< draft-marques-pep-rating-00.txt   draft-marques-pep-rating-01.txt >
Network Working Group H. Marques Network Working Group H. Marques
Internet-Draft pEp Foundation Internet-Draft pEp Foundation
Intended status: Informational B. Hoeneisen Intended status: Informational B. Hoeneisen
Expires: January 3, 2019 Ucom.ch Expires: September 12, 2019 Ucom.ch
July 02, 2018 March 11, 2019
pretty Easy privacy (pEp): Mapping of Privacy Rating pretty Easy privacy (pEp): Mapping of Privacy Rating
draft-marques-pep-rating-00 draft-marques-pep-rating-01
Abstract Abstract
In many Opportunistic Security scenarios end-to-end encryption is In many Opportunistic Security scenarios end-to-end encryption is
automatized for Internet users. In addition, it is often required to automatized for Internet users. In addition, it is often required to
provide the users with easy means to carry out authentication. provide the users with easy means to carry out authentication.
Depending on several factors, each communication channel to different Depending on several factors, each communication channel to different
peers may have a different Privacy Status, e.g., unencrypted, peers may have a different Privacy Status, e.g., unencrypted,
encrypted and encrypted as well as authenticated. Even each message encrypted and encrypted as well as authenticated. Even each message
skipping to change at page 2, line 4 skipping to change at page 2, line 4
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 3, 2019. This Internet-Draft will expire on September 12, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 2, line 38 skipping to change at page 2, line 38
3.3. Surjective Mapping of Rating Codes into Color Codes . . . 6 3.3. Surjective Mapping of Rating Codes into Color Codes . . . 6
3.4. Semantics of Color and Rating Codes . . . . . . . . . . . 6 3.4. Semantics of Color and Rating Codes . . . . . . . . . . . 6
3.4.1. Red . . . . . . . . . . . . . . . . . . . . . . . . . 6 3.4.1. Red . . . . . . . . . . . . . . . . . . . . . . . . . 6
3.4.2. No Color . . . . . . . . . . . . . . . . . . . . . . 6 3.4.2. No Color . . . . . . . . . . . . . . . . . . . . . . 6
3.4.3. Yellow . . . . . . . . . . . . . . . . . . . . . . . 7 3.4.3. Yellow . . . . . . . . . . . . . . . . . . . . . . . 7
3.4.4. Green . . . . . . . . . . . . . . . . . . . . . . . . 7 3.4.4. Green . . . . . . . . . . . . . . . . . . . . . . . . 7
4. Per-Identity Privacy Rating . . . . . . . . . . . . . . . . . 7 4. Per-Identity Privacy Rating . . . . . . . . . . . . . . . . . 7
5. Security Considerations . . . . . . . . . . . . . . . . . . . 8 5. Security Considerations . . . . . . . . . . . . . . . . . . . 8
6. Implementation Status . . . . . . . . . . . . . . . . . . . . 8 6. Implementation Status . . . . . . . . . . . . . . . . . . . . 8
6.1. Introduction . . . . . . . . . . . . . . . . . . . . . . 8 6.1. Introduction . . . . . . . . . . . . . . . . . . . . . . 8
6.2. Running Code . . . . . . . . . . . . . . . . . . . . . . 9 6.2. Current software implementing pEp . . . . . . . . . . . . 9
7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 9 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 9
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 9
8.1. Normative References . . . . . . . . . . . . . . . . . . 9 8.1. Normative References . . . . . . . . . . . . . . . . . . 9
8.2. Informative References . . . . . . . . . . . . . . . . . 10 8.2. Informative References . . . . . . . . . . . . . . . . . 10
Appendix A. Excerpts from the pEp Reference Implementation . . . 11 Appendix A. Excerpts from the pEp Reference Implementation . . . 11
A.1. pEp rating . . . . . . . . . . . . . . . . . . . . . . . 11 A.1. pEp rating . . . . . . . . . . . . . . . . . . . . . . . 11
Appendix B. Document Changelog . . . . . . . . . . . . . . . . . 11 Appendix B. Document Changelog . . . . . . . . . . . . . . . . . 11
Appendix C. Open Issues . . . . . . . . . . . . . . . . . . . . 11 Appendix C. Open Issues . . . . . . . . . . . . . . . . . . . . 11
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12
1. Introduction 1. Introduction
skipping to change at page 4, line 22 skipping to change at page 4, line 22
of end-to-end encryption for Internet users of email and other of end-to-end encryption for Internet users of email and other
messaging applications and introduces methods to easily allow messaging applications and introduces methods to easily allow
authentication. authentication.
2. Terms 2. Terms
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
o Handshake: The process when Alice - e.g., in-person or via phone - o pEp Handshake: The process when Alice - e.g., in-person or via
contacts Bob to verify Trustwords (or by fallback: fingerprints) phone - contacts Bob to verify Trustwords (or by fallback:
is called handshake. [I-D.marques-pep-handshake] fingerprints) is called pEp Handshake.
[I-D.marques-pep-handshake]
o Trustwords: A scalar-to-word representation of 16-bit numbers (0 o Trustwords: A scalar-to-word representation of 16-bit numbers (0
to 65535) to natural language words. When doing a handshake, to 65535) to natural language words. When doing a Handshake,
peers are shown combined Trustwords of both public keys involved peers are shown combined Trustwords of both public keys involved
to ease the comparison. [I-D.birk-pep-trustwords] to ease the comparison. [I-D.birk-pep-trustwords]
o Trust on First Use (TOFU): cf. [RFC7435] o Trust on First Use (TOFU): cf. [RFC7435]
o Man-in-the-middle attack (MITM): cf. [RFC4949] o Man-in-the-middle attack (MITM): cf. [RFC4949]
3. Per-Message Privacy Rating 3. Per-Message Privacy Rating
3.1. Rating Codes 3.1. Rating Codes
skipping to change at page 6, line 11 skipping to change at page 6, line 11
| | | | | |
| 2 | green | | 2 | green |
+------------+-------------+ +------------+-------------+
3.3. Surjective Mapping of Rating Codes into Color Codes 3.3. Surjective Mapping of Rating Codes into Color Codes
Corresponding User Experience (UX) implementations use a surjective Corresponding User Experience (UX) implementations use a surjective
mapping of the Rating Codes into the Color Codes (in traffic light mapping of the Rating Codes into the Color Codes (in traffic light
semantics) as follows: semantics) as follows:
+--------------+------------+---------------+ +--------------+------------+-------------+
| Rating codes | Color code | (Color label) | | Rating codes | Color code | Color label |
+--------------+------------+---------------+ +--------------+------------+-------------+
| -3 to -1 | -1 | (red) | | -3 to -1 | -1 | red |
| | | | | | | |
| 0 to 5 | 0 | (no color) | | 0 to 5 | 0 | no color |
| | | | | | | |
| 6 | 1 | (yellow) | | 6 | 1 | yellow |
| | | | | | | |
| 7 to 9 | 2 | (green) | | 7 to 9 | 2 | green |
+--------------+------------+---------------+ +--------------+------------+-------------+
This mapping is used in current pEp implementations to signal the This mapping is used in current pEp implementations to signal the
Privacy Status (cf. Section 6.2). Privacy Status (cf. Section 6.2).
3.4. Semantics of Color and Rating Codes 3.4. Semantics of Color and Rating Codes
3.4.1. Red 3.4.1. Red
The red color MUST only be used in three cases: The red color MUST only be used in three cases:
skipping to change at page 9, line 5 skipping to change at page 9, line 5
features. Readers are advised to note that other implementations may features. Readers are advised to note that other implementations may
exist. exist.
According to [RFC7942], "[...] this will allow reviewers and working According to [RFC7942], "[...] this will allow reviewers and working
groups to assign due consideration to documents that have the benefit groups to assign due consideration to documents that have the benefit
of running code, which may serve as evidence of valuable of running code, which may serve as evidence of valuable
experimentation and feedback that have made the implemented protocols experimentation and feedback that have made the implemented protocols
more mature. It is up to the individual working groups to use this more mature. It is up to the individual working groups to use this
information as they see fit." information as they see fit."
6.2. Running Code 6.2. Current software implementing pEp
In pEp for email contexts, pEp rating codes are already implemented The following software implementing the pEp protocols (to varying
for the following platforms: degrees) already exists:
o Android, in pEp for Android - release [SRC.pepforandroid] o pEp for Outlook as add-on for Microsoft Outlook, release
[SRC.pepforoutlook]
o Enigmail, in the Enigmail/pEp mode - release used for new Enigmail o pEp for Android (based on a fork of the K9 MUA), release
users of version 2.0 [SRC.enigmailpep] [SRC.pepforandroid]
o iOS, in pEp for iOS - not yet released [SRC.pepforios] o Enigmail/pEp as add-on for Mozilla Thunderbird, release
[SRC.enigmailpep]
o Outlook, in pEp for Outlook - commercial release o pEp for iOS (implemented in a new MUA), beta [SRC.pepforios]
[SRC.pepforoutlook]
7. Acknowledgments pEp for Android, iOS and Outlook are provided by pEp Security, a
commercial entity specializing in end-user software implementing pEp
while Enigmail/pEp is pursued as community project, supported by the
pEp Foundation.
All software is available as Free Software and published also in
source form.
7. Acknowledgements
The authors would like to thank the following people who have The authors would like to thank the following people who have
provided feedback or significant contributions to the development of provided feedback or significant contributions to the development of
this document: Leon Schumacher and Volker Birk this document: Leon Schumacher and Volker Birk
This work was initially created by pEp Foundation, and then reviewed This work was initially created by pEp Foundation, and then reviewed
and extended with funding by the Internet Society's Beyond the Net and extended with funding by the Internet Society's Beyond the Net
Programme on standardizing pEp. [ISOC.bnet] Programme on standardizing pEp. [ISOC.bnet]
8. References 8. References
8.1. Normative References 8.1. Normative References
[I-D.birk-pep] [I-D.birk-pep]
Birk, V., Marques, H., and S. Shelburn, "pretty Easy Marques, H. and B. Hoeneisen, "pretty Easy privacy (pEp):
privacy (pEp): Privacy by Default", draft-birk-pep-02 Privacy by Default", draft-birk-pep-03 (work in progress),
(work in progress), June 2018. March 2019.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC4949] Shirey, R., "Internet Security Glossary, Version 2", [RFC4949] Shirey, R., "Internet Security Glossary, Version 2",
FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007, FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007,
<https://www.rfc-editor.org/info/rfc4949>. <https://www.rfc-editor.org/info/rfc4949>.
skipping to change at page 10, line 19 skipping to change at page 10, line 27
[I-D.birk-pep-trustwords] [I-D.birk-pep-trustwords]
Birk, V., Marques, H., and B. Hoeneisen, "IANA Birk, V., Marques, H., and B. Hoeneisen, "IANA
Registration of Trustword Lists: Guide, Template and IANA Registration of Trustword Lists: Guide, Template and IANA
Considerations", draft-birk-pep-trustwords-02 (work in Considerations", draft-birk-pep-trustwords-02 (work in
progress), June 2018. progress), June 2018.
[I-D.marques-pep-handshake] [I-D.marques-pep-handshake]
Marques, H. and B. Hoeneisen, "pretty Easy privacy (pEp): Marques, H. and B. Hoeneisen, "pretty Easy privacy (pEp):
Contact and Channel Authentication through Handshake", Contact and Channel Authentication through Handshake",
draft-marques-pep-handshake-00 (work in progress), June draft-marques-pep-handshake-01 (work in progress), October
2018. 2018.
[ISOC.bnet] [ISOC.bnet]
Simao, I., "Beyond the Net. 12 Innovative Projects Simao, I., "Beyond the Net. 12 Innovative Projects
Selected for Beyond the Net Funding. Implementing Privacy Selected for Beyond the Net Funding. Implementing Privacy
via Mass Encryption: Standardizing pretty Easy privacy's via Mass Encryption: Standardizing pretty Easy privacy's
protocols", June 2017, <https://www.internetsociety.org/ protocols", June 2017, <https://www.internetsociety.org/
blog/2017/06/12-innovative-projects-selected-for-beyond- blog/2017/06/12-innovative-projects-selected-for-beyond-
the-net-funding/>. the-net-funding/>.
[RFC7942] Sheffer, Y. and A. Farrel, "Improving Awareness of Running [RFC7942] Sheffer, Y. and A. Farrel, "Improving Awareness of Running
Code: The Implementation Status Section", BCP 205, Code: The Implementation Status Section", BCP 205,
RFC 7942, DOI 10.17487/RFC7942, July 2016, RFC 7942, DOI 10.17487/RFC7942, July 2016,
<https://www.rfc-editor.org/info/rfc7942>. <https://www.rfc-editor.org/info/rfc7942>.
[SRC.enigmailpep] [SRC.enigmailpep]
"Source code for Enigmail/pEp", July 2018, "Source code for Enigmail/pEp", March 2019,
<https://enigmail.net/index.php/en/download/source-code>. <https://enigmail.net/index.php/en/download/source-code>.
[SRC.pepforandroid] [SRC.pepforandroid]
"Source code for pEp for Android", July 2018, "Source code for pEp for Android", March 2019,
<https://pep-security.lu/gitlab/android/pep>. <https://pep-security.lu/gitlab/android/pep>.
[SRC.pepforios] [SRC.pepforios]
"Source code for pEp for iOS", July 2018, "Source code for pEp for iOS", March 2019,
<https://pep-security.ch/dev/repos/pEp_for_iOS/>. <https://pep-security.ch/dev/repos/pEp_for_iOS/>.
[SRC.pepforoutlook] [SRC.pepforoutlook]
"Source code for pEp for Outlook", July 2018, "Source code for pEp for Outlook", March 2019,
<https://pep-security.lu/dev/repos/pEp_for_Outlook/>. <https://pep-security.lu/dev/repos/pEp_for_Outlook/>.
Appendix A. Excerpts from the pEp Reference Implementation Appendix A. Excerpts from the pEp Reference Implementation
This section provides excerpts of the running code from the pEp This section provides excerpts of the running code from the pEp
reference implementation pEp engine (C99 programming language). reference implementation pEp engine (C99 programming language).
A.1. pEp rating A.1. pEp rating
From the reference implementation by the pEp foundation, src/ From the reference implementation by the pEp foundation, src/
 End of changes. 21 change blocks. 
40 lines changed or deleted 50 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/