SMTP and MIME Extensions for Content Conversion
RFC 4141

Note: This ballot was opened for revision 13 and is now closed.

(Steven Bellovin) Discuss

Discuss (2004-11-11 for -** No value found for 'p.get_dochistory.rev' **)
My original DISCUSS said "This scheme completely breaks S/MIME.  At the very least, there needs to be discussion of that fact and its implications; ideally, there should be some mention of the architecture for -- and the security implications of -- a content-converting S/MIME gateway."  In many ways, the current text is worse.

Section 2 says

     Also note that
     conversion is not possible for content that has been
     digitally signed or encrypted, unless the converting
     intermediary can decode and re-code the content.

But intermediaries should never have such keys.  Similarly, Section 3 says
     
     If a message is protected by strong content authentication or
     privacy techniques, then an intermediary that converts message
     content MUST ensure that the results of its processing are
     similarly protected.  Otherwise it MUST NOT perform conversion.

That has similar objections.

Finally, Section 11 needs to be revised in that light, too.

(Scott Hollenbeck) Yes

(Harald Alvestrand) No Objection

Comment (2005-01-19 for -** No value found for 'p.get_dochistory.rev' **)
No email
send info
I'll let Alex hold the DISCUSS based on Joel Halpern's review.

(Margaret Cullen) No Objection

(Bill Fenner) No Objection

(Ted Hardie) (was Discuss) No Objection

(Sam Hartman) No Objection

(Russ Housley) No Objection

Comment (2005-01-20 for -** No value found for 'p.get_dochistory.rev' **)
No email
send info
  The security considerations were changed to resolve the concerns
  originally raised by Steve Bellovin.  A long email dialogue
  including Steve Bellovin, Dave Crocker, and myself lead to an
  acceptable resolution.

  OLD:

     Use of the ESMTP CONNEG option permits content transformation 
     by an intermediary, along the mail transfer path.  When 
     the contents are encrypted, the intermediary cannot perform 
     the conversion, unless it has access to the relevant secret 
     information.  When the contents are signed, but they remain 
     in the clear, conversion will invalidate the signature.

  NEW:

     Use of the ESMTP CONNEG option permits content transformation 
     by an intermediary, along the mail transfer path.  When 
     the contents are encrypted, the intermediary cannot perform 
     the conversion, since it is not expected to have access to the
     relevant secret keying material.  When the contents are signed,
     but not encrypted, conversion will invalidate the signature.

(David Kessens) No Objection

(Allison Mankin) No Objection

(Thomas Narten) No Objection

(Jon Peterson) No Objection

(Bert Wijnen) No Objection

(Alex Zinin) (was Discuss) No Objection