Skip to main content

Header Protection for Cryptographically Protected E-mail
draft-ietf-lamps-header-protection-25

Approval announcement
Draft of message to be sent after approval:

Announcement

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: The IESG <iesg@ietf.org>, draft-ietf-lamps-header-protection@ietf.org, housley@vigilsec.com, lamps-chairs@ietf.org, rdd@cert.org, rfc-editor@rfc-editor.org, spasm@ietf.org
Subject: Protocol Action: 'Header Protection for Cryptographically Protected E-mail' to Proposed Standard (draft-ietf-lamps-header-protection-25.txt)

The IESG has approved the following document:
- 'Header Protection for Cryptographically Protected E-mail'
  (draft-ietf-lamps-header-protection-25.txt) as Proposed Standard

This document is the product of the Limited Additional Mechanisms for PKIX
and SMIME Working Group.

The IESG contact persons are Paul Wouters, Deb Cooley and Roman Danyliw.

A URL of this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-lamps-header-protection/


Ballot Text

Technical Summary

   S/MIME version 3.1 introduced a mechanism to provide end-to-end
   cryptographic protection of e-mail message headers.  However, few
   implementations generate messages using this mechanism, and several
   legacy implementations have revealed rendering or security issues
   when handling such a message.

   This document updates the S/MIME specification (RFC8551) to offer a
   different mechanism that provides the same cryptographic protections
   but with fewer downsides when handled by legacy clients.
   Furthermore, it offers more explicit usability, privacy, and security
   guidance for clients when generating or handling e-mail messages with
   cryptographic protection of message headers.

   The Header Protection scheme defined here is also applicable to
   messages with PGP/MIME cryptographic protections.

Working Group Summary

There was nothing notable in the WG review process.  Refinements were made based on AD and ARTART IETF LC review.  

This document was initially scheduled for IESG Review as -20.  However, it was pulled back to the WG and was run through another WGLC/IETF LC to confirm the changes made due to redesign during the ARTART review and early IESG balloting.

Document Quality

   There has been some code written, but so far, vendors of major email user
   agents have not said whether they will implement. One did offer insightful
   review of the Internet-Draft during WG Last Call.

Personnel

The Document Shepherd for this document is Russ Housley. 

The Responsible Area Director is Roman Danyliw.

RFC Editor Note