", RFC 8551, DOI 10.17487/RFC8551, April 2019.
+

+11.2. Informative References

+ + + + + + + + + + + + + + + + + + + + + +
[RFC7942] +Sheffer, Y. and A. Farrel, "Improving Awareness of Running Code: The Implementation Status Section", BCP 205, RFC 7942, DOI 10.17487/RFC7942, July 2016.
[SRC.enigmailpep]"Source code for Enigmail/pEp", July 2019.
[SRC.pepforandroid]"Source code for pEp for Android", July 2019.
[SRC.pepforios]"Source code for pEp for iOS", July 2019.
[SRC.pepforoutlook]"Source code for pEp for Outlook", July 2019.
+

+Appendix A. About pEp Design Principles +

+

pretty Easy privacy (pEp) is working on bringing state-of-the-art automatic cryptography known from areas like TLS to electronic mail (email) communication. pEp is determined to evolve the existing standards as fundamentally and comprehensively as needed to gain easy implementation and integration, and for easy use for regular Internet users. pEp for email wants to attain to good security practice while still retaining backward compatibility for implementations widespread.

+

To provide the required stability as a foundation for good security practice, pEp for email defines a fixed MIME structure for its innermost message structure, so to remove most attack vectors which have permitted the numerous EFAIL vulnerabilities. (TBD: ref)

+

Security comes just next after privacy in pEp, for which reason the application of signatures without encryption to messages in transit is not considered purposeful. pEp for email herein referenced, and further described in [I-D.marques-pep-email], either expects to transfer messages in cleartext without signature or encryption, or transfer them encrypted and with enclosed signature and necessary public keys so that replies can be immediately upgraded to encrypted messages.

+

The pEp message format is equivalent to the S​/​MIME standard in ensuring header protection, in that the whole message is protected instead, by wrapping it and providing cryptographic services to the whole original message. The pEp message format is different compared to the S​/​MIME standard in that the pEp protocols propose opportunistic End-to-End security and signature, by allowing the transport of the necessary public key material along with the original messages.

+

For the purpose of allowing the insertion of such public keys, the root entity of the protected message is thus nested once more into an additional multipart/mixed MIME entity. The current pEp proposal is for PGP/MIME, while an extension to S​/​MIME is next.

+

pEp’s proposal is strict in that it requires that the cryptographic services applied to the protected message MUST include encryption. It also mandates a fixed MIME structure for the protected message, which always MUST include a plaintext and optionally an HTML representation (if HTML is used) of the same message, and requires that all other optional elements to be eventually presented as attachments. Alternatively the whole protected message could represent in turn a wrapped pEp wrapper, which makes the message structure fully recursive on purpose (e.g., for the purpose of anonymization through onion routing).

+

For the purpose of implementing mixnet routing for email, it is foreseen to nest pEp messages recursively. A protected message can in turn contain a protected message due for forwarding. This is for the purpose to increase privacy and counter the necessary leakage of plaintext addressing in the envelope of the email.

+

The recursive nature of the pEp message format allows for the implementation of progressive disclosure of the necessary transport relevant header fields just as-needed to the next mail transport agents along the transmission path.

+

+Appendix B. Document Changelog +

+

[[ RFC Editor: This section is to be removed before publication ]]

+

+ + +

+Appendix C. Open Issues +

+

[[ RFC Editor: This section should be empty and is to be removed before publication. ]]

+

+ + +

Author's Address

+
+
+ + Claudio Luck + + + pEp Foundation + + Oberer Graben 4 + + + CH-8400 Winterthur, + + + + Switzerland + + EMail: claudio.luck@pep.foundation + +URI: https://pep.foundation/ + +
+
+ + + diff --git a/lamps-header-protection/archive/draft-luck-lamps-pep-header-protection-03.txt b/lamps-header-protection/archive/draft-luck-lamps-pep-header-protection-03.txt new file mode 100644 index 00000000..33a2db64 --- /dev/null +++ b/lamps-header-protection/archive/draft-luck-lamps-pep-header-protection-03.txt @@ -0,0 +1,952 @@ + + + + +Network Working Group C. Luck +Internet-Draft pEp Foundation +Intended status: Informational July 05, 2019 +Expires: January 6, 2020 + + + pretty Easy privacy (pEp): Progressive Header Disclosure + draft-luck-lamps-pep-header-protection-03 + +Abstract + + Issues with email header protection in S/MIME have been recently + raised in the IETF LAMPS Working Group. The need for amendments to + the existing specification regarding header protection was expressed. + + The pretty Easy privacy (pEp) implementations currently use a + mechanism quite similar to the currently standardized message + wrapping for S/MIME. The main difference is that pEp is using PGP/ + MIME instead, and adds space for carrying public keys next to the + protected message. + + In LAMPS, it has been expressed that whatever mechanism will be + chosen, it should not be limited to S/MIME, but also applicable to + PGP/MIME. + + This document aims to contribute to this discussion and share the pEp + implementation experience with email header protection. + +Status of This Memo + + This Internet-Draft is submitted in full conformance with the + provisions of BCP 78 and BCP 79. + + Internet-Drafts are working documents of the Internet Engineering + Task Force (IETF). Note that other groups may also distribute + working documents as Internet-Drafts. The list of current Internet- + Drafts is at https://datatracker.ietf.org/drafts/current/. + + Internet-Drafts are draft documents valid for a maximum of six months + and may be updated, replaced, or obsoleted by other documents at any + time. It is inappropriate to use Internet-Drafts as reference + material or to cite them other than as "work in progress." + + This Internet-Draft will expire on January 6, 2020. + + + + + + + +Luck Expires January 6, 2020 [Page 1] + +Internet-Draft Progressive Header Disclosure July 2019 + + +Copyright Notice + + Copyright (c) 2019 IETF Trust and the persons identified as the + document authors. All rights reserved. + + This document is subject to BCP 78 and the IETF Trust's Legal + Provisions Relating to IETF Documents + (https://trustee.ietf.org/license-info) in effect on the date of + publication of this document. Please review these documents + carefully, as they describe your rights and restrictions with respect + to this document. Code Components extracted from this document must + include Simplified BSD License text as described in Section 4.e of + the Trust Legal Provisions and are provided without warranty as + described in the Simplified BSD License. + +Table of Contents + + 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 + 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 4 + 1.2. Terms . . . . . . . . . . . . . . . . . . . . . . . . . . 4 + 2. Message Format for Progressive Header Disclosure . . . . . . 4 + 2.1. Compatibility . . . . . . . . . . . . . . . . . . . . . . 4 + 2.2. Inner Message . . . . . . . . . . . . . . . . . . . . . . 5 + 2.3. Content-Type Parameter "forwarded" . . . . . . . . . . . 5 + 2.4. Outer Message . . . . . . . . . . . . . . . . . . . . . . 5 + 2.5. Transport Message . . . . . . . . . . . . . . . . . . . . 8 + 2.6. S/MIME Compatibility . . . . . . . . . . . . . . . . . . 9 + 3. Candidate Header Fields for Header Protection . . . . . . . . 9 + 4. Stub Outside Headers . . . . . . . . . . . . . . . . . . . . 9 + 5. Processing Incoming Email under Progressive Header Disclosure 10 + 5.1. Processing of Signed-only Email . . . . . . . . . . . . . 10 + 5.2. Incoming Filter Processing . . . . . . . . . . . . . . . 10 + 5.2.1. Staged Filtering of Inbound Messages . . . . . . . . 11 + 5.3. Outgoing Filter Processing . . . . . . . . . . . . . . . 11 + 6. Security Considerations . . . . . . . . . . . . . . . . . . . 12 + 7. Privacy Considerations . . . . . . . . . . . . . . . . . . . 12 + 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 + 9. Implementation Status . . . . . . . . . . . . . . . . . . . . 12 + 9.1. Introduction . . . . . . . . . . . . . . . . . . . . . . 12 + 9.2. Current software implementing pEp . . . . . . . . . . . . 12 + 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 13 + 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 13 + 11.1. Normative References . . . . . . . . . . . . . . . . . . 13 + 11.2. Informative References . . . . . . . . . . . . . . . . . 14 + Appendix A. About pEp Design Principles . . . . . . . . . . . . 15 + Appendix B. Document Changelog . . . . . . . . . . . . . . . . . 16 + Appendix C. Open Issues . . . . . . . . . . . . . . . . . . . . 17 + Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 17 + + + +Luck Expires January 6, 2020 [Page 2] + +Internet-Draft Progressive Header Disclosure July 2019 + + +1. Introduction + + A range of protocols for the protection of electronic mail (email) + exist, which allow to assess the authenticity and integrity of the + email headers section, or selected header fields, but limited to a + domain-level perspective. Specifically these are DomainKeys + Identified Mail (DKIM) [RFC6376] and Sender Policy Framework (SPF) + [RFC7208] and Domain-based Message Authentication, Reporting, and + Conformance (DMARC) [RFC7489]. These protocols, while essential to + responding to a range of attacks on email, do not offer full End-to- + End protection to the headers section and are not capable of + providing privacy regarding the information represented therein. + + The need for means of Data Minimization, which includes data + spareness and hiding of all information technically hideable, has + grown in importance over the past years. + + A standard for End-to-End protection of the email headers section + exists for S/MIME since version 3.1. (cf. [RFC8551]): + + In order to protect outer, non-content-related message header + fields (for instance, the "Subject", "To", "From", and "Cc" + fields), the sending client MAY wrap a full MIME message in a + message/rfc822 wrapper in order to apply S/MIME security services + to these header fields. + + No mechanism for header protection has been standardized for + [PGPMIME] yet. + + End-to-End protection for the email headers section is currently not + widely implemented - neither for messages protected by means of + S/MIME nor PGP/MIME. At least two variants of header protection are + known to be implemented. A recently submitted Internet-Draft + [I-D.melnikov-lamps-header-protection] discusses the two variants and + the challenges with header protection for S/MIME. The two variants + are referred to as: + + o Option 1: Memory Hole + + o Option 2: Wrapping with message/rfc822 or message/global + + pEp (pretty Easy privacy) [I-D.birk-pep] for email + [I-D.marques-pep-email] already implements an option quite similar to + Option 2, adapting the S/MIME standards to PGP/MIME (cf. Section 2, + ff.). Existing implementations of pEp have also added inbound + support for "Memory Hole" referred to above as Option 1, thus being + able to study the differences and the implementator's challenges. + + + + +Luck Expires January 6, 2020 [Page 3] + +Internet-Draft Progressive Header Disclosure July 2019 + + + pEp now also supports the "forwarded=no" attribute proposed in + [I-D.melnikov-lamps-header-protection], and further described in + Section 2.3. + + Interoperability and implementation symmetry between PGP/MIME and + S/MIME is planned by pEp, but still in an early stage of development. + + This document describes Progressive Header Disclosure as implemented + in the "pEp message format version 2". This format inherently offers + header protection as a side effect, but is only intended for use only + with signed-and-encrypted messages. The feature of protecting + headers may be used independently by mail user agents otherwise not + wanting to conform to pEp standards (Section 2, ff.). + +1.1. Requirements Language + + The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", + "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this + document are to be interpreted as described in [RFC2119]. + +1.2. Terms + + The following terms are defined for the scope of this document: + + o Man-in-the-middle attack (MITM): cf. [RFC4949] + +2. Message Format for Progressive Header Disclosure + +2.1. Compatibility + + The pEp message format version 2 is designed such that a receiving + Mail User Agent (MUA), which is OpenPGP-compliant but not pEp- + compliant, still has built-in capability to properly verify the + integrity of the mail, decode it and display all information of the + original mail to the user. The recovered protected message is + selfsufficiently described, including all protected header fields. + + The pEp message format version 2 (as used by all the various pEp + implementations, cf. Section 9) is similar to what is standardized + for S/MIME in [RFC8551]: + + In order to protect outer, non-content-related message header + fields (for instance, the "Subject", "To", "From", and "Cc" + fields), the sending client MAY wrap a full MIME message in a + message/rfc822 wrapper in order to apply S/MIME security services + to these header fields. It is up to the receiving client to + decide how to present this "inner" header along with the + unprotected "outer" header. + + + +Luck Expires January 6, 2020 [Page 4] + +Internet-Draft Progressive Header Disclosure July 2019 + + + When an S/MIME message is received, if the top-level protected + MIME entity has a Content-Type of message/rfc822, it can be + assumed that the intent was to provide header protection. This + entity SHOULD be presented as the top-level message, [...]. + +2.2. Inner Message + + *Note*: this section is for your information only. It does not add + requirements for the header protection feature to work. + + The pEp message format requires the innermost protected message to + follow a fixed MIME structure and to consist of exactly one human- + readable message which is represented in plain or HTML format. Both + plain and html entities MUST represent the same message to the user. + Any attachment to the message must be laid out in a flat list. No + additional multipart entities are allowed in the pEp message. + + These restrictions permit to build mail user agents which are immune + to the EFAIL attacks. + + This message is herein further referred to as the "pEp inner + message". + + A mail user agent wanting to follow this standard, SHOULD transform + any "original message" into a "pEp inner message" for safe + representation on the receiving side. + +2.3. Content-Type Parameter "forwarded" + + One caveat of the design is that the user interaction with message/ + rfc822 entities varies considerably across different mail user + agents. No standard is currently available which enables MUAs to + reliably determine whenever a nested message/rfc822 entity is meant + to blend the containing message, or if it was effectively intended to + be forwarded as a file document. pEp currently implements the + proposal described by [I-D.melnikov-lamps-header-protection], 3.2, + which defines a new Content-Type header field parameter with name + "forwarded", for the MUA to distinguish between a forwarded message + and a nested message for the purpose of header protection, i.e., + using "forwarded=no". + +2.4. Outer Message + + With pEp message format version 2, the pEp standardized message is + equally wrapped in a message/rfc822 entity, but this time being in + turn wrapped in a multipart/mixed entity. The purpose of the + additional nesting is to allow for public keys of the sender to be + + + + +Luck Expires January 6, 2020 [Page 5] + +Internet-Draft Progressive Header Disclosure July 2019 + + + stored alongside the original message while being protected by the + same mechanism. + + For the case of PGP/MIME, the currently only implemented MIME + encryption protocol implemented in pEp, the top-level entity called + the "outer message" MUST contain: + + o exactly one entity of type message/rfc822, and + + o one or more entity of type application/pgp-keys + + Notes on the current pEp client implementations: + + o the current pEp implementation also adds a text/plain entity + containing "pEp-Wrapped-Message-Info: OUTER" as first element in + the MIME tree. This element is not strictly necessary, but is in + place for better backwards compatibility when manually navigating + the nested message structure. This is part of the study of + various solutions to maximize backwards compatibility, and has + been omitted from the following examples. + + o the current pEp implementation prepends "pEp-Wrapped-Message-Info: + INNER" to the original message body. This is an + implementation detail which should be ignored, and has been + omitted in the following examples. + + o the current pEp implementation may render a text/plain directly in + place of the multipart/alternate, when no HTML representation was + generated by the sending MUA. This is not strict according to + pEp's own specification, and is currently being investigated. + + This is an example of the top-level MIME entity, before being + encrypted and signed: + + + + + + + + + + + + + + + + + + +Luck Expires January 6, 2020 [Page 6] + +Internet-Draft Progressive Header Disclosure July 2019 + + + MIME-Version: 1.0 + Content-Type: multipart/mixed; + boundary="6b8b4567327b23c6643c986966334873" + + + --6b8b4567327b23c6643c986966334873 + Content-Type: message/rfc822; forwarded="no" + + From: John Doe + To: Mary Smith + Subject: Example + Date: Fri, 30 Jun 2018 09:55:06 +0200 + Message-ID: <05d0526e-41c4-11e9-8828@pretty.Easy.privacy> + X-Pep-Version: 2.0 + MIME-Version: 1.0 + Content-Type: multipart/alternative; + boundary="29fe9d2b2d7f6a703c1bffc47c162a8c" + + --29fe9d2b2d7f6a703c1bffc47c162a8c + Content-Type: text/plain; charset="utf-8" + Content-Transfer-Encoding: quoted-printable + Content-Disposition: inline; filename="msg.txt" + + p=E2=89=A1p for Privacy by Default. + -- =20 + Sent from my p=E2=89=A1p for Android. + + --29fe9d2b2d7f6a703c1bffc47c162a8c + Content-Type: text/html; charset="utf-8" + Content-Transfer-Encoding: quoted-printable + + p=E2=89=A1p for Privacy by Default.
+ --
+ Sent from my p=E2=89=A1p for Android.
+ + --29fe9d2b2d7f6a703c1bffc47c162a8c-- + --6b8b4567327b23c6643c986966334873 + Content-Type: application/pgp-keys + Content-Disposition: attachment; filename="pEpkey.asc" + + -----BEGIN PGP PUBLIC KEY BLOCK----- + + ... + -----END PGP PUBLIC KEY BLOCK----- + + --6b8b4567327b23c6643c986966334873-- + + + + + +Luck Expires January 6, 2020 [Page 7] + +Internet-Draft Progressive Header Disclosure July 2019 + + +2.5. Transport Message + + In pEp message format 2 the "outer message" consists of a full RFC822 + message with body and a minimal set of header fields, just those + necessary to conform to MIME multipart standards. + + The "outer message" should be encrypted and carry a signature + according to the MIME encryption standards. The resulting message is + the transport message which a root entity of type multipart/ + encrypted. + + A minimal set of header fields should be set on the "transport + message", as to permit delivery, without disclosing private + information. + + The structure of the transport message may be altered in-transit, + e.g. through mailing list agents, or inspection gateways. + + Signing and encrypting a message with MIME Security with [PGPMIME], + yields a message with the following complete MIME structure, seen + across the encryption layer: + + = multipart/encrypted; protocol="application/pgp-encrypted"; + + application/pgp-encrypted [ Version: 1 ] + + application/octet-stream; name="msg.asc" + { + Content-Disposition: inline; filename="msg.asc"; + } + | + [ opaque encrypted structure ] + | + { minimal headers } + + multipart/mixed + + message/rfc822; forwarded="no"; + | + { protected message headers } + + multipart/mixed + + multipart/alternate + + text/plain + + text/html + + application/octet-stream [ attachmet_1 ] + + application/octet-stream [ attachmet_2 ] + + application/pgp-keys + + + The header fields of the sub-part of type application/octet-stream + SHOULD be modified to ensure that: + + + + +Luck Expires January 6, 2020 [Page 8] + +Internet-Draft Progressive Header Disclosure July 2019 + + + o the Content-Type header field's + + * "name" parameter is set to the value "msg.asc", and + + * parameter "forwarded" is set to "no", and + + o the Content-Disposition header field value is set to "inline" + + * and the "filename" parameter is set to "msg.asc". + +2.6. S/MIME Compatibility + + Interoperability and implementation symmetry between PGP/MIME and + S/MIME is on the roadmap of pEp. + +3. Candidate Header Fields for Header Protection + + By default, all headers of the original message SHOULD be wrapped + with the original message, with one exception: + + o the header field "Bcc" MUST NOT be added to the protected headers. + +4. Stub Outside Headers + + The outer message requires a minimal set of headers to be in place + for being eligible for transport. This includes the "From", "To", + "Cc", "Bcc", "Subject" and "Message-ID" header fields. The protocol + hereby defined also depends on the "MIME-Version", "Content-Type", + "Content-Disposition" and eventually the "Content-Transport-Encoding" + header field to be present. + + Submission and forwarding based on SMTP carries "from" and + "receivers" information out-of-band, so that the "From" and "To" + header fields are not strictly necessary. Nevertheless, "From", + "Date", and at least one destination header field is mandatory as per + [RFC5322]. They SHOULD be conserved for reliability. + + The following header fields should contain a verbatim copy of the + header fields of the inner message: + + o Date + + o From + + o To + + o Cc (*) + + + + +Luck Expires January 6, 2020 [Page 9] + +Internet-Draft Progressive Header Disclosure July 2019 + + + o Bcc (*) + + The entries with an asterisk mark (*) should only be set if also + present in the original message. + + Clients which follow pEp standards MUST set the header field value + for "Subject" to "=?utf-8?Q?p=E2=89=A1p?=" or "pEp". Clients which + do not adhere to all pEp standards should set the header field value + of "Subject" to a descriptive stub value. An example used in + practice is + + o Subject: Encrypted message + + The following header fields MUST be initialized with proper values + according to the MIME standards: + + o Content-Type + + o Content-Disposition + + o Content-Transport-Encoding (if necessary) + +5. Processing Incoming Email under Progressive Header Disclosure + + [[ TODO ]] + +5.1. Processing of Signed-only Email + + pEp either engages in a signed-and-encrypted communication or in an + unsigned plaintext communication. Inbound signatures attached to + plaintext messages are duly verified but cannot enhance the perceived + quality of the message in the user interface (while an invalid + signature degrades the perception) [I-D.birk-pep]. + +5.2. Incoming Filter Processing + + The Mail User Agent may implement outgoing filtering of mails, which + may veto, alter, redirect or replicate the messages. The + functionality may be implemented on the mailbox server and be + configurable through a well-known protocol, e.g., by means of The + Sieve Mail-Filtering Language [RFC5490], or be implemented client- + side, or in a combination of both. + + A mailbox server, which is required to process the full range of + possible filters, is requiring plaintext access to the header fields. + + In an End-to-End-encryption context, which pEp enforces by default, + upon first reception of the message the mailbox server is limited to + + + +Luck Expires January 6, 2020 [Page 10] + +Internet-Draft Progressive Header Disclosure July 2019 + + + see the transport- relevant headers of the outer wrapper message. A + pEp client configured to trust the server ("trusted server" setting + [I-D.marques-pep-email]) will later download the encrypted message, + decrypt it and replace the copy on the server by the decrypted copy. + +5.2.1. Staged Filtering of Inbound Messages + + Inbound messages are expected to be delivered to the inbox while + still being encrypted. At this point in time, server-side filtering + can only evaluate the unprotected header fields in the wrapper + message. + + In an End-to-End-encryption context, which pEp enforces by default, + the mailbox server is limited to see the transport-relevant headers + of the outer wrapper message only upon first delivery. A pEp client + configured to trust the server ("trusted server" setting + [I-D.marques-pep-email]) will eventually download the encrypted + message, decrypt it locally and replace the copy on the server by the + decrypted copy. Server-side message filters SHOULD be able to detect + such post-processed messages, and apply the pending filters. The + client SHOULD easily reflect the post-filtered messages in the user + interface. + +5.3. Outgoing Filter Processing + + The Mail User Agent may implement outgoing filtering of emails, which + may veto, alter or replicate the email. They may also hint the MUA + to store a copy in an alternate "Sent" folder. + + Filters which veto the sending or do alter the mail or replicate it + (e.g., mass-mail generators) SHOULD be completed prior to applying + protection, and thus also prior to applying header protection. + Redirection to alternate "Sent" folders MUST NOT be decided prior to + applying protection, but MUAs MAY abide from this restriction if they + implement the "trusted server" option and the option is selected for + the specific mailbox server; in this case, MUAs MUST NOT allow to + redirect a message to an untrusted server by these rules, to prevent + information leakage to the untrusted server. + + [[ TODO: Mention implicit filter for minimal color-rating for message + replication. ]] + + [[ TODO: How to produce key-export-mails manually this way? That is, + what about non-pEp-mode? ]] + + + + + + + +Luck Expires January 6, 2020 [Page 11] + +Internet-Draft Progressive Header Disclosure July 2019 + + +6. Security Considerations + + [[ TODO ]] + +7. Privacy Considerations + + [[ TODO ]] + +8. IANA Considerations + + This document has no actions for IANA. + +9. Implementation Status + +9.1. Introduction + + This section records the status of known implementations of the + protocol defined by this specification at the time of posting of this + Internet-Draft, and is based on a proposal described in [RFC7942]. + The description of implementations in this section is intended to + assist the IETF in its decision processes in progressing drafts to + RFCs. Please note that the listing of any individual implementation + here does not imply endorsement by the IETF. Furthermore, no effort + has been spent to verify the information presented here that was + supplied by IETF contributors. This is not intended as, and must not + be construed to be, a catalog of available implementations or their + features. Readers are advised to note that other implementations may + exist. + + According to [RFC7942], "[...] this will allow reviewers and working + groups to assign due consideration to documents that have the benefit + of running code, which may serve as evidence of valuable + experimentation and feedback that have made the implemented protocols + more mature. It is up to the individual working groups to use this + information as they see fit." + +9.2. Current software implementing pEp + + The following software implementing the pEp protocols (to varying + degrees) already exists: + + o pEp for Outlook as add-on for Microsoft Outlook, release + [SRC.pepforoutlook] + + o pEp for Android (based on a fork of the K9 MUA), release + [SRC.pepforandroid] + + + + + +Luck Expires January 6, 2020 [Page 12] + +Internet-Draft Progressive Header Disclosure July 2019 + + + o Enigmail/pEp as add-on for Mozilla Thunderbird, release + [SRC.enigmailpep] + + o pEp for iOS (implemented in a new MUA), beta [SRC.pepforios] + + pEp for Android, iOS and Outlook are provided by pEp Security, a + commercial entity specializing in end-user software implementing pEp + while Enigmail/pEp is pursued as community project, supported by the + pEp Foundation. + + All software is available as Free Software and published also in + source form. + +10. Acknowledgements + + The authors would like to thank the following people who have + provided significant contributions or feedback for the development of + this document: Krista Bennett, Volker Birk, Bernie Hoeneisen and + Hernani Marques. + +11. References + +11.1. Normative References + + [I-D.birk-pep] + Marques, H. and B. Hoeneisen, "pretty Easy privacy (pEp): + Privacy by Default", draft-birk-pep-03 (work in progress), + March 2019. + + [I-D.marques-pep-email] + Marques, H., "pretty Easy privacy (pEp): Email Formats and + Protocols", draft-marques-pep-email-02 (work in progress), + October 2018. + + [I-D.melnikov-lamps-header-protection] + Melnikov, A., "Considerations for protecting Email header + with S/MIME", draft-melnikov-lamps-header-protection-00 + (work in progress), October 2018. + + [PGPMIME] Elkins, M., Del Torto, D., Levien, R., and T. Roessler, + "MIME Security with OpenPGP", RFC 3156, + DOI 10.17487/RFC3156, August 2001, + . + + [RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail + Extensions (MIME) Part Two: Media Types", RFC 2046, + DOI 10.17487/RFC2046, November 1996, + . + + + +Luck Expires January 6, 2020 [Page 13] + +Internet-Draft Progressive Header Disclosure July 2019 + + + [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate + Requirement Levels", BCP 14, RFC 2119, + DOI 10.17487/RFC2119, March 1997, + . + + [RFC4880] Callas, J., Donnerhacke, L., Finney, H., Shaw, D., and R. + Thayer, "OpenPGP Message Format", RFC 4880, + DOI 10.17487/RFC4880, November 2007, + . + + [RFC4949] Shirey, R., "Internet Security Glossary, Version 2", + FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007, + . + + [RFC5322] Resnick, P., Ed., "Internet Message Format", RFC 5322, + DOI 10.17487/RFC5322, October 2008, + . + + [RFC5490] Melnikov, A., "The Sieve Mail-Filtering Language -- + Extensions for Checking Mailbox Status and Accessing + Mailbox Metadata", RFC 5490, DOI 10.17487/RFC5490, March + 2009, . + + [RFC6376] Crocker, D., Ed., Hansen, T., Ed., and M. Kucherawy, Ed., + "DomainKeys Identified Mail (DKIM) Signatures", STD 76, + RFC 6376, DOI 10.17487/RFC6376, September 2011, + . + + [RFC7208] Kitterman, S., "Sender Policy Framework (SPF) for + Authorizing Use of Domains in Email, Version 1", RFC 7208, + DOI 10.17487/RFC7208, April 2014, + . + + [RFC7489] Kucherawy, M., Ed. and E. Zwicky, Ed., "Domain-based + Message Authentication, Reporting, and Conformance + (DMARC)", RFC 7489, DOI 10.17487/RFC7489, March 2015, + . + + [RFC8551] Schaad, J., Ramsdell, B., and S. Turner, "Secure/ + Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 + Message Specification", RFC 8551, DOI 10.17487/RFC8551, + April 2019, . + +11.2. Informative References + + + + + + + +Luck Expires January 6, 2020 [Page 14] + +Internet-Draft Progressive Header Disclosure July 2019 + + + [RFC7942] Sheffer, Y. and A. Farrel, "Improving Awareness of Running + Code: The Implementation Status Section", BCP 205, + RFC 7942, DOI 10.17487/RFC7942, July 2016, + . + + [SRC.enigmailpep] + "Source code for Enigmail/pEp", July 2019, + . + + [SRC.pepforandroid] + "Source code for pEp for Android", July 2019, + . + + [SRC.pepforios] + "Source code for pEp for iOS", July 2019, + . + + [SRC.pepforoutlook] + "Source code for pEp for Outlook", July 2019, + . + +Appendix A. About pEp Design Principles + + pretty Easy privacy (pEp) is working on bringing state-of-the-art + automatic cryptography known from areas like TLS to electronic mail + (email) communication. pEp is determined to evolve the existing + standards as fundamentally and comprehensively as needed to gain easy + implementation and integration, and for easy use for regular Internet + users. pEp for email wants to attain to good security practice while + still retaining backward compatibility for implementations + widespread. + + To provide the required stability as a foundation for good security + practice, pEp for email defines a fixed MIME structure for its + innermost message structure, so to remove most attack vectors which + have permitted the numerous EFAIL vulnerabilities. (TBD: ref) + + Security comes just next after privacy in pEp, for which reason the + application of signatures without encryption to messages in transit + is not considered purposeful. pEp for email herein referenced, and + further described in [I-D.marques-pep-email], either expects to + transfer messages in cleartext without signature or encryption, or + transfer them encrypted and with enclosed signature and necessary + public keys so that replies can be immediately upgraded to encrypted + messages. + + The pEp message format is equivalent to the S/MIME standard in + ensuring header protection, in that the whole message is protected + + + +Luck Expires January 6, 2020 [Page 15] + +Internet-Draft Progressive Header Disclosure July 2019 + + + instead, by wrapping it and providing cryptographic services to the + whole original message. The pEp message format is different compared + to the S/MIME standard in that the pEp protocols propose + opportunistic End-to-End security and signature, by allowing the + transport of the necessary public key material along with the + original messages. + + For the purpose of allowing the insertion of such public keys, the + root entity of the protected message is thus nested once more into an + additional multipart/mixed MIME entity. The current pEp proposal is + for PGP/MIME, while an extension to S/MIME is next. + + pEp's proposal is strict in that it requires that the cryptographic + services applied to the protected message MUST include encryption. + It also mandates a fixed MIME structure for the protected message, + which always MUST include a plaintext and optionally an HTML + representation (if HTML is used) of the same message, and requires + that all other optional elements to be eventually presented as + attachments. Alternatively the whole protected message could + represent in turn a wrapped pEp wrapper, which makes the message + structure fully recursive on purpose (e.g., for the purpose of + anonymization through onion routing). + + For the purpose of implementing mixnet routing for email, it is + foreseen to nest pEp messages recursively. A protected message can + in turn contain a protected message due for forwarding. This is for + the purpose to increase privacy and counter the necessary leakage of + plaintext addressing in the envelope of the email. + + The recursive nature of the pEp message format allows for the + implementation of progressive disclosure of the necessary transport + relevant header fields just as-needed to the next mail transport + agents along the transmission path. + +Appendix B. Document Changelog + + [[ RFC Editor: This section is to be removed before publication ]] + + o draft-luck-lamps-pep-header-protection-03 + + * Remove Use Cases / Requirements sections (move to new doc) + + * Adjust title of the document + + * Added note on implementation done of forwarded=no + + o draft-luck-lamps-pep-header-protection-02 + + + + +Luck Expires January 6, 2020 [Page 16] + +Internet-Draft Progressive Header Disclosure July 2019 + + + * Add Privacy and IANA Considerations sections + + * Added / Adjusted requirements + + o draft-luck-lamps-pep-header-protection-01 + + * Major rewrite and update of whole document + + o draft-luck-lamps-pep-header-protection-00 + + * Initial version + +Appendix C. Open Issues + + [[ RFC Editor: This section should be empty and is to be removed + before publication. ]] + + o Align with specification for MIME Content-Type message/partial + + * We probably have issues and overlapping specifications about + encoding for nested message/rfc822 entities, specified in + [RFC2046]. Further study is needed to find and understand the + issues. + +Author's Address + + Claudio Luck + pEp Foundation + Oberer Graben 4 + CH-8400 Winterthur + Switzerland + + Email: claudio.luck@pep.foundation + URI: https://pep.foundation/ + + + + + + + + + + + + + + + + + +Luck Expires January 6, 2020 [Page 17] diff --git a/lamps-header-protection/archive/draft-luck-lamps-pep-header-protection-03.xml b/lamps-header-protection/archive/draft-luck-lamps-pep-header-protection-03.xml new file mode 100644 index 00000000..573059b2 --- /dev/null +++ b/lamps-header-protection/archive/draft-luck-lamps-pep-header-protection-03.xml @@ -0,0 +1,1276 @@ + + + + + + + + + + + + + + + pretty Easy privacy (pEp): Progressive Header Disclosure + + + pEp Foundation +
+ + Oberer Graben 4 + CH-8400 Winterthur + Switzerland + + claudio.luck@pep.foundation + https://pep.foundation/ +
+ + + + + + + + + + + +Issues with email header protection in S/MIME have been recently +raised in the IETF LAMPS Working Group. The need for amendments to the +existing specification regarding header protection was expressed. + +The pretty Easy privacy (pEp) implementations currently use a mechanism quite +similar to the currently standardized message wrapping for S/MIME. The main +difference is that pEp is using PGP/MIME instead, and adds space for carrying +public keys next to the protected message. + +In LAMPS, it has been expressed that whatever mechanism will +be chosen, it should not be limited to S/MIME, but also applicable to +PGP/MIME. + +This document aims to contribute to this discussion and share the pEp +implementation experience with email header protection. + + + + + + + + + + + +
+ +A range of protocols for the protection of electronic mail (email) +exist, which allow to assess the authenticity and integrity of the +email headers section, or selected header fields, but limited to a +domain-level perspective. Specifically these are DomainKeys +Identified Mail (DKIM) and Sender Policy Framework (SPF) + and Domain-based Message Authentication, Reporting, and +Conformance (DMARC) . These protocols, while essential to +responding to a range of attacks on email, do not offer full +End-to-End protection to the headers section and are not capable of +providing privacy regarding the information represented therein. + +The need for means of Data Minimization, which includes data +spareness and hiding of all information technically hideable, has +grown in importance over the past years. + +A standard for End-to-End protection of the email headers section +exists for S/MIME since version 3.1. (cf. ): + + + In order to protect outer, non-content-related message header fields + (for instance, the “Subject”, “To”, “From”, and “Cc” fields), the + sending client MAY wrap a full MIME message in a message/rfc822 + wrapper in order to apply S/MIME security services to these header + fields. + + +No mechanism for header protection has been standardized for + yet. + +End-to-End protection for the email headers section is currently not +widely implemented – neither for messages protected by means of +S/MIME nor PGP/MIME. At least two variants of header protection are +known to be implemented. A recently submitted Internet-Draft + discusses the two variants +and the challenges with header protection for S/MIME. The two +variants are referred to as: + + + Option 1: Memory Hole + Option 2: Wrapping with message/rfc822 or message/global + + +pEp (pretty Easy privacy) for email + already implements an option quite similar +to Option 2, adapting the S/MIME standards to PGP/MIME (cf. +, ff.). Existing +implementations of pEp have also added inbound support for “Memory +Hole” referred to above as Option 1, thus being able to study the +differences and the implementator’s challenges. + +pEp now also supports the “forwarded=no” attribute proposed in +, and further described in +. + +Interoperability and implementation symmetry between PGP/MIME and +S/MIME is planned by pEp, but still in an early stage of development. + +This document describes Progressive Header Disclosure as implemented +in the “pEp message format version 2”. This format inherently offers +header protection as a side effect, but is only intended for use only +with signed-and-encrypted messages. The feature of protecting +headers may be used independently by mail user agents otherwise not +wanting to conform to pEp standards +(, ff.). + +
+ +The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, +“SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in this +document are to be interpreted as described in . + +
+
+ +The following terms are defined for the scope of this document: + + + + + + Man-in-the-middle attack (MITM): cf. + + + + +
+
+
+ +
+ +The pEp message format version 2 is designed such that a receiving Mail User +Agent (MUA), which is OpenPGP-compliant but not pEp-compliant, still has +built-in capability to properly verify the integrity of the mail, decode it +and display all information of the original mail to the user. The recovered +protected message is selfsufficiently described, including all protected +header fields. + +The pEp message format version 2 (as used by all the various pEp +implementations, cf. ) is similar to what is +standardized for S/MIME in : + + + In order to protect outer, non-content-related message header fields + (for instance, the “Subject”, “To”, “From”, and “Cc” fields), the + sending client MAY wrap a full MIME message in a message/rfc822 + wrapper in order to apply S/MIME security services to these header + fields. It is up to the receiving client to decide how to present + this “inner” header along with the unprotected “outer” header. + + When an S/MIME message is received, if the top-level protected MIME + entity has a Content-Type of message/rfc822, it can be assumed that + the intent was to provide header protection. This entity SHOULD be + presented as the top-level message, […]. + + + + +
+
+ +Note: this section is for your information only. It does not add +requirements for the header protection feature to work. + +The pEp message format requires the innermost protected message to follow a +fixed MIME structure and to consist of exactly one human-readable message which +is represented in plain or HTML format. Both plain and html entities MUST +represent the same message to the user. Any attachment to the message must be +laid out in a flat list. No additional multipart entities are allowed in the +pEp message. + +These restrictions permit to build mail user agents which are immune to the +EFAIL attacks. + +This message is herein further referred to as the “pEp inner message”. + +A mail user agent wanting to follow this standard, SHOULD transform any +“original message” into a “pEp inner message” for safe representation on the +receiving side. + +
+
+ +One caveat of the design is that the user interaction with +message/rfc822 entities varies considerably across different mail +user agents. No standard is currently available which enables MUAs to +reliably determine whenever a nested message/rfc822 entity is meant +to blend the containing message, or if it was effectively intended to +be forwarded as a file document. pEp currently implements the +proposal described by , 3.2, +which defines a new Content-Type header field parameter with name +“forwarded”, for the MUA to distinguish between a forwarded message +and a nested message for the purpose of header protection, i.e., +using “forwarded=no”. + +
+
+ +With pEp message format version 2, the pEp standardized message is equally +wrapped in a message/rfc822 entity, but this time being in turn wrapped in a +multipart/mixed entity. The purpose of the additional nesting is to allow for +public keys of the sender to be stored alongside the original message while +being protected by the same mechanism. + +For the case of PGP/MIME, the currently only implemented MIME encryption +protocol implemented in pEp, the top-level entity called the “outer +message” MUST contain: + + + exactly one entity of type message/rfc822, and + one or more entity of type application/pgp-keys + + +Notes on the current pEp client implementations: + + + the current pEp implementation also adds a text/plain entity containing +“pEp-Wrapped-Message-Info: OUTER” as first element in the MIME tree. This +element is not strictly necessary, but is in place for better backwards +compatibility when manually navigating the nested message structure. This is +part of the study of various solutions to maximize backwards compatibility, +and has been omitted from the following examples. + the current pEp implementation prepends “pEp-Wrapped-Message-Info: +INNER<CR><LF>” to the original message body. This is an implementation +detail which should be ignored, and has been omitted in the following examples. + the current pEp implementation may render a text/plain directly in place of +the multipart/alternate, when no HTML representation was generated by the +sending MUA. This is not strict according to pEp’s own specification, and is +currently being investigated. + + + + +This is an example of the top-level MIME entity, before being encrypted and +signed: + +
+ To: Mary Smith + Subject: Example + Date: Fri, 30 Jun 2018 09:55:06 +0200 + Message-ID: <05d0526e-41c4-11e9-8828@pretty.Easy.privacy> + X-Pep-Version: 2.0 + MIME-Version: 1.0 + Content-Type: multipart/alternative; + boundary="29fe9d2b2d7f6a703c1bffc47c162a8c" + + --29fe9d2b2d7f6a703c1bffc47c162a8c + Content-Type: text/plain; charset="utf-8" + Content-Transfer-Encoding: quoted-printable + Content-Disposition: inline; filename="msg.txt" + + p=E2=89=A1p for Privacy by Default. + -- =20 + Sent from my p=E2=89=A1p for Android. + + --29fe9d2b2d7f6a703c1bffc47c162a8c + Content-Type: text/html; charset="utf-8" + Content-Transfer-Encoding: quoted-printable + + p=E2=89=A1p for Privacy by Default.
+ --
+ Sent from my p=E2=89=A1p for Android.
+ + --29fe9d2b2d7f6a703c1bffc47c162a8c-- + --6b8b4567327b23c6643c986966334873 + Content-Type: application/pgp-keys + Content-Disposition: attachment; filename="pEpkey.asc" + + -----BEGIN PGP PUBLIC KEY BLOCK----- + + ... + -----END PGP PUBLIC KEY BLOCK----- + + --6b8b4567327b23c6643c986966334873-- +]]>
+ +
+
+ +In pEp message format 2 the “outer message” consists of a full RFC822 message +with body and a minimal set of header fields, just those necessary to conform +to MIME multipart standards. + +The “outer message” should be encrypted and carry a signature according to the +MIME encryption standards. The resulting message is the transport message +which a root entity of type multipart/encrypted. + +A minimal set of header fields should be set on the “transport message”, as to +permit delivery, without disclosing private information. + +The structure of the transport message may be altered in-transit, e.g. through +mailing list agents, or inspection gateways. + +Signing and encrypting a message with MIME Security with , +yields a message with the following complete MIME structure, seen +across the encryption layer: + +
+ +The header fields of the sub-part of type application/octet-stream SHOULD be +modified to ensure that: + + + the Content-Type header field’s + + “name” parameter is set to the value “msg.asc”, and + parameter “forwarded” is set to “no”, and + + the Content-Disposition header field value is set to “inline” + + and the “filename” parameter is set to “msg.asc”. + + + +
+
+ +Interoperability and implementation symmetry between PGP/MIME and S/MIME is on +the roadmap of pEp. + +
+
+
+ +By default, all headers of the original message SHOULD be wrapped with the +original message, with one exception: + + + the header field “Bcc” MUST NOT be added to the protected headers. + + +
+
+ +The outer message requires a minimal set of headers to be in place for being +eligible for transport. This includes the “From”, “To”, “Cc”, “Bcc”, “Subject” +and “Message-ID” header fields. The protocol hereby defined also depends on the +“MIME-Version”, “Content-Type”, “Content-Disposition” and eventually the +“Content-Transport-Encoding” header field to be present. + +Submission and forwarding based on SMTP carries “from” and “receivers” +information out-of-band, so that the “From” and “To” header fields are not +strictly necessary. Nevertheless, “From”, “Date”, and at least one destination +header field is mandatory as per . They SHOULD be conserved for +reliability. + +The following header fields should contain a verbatim copy of the header +fields of the inner message: + + + Date + From + To + Cc (*) + Bcc (*) + + +The entries with an asterisk mark (*) should only be set if also present in the +original message. + +Clients which follow pEp standards MUST set the header field value for +“Subject” to “=?utf-8?Q?p=E2=89=A1p?=” or “pEp”. Clients which do not adhere +to all pEp standards should set the header field value of “Subject” to a +descriptive stub value. An example used in practice is + + + Subject: Encrypted message + + +The following header fields MUST be initialized with proper values according +to the MIME standards: + + + Content-Type + Content-Disposition + Content-Transport-Encoding (if necessary) + + +
+
+ +[[ TODO ]] + + + +
+ +pEp either engages in a signed-and-encrypted communication or in an unsigned +plaintext communication. Inbound signatures attached to plaintext messages are +duly verified but cannot enhance the perceived quality of the message in the +user interface (while an invalid signature degrades the perception) +. + +
+
+ +The Mail User Agent may implement outgoing filtering of mails, which may veto, +alter, redirect or replicate the messages. The functionality may be +implemented on the mailbox server and be configurable through a well-known +protocol, e.g., by means of The Sieve Mail-Filtering Language , or +be implemented client-side, or in a combination of both. + +A mailbox server, which is required to process the full range of possible +filters, is requiring plaintext access to the header fields. + +In an End-to-End-encryption context, which pEp enforces by default, upon first +reception of the message the mailbox server is limited to see the transport- +relevant headers of the outer wrapper message. A pEp client configured to trust +the server (“trusted server” setting ) will later +download the encrypted message, decrypt it and replace the copy on the server +by the decrypted copy. + +
+ +Inbound messages are expected to be delivered to the inbox while still being +encrypted. At this point in time, server-side filtering can only evaluate the +unprotected header fields in the wrapper message. + +In an End-to-End-encryption context, which pEp enforces by default, the mailbox +server is limited to see the transport-relevant headers of the outer wrapper +message only upon first delivery. A pEp client configured to trust the server +(“trusted server” setting ) will eventually download +the encrypted message, decrypt it locally and replace the copy on the server +by the decrypted copy. Server-side message filters SHOULD be able to detect +such post-processed messages, and apply the pending filters. The client SHOULD +easily reflect the post-filtered messages in the user interface. + +
+
+
+ +The Mail User Agent may implement outgoing filtering of emails, which may veto, +alter or replicate the email. They may also hint the MUA to store a copy in an +alternate “Sent” folder. + + + +Filters which veto the sending or do alter the mail or replicate it (e.g., +mass-mail generators) SHOULD be completed prior to applying protection, and +thus also prior to applying header protection. Redirection to alternate “Sent” +folders MUST NOT be decided prior to applying protection, but MUAs MAY abide +from this restriction if they implement the “trusted server” option and the +option is selected for the specific mailbox server; in this case, MUAs MUST NOT +allow to redirect a message to an untrusted server by these rules, to prevent +information leakage to the untrusted server. + + + +[[ TODO: Mention implicit filter for minimal color-rating for +message replication. ]] + +[[ TODO: How to produce key-export-mails manually this way? That is, what +about non-pEp-mode? ]] + + + +
+
+
+ +[[ TODO ]] + +
+
+ +[[ TODO ]] + +
+
+ +This document has no actions for IANA. + +
+
+ +
+ +This section records the status of known implementations of the +protocol defined by this specification at the time of posting of this +Internet-Draft, and is based on a proposal described in . +The description of implementations in this section is intended to +assist the IETF in its decision processes in progressing drafts to +RFCs. Please note that the listing of any individual implementation +here does not imply endorsement by the IETF. Furthermore, no effort +has been spent to verify the information presented here that was +supplied by IETF contributors. This is not intended as, and must not +be construed to be, a catalog of available implementations or their +features. Readers are advised to note that other implementations may +exist. + +According to , “[…] this will allow reviewers and +working groups to assign due consideration to documents that have the +benefit of running code, which may serve as evidence of valuable +experimentation and feedback that have made the implemented protocols +more mature. It is up to the individual working groups to use this +information as they see fit.” + +
+
+ +The following software implementing the pEp protocols (to varying +degrees) already exists: + + + pEp for Outlook as add-on for Microsoft Outlook, release + pEp for Android (based on a fork of the K9 MUA), release + Enigmail/pEp as add-on for Mozilla Thunderbird, release + pEp for iOS (implemented in a new MUA), beta + + +pEp for Android, iOS and Outlook are provided by pEp Security, a commercial +entity specializing in end-user software implementing pEp while Enigmail/pEp +is pursued as community project, supported by the pEp Foundation. + +All software is available as Free Software and published also in source form. + +
+
+
+ +The authors would like to thank the following people who have +provided significant contributions or feedback for the development of +this document: Krista Bennett, Volker Birk, Bernie Hoeneisen and +Hernani Marques. + +
+ + + + + + + + + + + + + + +Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types + + + +This second document defines the general structure of the MIME media typing system and defines an initial set of media types. [STANDARDS-TRACK] + + + + + + + + + +MIME Security with OpenPGP + + + + + +This document describes how the OpenPGP Message Format can be used to provide privacy and authentication using the Multipurpose Internet Mail Extensions (MIME) security content types described in RFC 1847. [STANDARDS-TRACK] + + + + + + + + + +Internet Security Glossary, Version 2 + + +This Glossary provides definitions, abbreviations, and explanations of terminology for information system security. The 334 pages of entries offer recommendations to improve the comprehensibility of written material that is generated in the Internet Standards Process (RFC 2026). The recommendations follow the principles that such writing should (a) use the same term or definition whenever the same concept is mentioned; (b) use terms in their plainest, dictionary sense; (c) use terms that are already well-established in open publications; and (d) avoid terms that either favor a particular vendor or favor a particular technology or mechanism over other, competing techniques that already exist or could be developed. This memo provides information for the Internet community. + + + + + + + + + + +Internet Message Format + + +This document specifies the Internet Message Format (IMF), a syntax for text messages that are sent between computer users, within the framework of "electronic mail" messages. This specification is a revision of Request For Comments (RFC) 2822, which itself superseded Request For Comments (RFC) 822, "Standard for the Format of ARPA Internet Text Messages", updating it to reflect current practice and incorporating incremental changes that were specified in other RFCs. [STANDARDS-TRACK] + + + + + + + + + +OpenPGP Message Format + + + + + + +This document is maintained in order to publish all necessary information needed to develop interoperable applications based on the OpenPGP format. It is not a step-by-step cookbook for writing an application. It describes only the format and methods needed to read, check, generate, and write conforming packets crossing any network. It does not deal with storage and implementation questions. It does, however, discuss implementation issues necessary to avoid security flaws.OpenPGP software uses a combination of strong public-key and symmetric cryptography to provide security services for electronic communications and data storage. These services include confidentiality, key management, authentication, and digital signatures. This document specifies the message formats used in OpenPGP. [STANDARDS-TRACK] + + + + + + + + + +The Sieve Mail-Filtering Language -- Extensions for Checking Mailbox Status and Accessing Mailbox Metadata + + +This memo defines an extension to the Sieve mail filtering language (RFC 5228) for accessing mailbox and server annotations, checking for mailbox existence, and controlling mailbox creation on "fileinto" action. [STANDARDS-TRACK] + + + + + + + + + +DomainKeys Identified Mail (DKIM) Signatures + + + + +DomainKeys Identified Mail (DKIM) permits a person, role, or organization that owns the signing domain to claim some responsibility for a message by associating the domain with the message. This can be an author's organization, an operational relay, or one of their agents. DKIM separates the question of the identity of the Signer of the message from the purported author of the message. Assertion of responsibility is validated through a cryptographic signature and by querying the Signer's domain directly to retrieve the appropriate public key. Message transit from author to recipient is through relays that typically make no substantive change to the message content and thus preserve the DKIM signature.This memo obsoletes RFC 4871 and RFC 5672. [STANDARDS-TRACK] + + + + + + + + + + +Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1 + + +Email on the Internet can be forged in a number of ways. In particular, existing protocols place no restriction on what a sending host can use as the "MAIL FROM" of a message or the domain given on the SMTP HELO/EHLO commands. This document describes version 1 of the Sender Policy Framework (SPF) protocol, whereby ADministrative Management Domains (ADMDs) can explicitly authorize the hosts that are allowed to use their domain names, and a receiving host can check such authorization.This document obsoletes RFC 4408. + + + + + + + + + +Domain-based Message Authentication, Reporting, and Conformance (DMARC) + + + +Domain-based Message Authentication, Reporting, and Conformance (DMARC) is a scalable mechanism by which a mail-originating organization can express domain-level policies and preferences for message validation, disposition, and reporting, that a mail-receiving organization can use to improve mail handling.Originators of Internet Mail need to be able to associate reliable and authenticated domain identifiers with messages, communicate policies about messages that use those identifiers, and report about mail using those identifiers. These abilities have several benefits: Receivers can provide feedback to Domain Owners about the use of their domains; this feedback can provide valuable insight about the management of internal operations and the presence of external domain name abuse.DMARC does not produce or encourage elevated delivery privilege of authenticated email. DMARC is a mechanism for policy distribution that enables increasingly strict handling of messages that fail authentication checks, ranging from no action, through altered delivery, up to message rejection. + + + + + + + + + +Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 Message Specification + + + + +This document defines Secure/Multipurpose Internet Mail Extensions (S/MIME) version 4.0. S/MIME provides a consistent way to send and receive secure MIME data. Digital signatures provide authentication, message integrity, and non-repudiation with proof of origin. Encryption provides data confidentiality. Compression can be used to reduce data size. This document obsoletes RFC 5751. + + + + + + + + + +Considerations for protecting Email header with S/MIME + + + + + + + +This document describes best practices for handling of Email header protected by S/MIME. Procedures described in this document are also applicable to OpenPGP. + + + + + + + + + + + +pretty Easy privacy (pEp): Privacy by Default + + + + + + + + + + + +The pretty Easy privacy (pEp) protocols describe a set of conventions for the automation of operations traditionally seen as barriers to the use and deployment of secure end-to-end interpersonal messaging. These include, but are not limited to, key management, key discovery, and private key handling (including peer-to-peer synchronization of private keys and other user data across devices). pEp also introduces means to verify communication peers and proposes a trust-rating system to denote secure types of communications and signal the privacy level available on a per-user and per-message level. Significantly, the pEp protocols build on already available security formats and message transports (e.g., PGP/MIME), and are written with the intent to be interoperable with already widely-deployed systems in order to facilitate and ease adoption and implementation. This document outlines the general design choices and principles of pEp. + + + + + + + + + + + +pretty Easy privacy (pEp): Email Formats and Protocols + + + + + + + +The pretty Easy privacy (pEp) propositions for email are based upon already existing email and encryption formats (i.e., PGP/MIME) and designed to allow for easy implementable and interoperable opportunistic encryption: this ranging from key distribution to mechanisms of subject encryption. The goal of pEp for email is to automatize operations in order to make email encryption usable by a wider range of Internet users, to achieve wide application of confidentiality and privacy practices in the real world. This document defines basic operations of pEp's approach towards email and two PGP/MIME formats (pEp Email Format 1 and 2) to provide certain security guarantees. The proposed operations and formats are targeted to Opportunistic Security scenarios and are already implemented in several applications of pretty Easy privacy (pEp). + + + + + + + + + + + +Key words for use in RFCs to Indicate Requirement Levels + + +In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. + + + + + + + + + + + + + + + + + + + +Improving Awareness of Running Code: The Implementation Status Section + + + +This document describes a simple process that allows authors of Internet-Drafts to record the status of known implementations by including an Implementation Status section. This will allow reviewers and working groups to assign due consideration to documents that have the benefit of running code, which may serve as evidence of valuable experimentation and feedback that have made the implemented protocols more mature.This process is not mandatory. Authors of Internet-Drafts are encouraged to consider using the process for their documents, and working groups are invited to think about applying the process to all of their protocol specifications. This document obsoletes RFC 6982, advancing it to a Best Current Practice. + + + + + + + + + + Source code for pEp for Android + + + + + + + + + Source code for pEp for iOS + + + + + + + + + Source code for pEp for Outlook + + + + + + + + + Source code for Enigmail/pEp + + + + + + + + + + + +
+ +pretty Easy privacy (pEp) is working on bringing state-of-the-art automatic +cryptography known from areas like TLS to electronic mail (email) +communication. pEp is determined to evolve the existing standards as +fundamentally and comprehensively as needed to gain easy implementation and +integration, and for easy use for regular Internet users. pEp for email wants +to attain to good security practice while still retaining backward +compatibility for implementations widespread. + +To provide the required stability as a foundation for good security +practice, pEp for email defines a fixed MIME structure for its innermost +message structure, so to remove most attack vectors which have permitted the +numerous EFAIL vulnerabilities. (TBD: ref) + +Security comes just next after privacy in pEp, for which reason the +application of signatures without encryption to messages in transit is not +considered purposeful. pEp for email herein referenced, and further described +in , either expects to transfer messages in cleartext +without signature or encryption, or transfer them encrypted and with enclosed +signature and necessary public keys so that replies can be immediately +upgraded to encrypted messages. + +The pEp message format is equivalent to the S/MIME standard in ensuring header +protection, in that the whole message is protected instead, by wrapping it and +providing cryptographic services to the whole original message. The pEp +message format is different compared to the S/MIME standard in that the pEp +protocols propose opportunistic End-to-End security and signature, by allowing +the transport of the necessary public key material along with the original +messages. + +For the purpose of allowing the insertion of such public keys, the root entity +of the protected message is thus nested once more into an additional +multipart/mixed MIME entity. The current pEp proposal is for PGP/MIME, while +an extension to S/MIME is next. + +pEp’s proposal is strict in that it requires that the cryptographic services +applied to the protected message MUST include encryption. It also mandates a +fixed MIME structure for the protected message, which always MUST include a +plaintext and optionally an HTML representation (if HTML is used) of the same +message, and requires that all other optional elements to be eventually +presented as attachments. Alternatively the whole protected message could +represent in turn a wrapped pEp wrapper, which makes the message structure +fully recursive on purpose (e.g., for the purpose of anonymization through +onion routing). + +For the purpose of implementing mixnet routing for email, it is foreseen to +nest pEp messages recursively. A protected message can in turn contain a +protected message due for forwarding. This is for the purpose to increase +privacy and counter the necessary leakage of plaintext addressing in the +envelope of the email. + +The recursive nature of the pEp message format allows for the implementation +of progressive disclosure of the necessary transport relevant header fields +just as-needed to the next mail transport agents along the transmission path. + +
+
+ +[[ RFC Editor: This section is to be removed before publication ]] + + + draft-luck-lamps-pep-header-protection-03 + + Remove Use Cases / Requirements sections (move to new doc) + Adjust title of the document + Added note on implementation done of forwarded=no + + draft-luck-lamps-pep-header-protection-02 + + Add Privacy and IANA Considerations sections + Added / Adjusted requirements + + draft-luck-lamps-pep-header-protection-01 + + Major rewrite and update of whole document + + draft-luck-lamps-pep-header-protection-00 + + Initial version + + + +
+
+ +[[ RFC Editor: This section should be empty and is to be removed + before publication. ]] + + + Align with specification for MIME Content-Type message/partial + We probably have issues and overlapping specifications about +encoding for nested message/rfc822 entities, specified in +. Further study is needed to find and understand the +issues. + + + + + +
+ + + + + + + + diff --git a/lamps-header-protection/draft-luck-lamps-pep-header-protection.mkd b/lamps-header-protection/draft-luck-lamps-pep-header-protection.mkd index d188c5f9..94bd997e 100644 --- a/lamps-header-protection/draft-luck-lamps-pep-header-protection.mkd +++ b/lamps-header-protection/draft-luck-lamps-pep-header-protection.mkd @@ -3,7 +3,7 @@ coding: utf-8 title: "pretty Easy privacy (pEp): Progressive Header Disclosure" abbrev: Progressive Header Disclosure -docname: draft-luck-lamps-pep-header-protection-03 +docname: draft-luck-lamps-pep-header-protection-04 category: info stand_alone: yes