juga
/
internet-drafts
forked from pEp.foundation/internet-drafts
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
mixnet
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5a20e8c0a4'
${ noResults }
internet-drafts/ietf-lamps-header-protection/draft-ietf-lamps-header-pro...

1177 lines
40 KiB
Plaintext
Raw Blame History Unescape Escape

This file contains invisible Unicode characters!

This file contains invisible Unicode characters that may be processed differently from what appears below. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to reveal hidden characters.

Network Working Group A. Melnikov
Internet-Draft Isode Ltd
Intended status: Informational B. Hoeneisen
Expires: December 26, 2019 Ucom.ch
D. Gillmor
American Civil Liberties Union
June 24, 2019
Problem Statement and Requirements for Header Protection
draft-ietf-lamps-header-protection-req-00
Abstract
Issues with email header protection in S/MIME have been recently
raised in the IETF LAMPS Working Group. The need for amendments to
the existing specification regarding header protection was expressed.
In LAMPS voices have also been expressed, that whatever mechanism
will be chosen, it should not be limited to S/MIME, but also
applicable to PGP/MIME.
This document describes the problem statement, generic use cases, and
requirments. Additionally it drafts possible solutions to address
the challenge. Finally some best practices are collected.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 26, 2019.
Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved.
Melnikov, et al. Expires December 26, 2019 [Page 1]
Internet-Draft Header Protection requirements June 2019
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Requirements Language . . . . . . . . . . . . . . . . . . 4
1.2. Terms . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 4
3. Use Cases . . . . . . . . . . . . . . . . . . . . . . . . . . 4
3.1. Interactions . . . . . . . . . . . . . . . . . . . . . . 5
3.2. Protection Levels . . . . . . . . . . . . . . . . . . . . 6
4. Requirements . . . . . . . . . . . . . . . . . . . . . . . . 6
4.1. General Requirements . . . . . . . . . . . . . . . . . . 6
4.1.1. Sending Side . . . . . . . . . . . . . . . . . . . . 6
4.1.2. Receiving Side . . . . . . . . . . . . . . . . . . . 7
4.2. Additional Requirements for Backward-Compatibility With
Legacy Clients Unaware of Header Protection . . . . . . . 7
4.2.1. Sending side . . . . . . . . . . . . . . . . . . . . 7
4.2.2. Receiving side . . . . . . . . . . . . . . . . . . . 8
4.3. Additional Requirements for Backward-Compatibility with
Legacy Header Protection Systems (if supported) . . . . . 8
4.3.1. Sending Side . . . . . . . . . . . . . . . . . . . . 8
4.3.2. Receiving Side . . . . . . . . . . . . . . . . . . . 8
5. Options to Achieve Header Protection . . . . . . . . . . . . 8
5.1. Option 1: Memory Hole . . . . . . . . . . . . . . . . . . 8
5.2. Option 2: Wrapping with message/rfc822 or message/global 9
5.2.1. Content-Type property "forwarded" . . . . . . . . . . 9
5.2.2. Handling of S/MIME protected header . . . . . . . . . 10
5.2.3. Mail User Agent Algorithm for deciding which version
of a header . . . . . . . . . . . . . . . . . . . . . 11
5.3. Option 3: Progressive Header Disclosure . . . . . . . . . 11
5.4. Design principles . . . . . . . . . . . . . . . . . . . . 11
5.5. Candidate Header Fields for Header Protection . . . . . . 13
5.6. Stub Outside Headers . . . . . . . . . . . . . . . . . . 13
5.7. More information . . . . . . . . . . . . . . . . . . . . 14
6. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 14
6.1. Option 1: Memory Hole . . . . . . . . . . . . . . . . . . 15
6.2. Option 2: Wrapping with message/rfc822 or message/global 16
6.3. Option 3 Progressive Header Disclosure . . . . . . . . . 17
7. Security Considerations . . . . . . . . . . . . . . . . . . . 17
Melnikov, et al. Expires December 26, 2019 [Page 2]
Internet-Draft Header Protection requirements June 2019
8. Privacy Considerations . . . . . . . . . . . . . . . . . . . 18
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18
10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 18
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 18
11.1. Normative References . . . . . . . . . . . . . . . . . . 18
11.2. Informative References . . . . . . . . . . . . . . . . . 19
Appendix A. Document Changelog . . . . . . . . . . . . . . . . . 20
Appendix B. Open Issues . . . . . . . . . . . . . . . . . . . . 20
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 20
1. Introduction
A range of protocols for the protection of electronic mail (email)
exist, which allow to assess the authenticity and integrity of the
email headers section or selected header fields from the domain-level
perspective, specifically DomainKeys Identified Mail (DKIM) [RFC6376]
and Sender Policy Framework (SPF) [RFC7208] and Domain-based Message
Authentication, Reporting, and Conformance (DMARC) [RFC7489]. These
protocols, while essential to responding to a range of attacks on
email, do not offer full end-to-end protection to the headers section
and are not capable of providing privacy for the information
contained therein.
The need for means of Data Minimization, which includes data
spareness and hiding of all information, which technically can be
hidden, has grown in importance over the past years.
A standard for end-to-end protection of the email headers section
exists for S/MIME since version 3.1. (cf. [RFC8551]):
In order to protect outer, non-content-related message header
fields (for instance, the "Subject", "To", "From", and "Cc"
fields), the sending client MAY wrap a full MIME message in a
message/rfc822 wrapper in order to apply S/MIME security services
to these header fields.
No mechanism for header protection has been standardized for PGP
(Pretty Good Privacy) yet.
End-to-end protection for the email headers section is currently not
widely implemented - neither for messages protected by means of
S/MIME nor PGP. At least two variants of header protection are known
to be implemented.
This document describes the problem statement, generic use cases
(Section 3) and requirements for header protection (Section 4)
Additionally it drafts possible solutions to address the challenge.
Melnikov, et al. Expires December 26, 2019 [Page 3]
Internet-Draft Header Protection requirements June 2019
However, the final solution will be determined by the IETF LAMPS WG.
Finally, some best practices are collected.
[...]
1.1. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
1.2. Terms
The following terms are defined for the scope of this document:
o Header Field:: cf. [RFC5322]
o Header Section: cf. [RFC5322]
o Signed-only message: a multipart/signed or application/pkcs7-mime
containing SignedData message which doesn't contain any encrypted
layer. I.e. this is a message which is not encrypted and not
encrypted + signed.
o Man-in-the-middle attack (MITM): cf. [RFC4949]
2. Problem Statement
The LAMPS charter contains the folllowing Work Item:
Update the specification for the cryptographic protection of email
headers - both for signatures and encryption - to improve the
implementation situation with respect to privacy, security,
usability and interoperability in cryptographically-protected
electronic mail. Most current implementations of
cryptographically-protected electronic mail protect only the body
of the message, which leaves significant room for attacks against
otherwise-protected messages.
[...]
3. Use Cases
In the following, we show the generic use cases that need to be
addressed independently of whether S/MIME, PGP/MIME or any other
technology is used for which Header Protection (HP) is to be applied
to.
Melnikov, et al. Expires December 26, 2019 [Page 4]
Internet-Draft Header Protection requirements June 2019
3.1. Interactions
The main interaction case for Header Protection (HP) is:
1) Both peers (sending and receiving side) fully support HP
For backward compatibility of legacy clients - unaware of any HP -
the following intermediate interactions need to be considered as
well:
2) The sending side fully supports HP, while the receiving side does
not support any HP
3) The sending side does not support any HP, while the receiving
side fully supports HP (trivial case)
4) Neither the sending side nor the receiving side supports any HP
(trivial case)
The following intermediate use cases may need to be considered as
well for backward compatibility with legacy HP systems, such as
S/MIME since version 3.1 (cf. [RFC8551]), in the following
designated as legacy HP:
5) The sending side fully supports HP, while the receiving side
supports legacy HP only
6) The sending side supports legacy HP only, while the receiving side
fully supports HP
7) Both peers (sending and receiving side) support legacy HP only
8) The sending side supports legacy HP only, while the receiving side
does not support any HP
9) The sending side does not support any HP, while the receiving side
supports legacy HP only (trivial case)
Note: It is to be decided whether to ensure legacy HP systems do not
conflict with any new solution for HP at all or whether (and to which
degree) backward compatibility to legacy HP systems shall be
maintained.
Melnikov, et al. Expires December 26, 2019 [Page 5]
Internet-Draft Header Protection requirements June 2019
3.2. Protection Levels
The following protection levels need to be considered:
a) signature and encryption
b) signature only
c) encryption only [[ TODO: verify whether relevant ]]
4. Requirements
In the following a list of requirements that need to be addressed
independently of whether S/MIME, PGP/MIME or any other technology is
used to apply HP to.
4.1. General Requirements
This subsection is listing the requirements to address use case 1)
(cf. Section 3.1).
G1: Define the format for HP for all protection levels. This includes
MIME structure, Content-Type (including charset and name),
Content-Disposition (including filename), and
Content-Transfer-Encoding.
G2: Define how a public key should be included.
G3: To foster wide implementation of the new solution, it shall be
easily implementable. Unless needed for maximizing protection and
privacy, existing implementations shall not require substantial
changes in the existing code base. In particular also MIME
libraries widely used shall not need to be changed to comply with
the new mechanism for HP.
G4: Ensure that man-in-the-middle attack (MITM) cf. {{RFC4949}}, in
particular downgrade attacks, are mitigated as good as possible.
4.1.1. Sending Side
Melnikov, et al. Expires December 26, 2019 [Page 6]
Internet-Draft Header Protection requirements June 2019
GS1: Determine which Header Fields (HFs) should or must be protected
at least for signed only email.
GS2: Determine which HFs should or must be sent in clear of an
encrypted email.
GS3: Determine which HF should not or must not be included in the
visible header (for transport) of an encrypted email, with the
default being that whatever is not needed from GS2 is not put
into the unencrypted transport headers, thus fulfilling data
minimization requirements (including data spareness and hiding
of all information that technically can be hidden).
GS4: Determine which HF to not to include to any HP part (e.g. Bcc).
4.1.2. Receiving Side
GR1: Determine how HF should be displayed to the user in case of
conflicting information between the protected and unprotected
headers.
GR2: Ensure that man-in-the-middle attack (MITM) cf. {{RFC4949}}, in
particular downgrade attacks, can be detected.
4.2. Additional Requirements for Backward-Compatibility With Legacy
Clients Unaware of Header Protection
This sub-section addresses the use cases 2) - 4) (cf. Section 3.1)
B1: Depending on the solution, define a means to distinguish between
forwarded messages and encapsulated messages using new HP
mechanism.
4.2.1. Sending side
BS1: Define how full HP support can be indicated to outgoing
messages.
BS2: Define how full HP support of the receiver can be detected or
guessed.
BS3: Ensure a HP unaware receiving side easily can display the
"Subject" HF to the user.
Melnikov, et al. Expires December 26, 2019 [Page 7]
Internet-Draft Header Protection requirements June 2019
4.2.2. Receiving side
BR1: Define how full HP support can be detected in incoming messages.
4.3. Additional Requirements for Backward-Compatibility with Legacy
Header Protection Systems (if supported)
This sub-section addresses the use cases 5) - 9) (cf. Section 3.1).
LS1: Depending on the solution, define a means to distinguish between
forwarded messages, legacy encapsulated messages, and
encapsulated messages using new HP mechanism.
LS2: The solution should be backward compatible to existing solutions
and aim to minimize the implementation effort to include support
for existing solutions.
4.3.1. Sending Side
LSS1: Determine how legacy HP support can be indicated to outgoing
messages.
LSS2: Determine how legacy HP support of the receiver can be detected
or guessed.
4.3.2. Receiving Side
LSR1: Determine how legacy HP support can be detected in incoming
messages.
5. Options to Achieve Header Protection
In the following a set of Options to achieve Email Header Protection.
It is expected that the IETF LAMPS WG chooses an option to update
[RFC8551] wrt. Header Protection.
5.1. Option 1: Memory Hole
Memory Hole approach works by copying the normal message header
fields into the MIME header section of the top level protected body
part. Since the MIME body part header section is itself covered by
the protection mechanisms (signing and/or encryption) it shares the
protections of the message body.
Melnikov, et al. Expires December 26, 2019 [Page 8]
Internet-Draft Header Protection requirements June 2019
[[ TODO: [DKG] add more information on memory hole]]
5.2. Option 2: Wrapping with message/rfc822 or message/global
Wrapping with message/rfc822 (or message/global) works by copying the
normal message header fields into the MIME header section of the top
level protect body part
[[ HB: Not sure this is well expressed: In option 2 the whole message
is copied into the MIME body part as message/rfc822 element. ]]
and then prepending them with "Content-Type: message/rfc822;
forwarded=no\r\n" or "Content-Type: message/global;
forwarded=no\r\n", where \r\n is US-ASCII CR followed by US-ASCII LF.
Since the MIME body part header section is itself covered by the
protection mechanisms (signing and/or encryption) it shares the
protections of the message body.
5.2.1. Content-Type property "forwarded"
This section outlines how the new "forwarded" Content-Type header
field parameter could be defined (probabely in a separate document)
and how header section wrapping works:
This document defines a new Content-Type header field parameter
[RFC2045] with name "forwarded". The parameter value is case-
insensitive and can be either "yes" or "no". (The default value
being "yes"). The parameter is only meaningful with media type
"message/rfc822" and "message/global" [RFC6532] when used within
S/MIME signed or encrypted body parts. The value "yes" means that
the message nested inside "message/rfc822" ("message/global") is a
forwarded message and not a construct created solely to protect the
inner header section.
Instructions in [RFC8551] describing how to protect the Email message
header section [RFC5322], by wrapping the message inside a message/
rfc822 container [RFC2045] are thus updated to read:
In order to protect outer, non-content-related message header
fields (for instance, the "Subject", "To", "From", and "Cc"
fields), the sending client MAY wrap a full MIME message in a
message/rfc822 wrapper in order to apply S/MIME security services
to these header fields. It is up to the receiving client to
decide how to present this "inner" header section along with the
unprotected "outer" header section.
When an S/MIME message is received, if the top-level protected
MIME entity has a Content-Type of message/rfc822 or message/global
Melnikov, et al. Expires December 26, 2019 [Page 9]
Internet-Draft Header Protection requirements June 2019
without the "forwarded" parameter or with the "forwarded"
parameter set to "no", it can be assumed that the intent was to
provide header protection. This entity SHOULD be presented as the
top-level message, taking into account header section merging
issues as previously discussed.
5.2.2. Handling of S/MIME protected header
[[This section needs more work. Don't treat anything in it as
unchangeable.]]
For a signed-only message, it is RECOMMENDED that all "outer" header
fields are copied into the "inner" protected body part. This would
mean that all header fields are signed. In this case, the "outer"
header fields simply match the protected header fields. And in the
case that the "outer" header fields differ, they can simply be
replaced with their protected versions when displayed to the user.
When generating encrypted or encrypted+signed S/MIME messages which
protect header fields:
1. If a header field is being encrypted because it is sensitive, its
true value MUST NOT be included in the outer header. If the
header field is mandatory according to [RFC5322], a stub value
(or a value indicating that the outer value is not to be used) is
to be included in the outer header section.
2. The outer header section SHOULD be minimal in order to avoid
disclosure of confidential information. It is recommended that
the outer header section only contains "Date" (set to the same
value as in the inner header field, or, if the Date value is also
sensitive, to Monday 9am of the same week), possibly "Subject"
and "To"/"Bcc" header fields. In particular, Keywords, In-Reply-
To and References header fields SHOULD NOT be included in the
outer header; "To" and "Cc" header fields should be omitted and
replaced with "Bcc: undisclosed-recipients;".
But note that having key header fields duplicated in the outer
header is convenient for many message stores (e.g. IMAP) and
clients that can't decode S/MIME encrypted messages. In
particular, Subject/To/Cc/Bcc/Date header field values are
returned in IMAP ENVELOPE FETCH data item [RFC3501], which is
frequently used by IMAP clients in order to avoid parsing message
header.
3. The "Subject" header field value of the outer header section
SHOULD either be identical to the inner "Subject" header field
value, or contain a clear indication that the outer value is not
Melnikov, et al. Expires December 26, 2019 [Page 10]
Internet-Draft Header Protection requirements June 2019
to be used for display (the inner header field value would
contain the true value).
Note that recommendations listed above typically only apply to non
MIME header fields (header fields with names not starting with
"Content-" prefix), but there are exception, e.g. Content-Language.
Note that the above recommendations can also negatively affect
antispam processing.
When displaying S/MIME messages which protect header fields (whether
they are signed-only, encrypted or encrypted+signed):
1. The outer headers might be tampered with, so a receiving client
SHOULD ignore them, unless they are protected in some other
way(_). If a header field is present in the inner header, only
the inner header field value MUST be displayed (and the
corresponding outer value must be ignored). If a particular
header field is only present in the outer header, it MAY be
ignored (not displayed) or it MAY be displayed with a clear
indicator that it is not trustworthy(_).
(*) - this only applies if the header field is not protected is
some other way, for example with a DKIM signature that validates
and is trusted.
5.2.3. Mail User Agent Algorithm for deciding which version of a header
field to display
[[TBD: describe how to recurse to find the innermost protected root
body part, extract header fields from it and propogate them to the
top level. This should also work for triple-wrapped messages.]]
5.3. Option 3: Progressive Header Disclosure
This option is similar to Option 2 (cf. Section 5.2). It also makes
use the Content-Type property "forwarded" (cf. Section 5.2.1).
5.4. Design principles
pretty Easy privacy (pEp) [I-D.birk-pep] is working on bringing
state-of-the-art automatic cryptography known from areas like TLS to
electronic mail (email) communication. pEp is determined to evolve
the existing standards as fundamentally and comprehensively as needed
to gain easy implementation and integration, and for easy use for
regular Internet users. pEp for email wants to attaining to good
Melnikov, et al. Expires December 26, 2019 [Page 11]
Internet-Draft Header Protection requirements June 2019
security practice while still retaining backward compatibility for
implementations widespread.
To provide the required stability as a foundation for good security
practice, pEp for email defines a fixed MIME structure for its
innermost message structure, so to remove most attack vectors which
have permitted the numerous EFAIL vulnerabilities. (TBD: ref)
Security comes just next after privacy in pEp, for which reason the
application of signatures without encryption to messages in transit
is not considered purposeful. pEp for email herein referenced, and
further described in [I-D.marques-pep-email], either expects to
transfer messages in cleartext without signature or encryption, or
transfer them encrypted and with enclosed signature and necessary
public keys so that replies can be immediately upgraded to encrypted
messages.
The pEp message format is equivalent to the S/MIME standard in
ensuring header protection, in that the whole message is protected
instead, by wrapping it and providing cryptographic services to the
whole original message. The pEp message format is different compared
to the S/MIME standard in that the pEp protocols propose
opportunistic end-to-end security and signature, by allowing the
transport of the necessary public key material along with the
original messages.
For the purpose of allowing the insertion of such public keys, the
root entity of the protected message is thus nested once more into an
additional multipart/mixed MIME entity. The current pEp proposal is
for PGP/MIME, while an extension to S/MIME is next.
pEp's proposal is strict in that it requires that the cryptographic
services applied to the protected message MUST include encryption.
It also mandates a fixed MIME structure for the protected message,
which always MUST include a plaintext and optionally an HTML
representation (if HTML is used) of the same message, and requires
that all other optional elements to be eventually presented as
attachments. Alternatively the whole protected message could
represent in turn a wrapped pEp wrapper, which makes the message
structure fully recursive on purpose (e.g., for the purpose of
anonymization through onion routing).
For the purpose of implementing mixnet routing for email, it is
foreseen to nest pEp messages recursively. A protected message can
in turn contain a protected message due for forwarding. This is for
the purpose to increase privacy and counter the necessary leakage of
plaintext addressing in the envelope of the email.
Melnikov, et al. Expires December 26, 2019 [Page 12]
Internet-Draft Header Protection requirements June 2019
The recursive nature of the pEp message format allows for the
implementation of progressive disclosure of the necessary transport
relevant header fields just as-needed to the next mail transport
agents along the transmission path.
pEp has also implemented the above (in Section 5.2.1) described
Content-Type property "forwarded" to distinguish between encapsulated
and forwarded emails.
5.5. Candidate Header Fields for Header Protection
By default, all headers of the original message SHOULD be wrapped
with the original message, with one exception:
o the header field "Bcc" MUST NOT be added to the protected headers.
5.6. Stub Outside Headers
The outer message requires a minimal set of headers to be in place
for being eligible for transport. This includes the "From", "To",
"Cc", "Bcc", "Subject" and "Message-ID" header fields. The protocol
hereby defined also depends on the "MIME-Version", "Content-Type",
"Content-Disposition" and eventually the "Content-Transport-Encoding"
header field to be present.
Submission and forwarding based on SMTP carries "from" and
"receivers" information out-of-band, so that the "From" and "To"
header fields are not strictly necessary. Nevertheless, "From",
"Date", and at least one destination header field is mandatory as per
[RFC5322]. They SHOULD be conserved for reliability.
The following header fields should contain a verbatim copy of the
header fields of the inner message:
o Date
o From
o To
o Cc (*)
o Bcc (*)
The entries with an asterisk mark (*) should only be set if also
present in the original message.
Melnikov, et al. Expires December 26, 2019 [Page 13]
Internet-Draft Header Protection requirements June 2019
5.7. More information
More information on progressive header disclosure can be found in
[I-D.marques-pep-email] and [I-D.luck-lamps-pep-header-protection].
The latter is a predecessor of this document.
6. Examples
Examples in subsequent sections assume that an email client is trying
to protect (sign) the following initial message:
Melnikov, et al. Expires December 26, 2019 [Page 14]
Internet-Draft Header Protection requirements June 2019
Date: Mon, 25 Sep 2017 17:31:42 +0100 (GMT Daylight Time)
From: "Alexey Melnikov" <alexey.melnikov@example.net>
Message-ID: <e4a483cb-1dfb-481d-903b-298c92c21f5e@mattingly.example.net>
MIME-Version: 1.0
MMHS-Primary-Precedence: 3
Subject: Meeting at my place
To: somebody@example.net
X-Mailer: Isode Harrier Web Server
Content-Type: text/plain; charset=us-ascii
This is an important message that I don't want to be modified.
Without message header protection the corresponding signed message
might look like this. (Lines prepended by "O: " are the outer
header.)
O: Date: Mon, 25 Sep 2017 17:31:42 +0100 (GMT Daylight Time)
O: Message-ID: <e4a483cb-1dfb-481d-903b-298c92c21f5e@mattingly.example.net>
O: Subject: Meeting at my place
O: From: "Alexey Melnikov" <alexey.melnikov@example.net>
O: MIME-Version: 1.0
O: content-type: multipart/signed; charset=us-ascii; micalg=sha1;
O: protocol="application/pkcs7-signature";
O: boundary=.cbe16d2a-e1a3-4220-b821-38348fc97237
This is a multipart message in MIME format.
--.cbe16d2a-e1a3-4220-b821-38348fc97237
Content-Type: text/plain; charset=us-ascii
This is an important message that I don't want to be modified.
--.cbe16d2a-e1a3-4220-b821-38348fc97237
Content-Transfer-Encoding: base64
content-type: application/pkcs7-signature
[[base-64 encoded signature]]
--.cbe16d2a-e1a3-4220-b821-38348fc97237--
6.1. Option 1: Memory Hole
The following example demonstrates how header section and payload of
a protect body part might look like. For example, this will be the
first body part of a multipart/signed message or the signed and/or
encrypted payload of the application/pkcs7-mime body part. Lines
Melnikov, et al. Expires December 26, 2019 [Page 15]
Internet-Draft Header Protection requirements June 2019
prepended by "O: " are the outer header section. Lines prepended by
"I: " are the inner header section.
O: Date: Mon, 25 Sep 2017 17:31:42 +0100 (GMT Daylight Time)
O: Message-ID: <e4a483cb-1dfb-481d-903b-298c92c21f5e@mattingly.example.net>
O: Subject: Meeting at my place
O: From: "Alexey Melnikov" <alexey.melnikov@example.net>
O: MIME-Version: 1.0
O: content-type: multipart/signed; charset=us-ascii; micalg=sha1;
O: protocol="application/pkcs7-signature";
O: boundary=.cbe16d2a-e1a3-4220-b821-38348fc97237
This is a multipart message in MIME format.
--.cbe16d2a-e1a3-4220-b821-38348fc97237
I: Date: Mon, 25 Sep 2017 17:31:42 +0100 (GMT Daylight Time)
I: From: "Alexey Melnikov" <alexey.melnikov@example.net>
I: Message-ID: <e4a483cb-1dfb-481d-903b-298c92c21f5e@mattingly.example.net>
I: MIME-Version: 1.0
I: MMHS-Primary-Precedence: 3
I: Subject: Meeting at my place
I: To: somebody@example.net
I: X-Mailer: Isode Harrier Web Server
I: Content-Type: text/plain; charset=us-ascii
This is an important message that I don't want to be modified.
--.cbe16d2a-e1a3-4220-b821-38348fc97237
Content-Transfer-Encoding: base64
content-type: application/pkcs7-signature
[[base-64 encoded signature]]
--.cbe16d2a-e1a3-4220-b821-38348fc97237--
6.2. Option 2: Wrapping with message/rfc822 or message/global
The following example demonstrates how header section and payload of
a protect body part might look like. For example, this will be the
first body part of a multipart/signed message or the signed and/or
encrypted payload of the application/pkcs7-mime body part. Lines
prepended by "O: " are the outer header section. Lines prepended by
"I: " are the inner header section. Lines prepended by "W: " are the
wrapper.
Melnikov, et al. Expires December 26, 2019 [Page 16]
Internet-Draft Header Protection requirements June 2019
O: Date: Mon, 25 Sep 2017 17:31:42 +0100 (GMT Daylight Time)
O: Message-ID: <e4a483cb-1dfb-481d-903b-298c92c21f5e@mattingly.example.net>
O: Subject: Meeting at my place
O: From: "Alexey Melnikov" <alexey.melnikov@example.net>
O: MIME-Version: 1.0
O: content-type: multipart/signed; charset=us-ascii; micalg=sha1;
O: protocol="application/pkcs7-signature";
O: boundary=.cbe16d2a-e1a3-4220-b821-38348fc97237
This is a multipart message in MIME format.
--.cbe16d2a-e1a3-4220-b821-38348fc97237
W: Content-Type: message/rfc822; forwarded=no
W:
I: Date: Mon, 25 Sep 2017 17:31:42 +0100 (GMT Daylight Time)
I: From: "Alexey Melnikov" <alexey.melnikov@example.net>
I: Message-ID: <e4a483cb-1dfb-481d-903b-298c92c21f5e@mattingly.example.net>
I: MIME-Version: 1.0
I: MMHS-Primary-Precedence: 3
I: Subject: Meeting at my place
I: To: somebody@example.net
I: X-Mailer: Isode Harrier Web Server
I: Content-Type: text/plain; charset=us-ascii
This is an important message that I don't want to be modified.
--.cbe16d2a-e1a3-4220-b821-38348fc97237
Content-Transfer-Encoding: base64
content-type: application/pkcs7-signature
[[base-64 encoded signature]]
--.cbe16d2a-e1a3-4220-b821-38348fc97237--
6.3. Option 3 Progressive Header Disclosure
This looks similar as in option 2. Specific examples can be found in
[I-D.luck-lamps-pep-header-protection].
7. Security Considerations
This document talks about UI considerations, including security
considerations, when processing messages protecting header fields.
One of the goals of this document is to specify UI for displaying
such messages which is less confusing/misleading and thus more
secure.
Melnikov, et al. Expires December 26, 2019 [Page 17]
Internet-Draft Header Protection requirements June 2019
The document is not defining new protocol, so it doesn't create any
new security concerns not already covered by S/MIME [RFC8551], MIME
[RFC2045] and Email [RFC5322] in general.
8. Privacy Considerations
[[ TODO ]]
9. IANA Considerations
This document requests no action from IANA.
[[ RFC Editor: This section may be removed before publication. ]]
10. Acknowledgements
Special thanks go to Krista Bennett and Volker Birk for valuable
input to this draft and Hernani Marques for reviewing.
[[ TODO [AM]: Do we need to mention: Wei Chuang, Steve Kille, David
Wilson and Robert Williams (copied from Acknowledgements section of
[I-D.melnikov-lamps-header-protection] ]]
Special thanks to Claudio Luck who authored a predecessor of this
document. Essential parts of his work have been merged into this
one.
David Wilson came up with the idea of defining a new Content-Type
header field parameter to distinguish forwarded messages from inner
header field protection constructs.
11. References
11.1. Normative References
[RFC2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail
Extensions (MIME) Part One: Format of Internet Message
Bodies", RFC 2045, DOI 10.17487/RFC2045, November 1996,
<https://www.rfc-editor.org/info/rfc2045>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC5322] Resnick, P., Ed., "Internet Message Format", RFC 5322,
DOI 10.17487/RFC5322, October 2008,
<https://www.rfc-editor.org/info/rfc5322>.
Melnikov, et al. Expires December 26, 2019 [Page 18]
Internet-Draft Header Protection requirements June 2019
[RFC8551] Schaad, J., Ramsdell, B., and S. Turner, "Secure/
Multipurpose Internet Mail Extensions (S/MIME) Version 4.0
Message Specification", RFC 8551, DOI 10.17487/RFC8551,
April 2019, <https://www.rfc-editor.org/info/rfc8551>.
11.2. Informative References
[I-D.birk-pep]
Marques, H. and B. Hoeneisen, "pretty Easy privacy (pEp):
Privacy by Default", draft-birk-pep-03 (work in progress),
March 2019.
[I-D.luck-lamps-pep-header-protection]
Luck, C. and B. Hoeneisen, "pretty Easy privacy (pEp):
Header Protection", draft-luck-lamps-pep-header-
protection-02 (work in progress), March 2019.
[I-D.marques-pep-email]
Marques, H., "pretty Easy privacy (pEp): Email Formats and
Protocols", draft-marques-pep-email-02 (work in progress),
October 2018.
[I-D.melnikov-lamps-header-protection]
Melnikov, A., "Considerations for protecting Email header
with S/MIME", draft-melnikov-lamps-header-protection-00
(work in progress), October 2018.
[RFC3501] Crispin, M., "INTERNET MESSAGE ACCESS PROTOCOL - VERSION
4rev1", RFC 3501, DOI 10.17487/RFC3501, March 2003,
<https://www.rfc-editor.org/info/rfc3501>.
[RFC4949] Shirey, R., "Internet Security Glossary, Version 2",
FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007,
<https://www.rfc-editor.org/info/rfc4949>.
[RFC6376] Crocker, D., Ed., Hansen, T., Ed., and M. Kucherawy, Ed.,
"DomainKeys Identified Mail (DKIM) Signatures", STD 76,
RFC 6376, DOI 10.17487/RFC6376, September 2011,
<https://www.rfc-editor.org/info/rfc6376>.
[RFC6532] Yang, A., Steele, S., and N. Freed, "Internationalized
Email Headers", RFC 6532, DOI 10.17487/RFC6532, February
2012, <https://www.rfc-editor.org/info/rfc6532>.
[RFC7208] Kitterman, S., "Sender Policy Framework (SPF) for
Authorizing Use of Domains in Email, Version 1", RFC 7208,
DOI 10.17487/RFC7208, April 2014,
<https://www.rfc-editor.org/info/rfc7208>.
Melnikov, et al. Expires December 26, 2019 [Page 19]
Internet-Draft Header Protection requirements June 2019
[RFC7489] Kucherawy, M., Ed. and E. Zwicky, Ed., "Domain-based
Message Authentication, Reporting, and Conformance
(DMARC)", RFC 7489, DOI 10.17487/RFC7489, March 2015,
<https://www.rfc-editor.org/info/rfc7489>.
Appendix A. Document Changelog
[[ RFC Editor: This section is to be removed before publication ]]
o draft-ietf-lamps-header-protection-req-00
* Initial version
Appendix B. Open Issues
[[ RFC Editor: This section should be empty and is to be removed
before publication. ]]
o filename of the document
* does draft-ietf-lamps-header-protection-req work to keep draft-
ietf-lamps-header-protection free for the specification? Or do
we expect only one document at the end of the day?
o Signed-only protection needs further study
* pEp only does header protection by applying both signing and
encryption. Technically it is also possible to sign, but not
encrypt the protected messages. This needs further study.
Authors' Addresses
Alexey Melnikov
Isode Ltd
14 Castle Mews
Hampton, Middlesex TW12 2NP
UK
Email: alexey.melnikov@isode.com
Melnikov, et al. Expires December 26, 2019 [Page 20]
Internet-Draft Header Protection requirements June 2019
Bernie Hoeneisen
Ucom Standards Track Solutions GmbH
CH-8046 Zuerich
Switzerland
Phone: +41 44 500 52 44
Email: bernie@ietf.hoeneisen.ch (bernhard.hoeneisen AT ucom.ch)
URI: https://ucom.ch/
Daniel Kahn Gillmor
American Civil Liberties Union
125 Broad St.
New York, NY 10004
USA
Email: dkg@fifthhorseman.net
Melnikov, et al. Expires December 26, 2019 [Page 21]
Reference in New Issue View Git Blame Copy Permalink