Take pep-rating to rev 03 with only minor changes
authorHernâni Marques <hernani@pep.foundation>
Wed, 08 Jan 2020 18:37:13 +0100
changeset 1211d5b6ba4a0268
parent 1210 ff555a037005
child 1212 d0098200118a
Take pep-rating to rev 03 with only minor changes
pep-rating/archive/draft-marques-pep-rating-03.html
pep-rating/archive/draft-marques-pep-rating-03.txt
pep-rating/archive/draft-marques-pep-rating-03.xml
pep-rating/draft-marques-pep-rating.mkd
     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/pep-rating/archive/draft-marques-pep-rating-03.html	Wed Jan 08 18:37:13 2020 +0100
     1.3 @@ -0,0 +1,983 @@
     1.4 +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" 
     1.5 +  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
     1.6 +
     1.7 +<html lang="en" xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
     1.8 +<head profile="http://www.w3.org/2006/03/hcard http://dublincore.org/documents/2008/08/04/dc-html/">
     1.9 +  <meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
    1.10 +
    1.11 +  <title>pretty Easy privacy (pEp): Mapping of Privacy Rating</title>
    1.12 +
    1.13 +  <style type="text/css" title="Xml2Rfc (sans serif)">
    1.14 +  /*<![CDATA[*/
    1.15 +	  a {
    1.16 +	  text-decoration: none;
    1.17 +	  }
    1.18 +      /* info code from SantaKlauss at http://www.madaboutstyle.com/tooltip2.html */
    1.19 +      a.info {
    1.20 +          /* This is the key. */
    1.21 +          position: relative;
    1.22 +          z-index: 24;
    1.23 +          text-decoration: none;
    1.24 +      }
    1.25 +      a.info:hover {
    1.26 +          z-index: 25;
    1.27 +          color: #FFF; background-color: #900;
    1.28 +      }
    1.29 +      a.info span { display: none; }
    1.30 +      a.info:hover span.info {
    1.31 +          /* The span will display just on :hover state. */
    1.32 +          display: block;
    1.33 +          position: absolute;
    1.34 +          font-size: smaller;
    1.35 +          top: 2em; left: -5em; width: 15em;
    1.36 +          padding: 2px; border: 1px solid #333;
    1.37 +          color: #900; background-color: #EEE;
    1.38 +          text-align: left;
    1.39 +      }
    1.40 +	  a.smpl {
    1.41 +	  color: black;
    1.42 +	  }
    1.43 +	  a:hover {
    1.44 +	  text-decoration: underline;
    1.45 +	  }
    1.46 +	  a:active {
    1.47 +	  text-decoration: underline;
    1.48 +	  }
    1.49 +	  address {
    1.50 +	  margin-top: 1em;
    1.51 +	  margin-left: 2em;
    1.52 +	  font-style: normal;
    1.53 +	  }
    1.54 +	  body {
    1.55 +	  color: black;
    1.56 +	  font-family: verdana, helvetica, arial, sans-serif;
    1.57 +	  font-size: 10pt;
    1.58 +	  max-width: 55em;
    1.59 +	  
    1.60 +	  }
    1.61 +	  cite {
    1.62 +	  font-style: normal;
    1.63 +	  }
    1.64 +	  dd {
    1.65 +	  margin-right: 2em;
    1.66 +	  }
    1.67 +	  dl {
    1.68 +	  margin-left: 2em;
    1.69 +	  }
    1.70 +	
    1.71 +	  ul.empty {
    1.72 +	  list-style-type: none;
    1.73 +	  }
    1.74 +	  ul.empty li {
    1.75 +	  margin-top: .5em;
    1.76 +	  }
    1.77 +	  dl p {
    1.78 +	  margin-left: 0em;
    1.79 +	  }
    1.80 +	  dt {
    1.81 +	  margin-top: .5em;
    1.82 +	  }
    1.83 +	  h1 {
    1.84 +	  font-size: 14pt;
    1.85 +	  line-height: 21pt;
    1.86 +	  page-break-after: avoid;
    1.87 +	  }
    1.88 +	  h1.np {
    1.89 +	  page-break-before: always;
    1.90 +	  }
    1.91 +	  h1 a {
    1.92 +	  color: #333333;
    1.93 +	  }
    1.94 +	  h2 {
    1.95 +	  font-size: 12pt;
    1.96 +	  line-height: 15pt;
    1.97 +	  page-break-after: avoid;
    1.98 +	  }
    1.99 +	  h3, h4, h5, h6 {
   1.100 +	  font-size: 10pt;
   1.101 +	  page-break-after: avoid;
   1.102 +	  }
   1.103 +	  h2 a, h3 a, h4 a, h5 a, h6 a {
   1.104 +	  color: black;
   1.105 +	  }
   1.106 +	  img {
   1.107 +	  margin-left: 3em;
   1.108 +	  }
   1.109 +	  li {
   1.110 +	  margin-left: 2em;
   1.111 +	  margin-right: 2em;
   1.112 +	  }
   1.113 +	  ol {
   1.114 +	  margin-left: 2em;
   1.115 +	  margin-right: 2em;
   1.116 +	  }
   1.117 +	  ol p {
   1.118 +	  margin-left: 0em;
   1.119 +	  }
   1.120 +	  p {
   1.121 +	  margin-left: 2em;
   1.122 +	  margin-right: 2em;
   1.123 +	  }
   1.124 +	  pre {
   1.125 +	  margin-left: 3em;
   1.126 +	  background-color: lightyellow;
   1.127 +	  padding: .25em;
   1.128 +	  }
   1.129 +	  pre.text2 {
   1.130 +	  border-style: dotted;
   1.131 +	  border-width: 1px;
   1.132 +	  background-color: #f0f0f0;
   1.133 +	  width: 69em;
   1.134 +	  }
   1.135 +	  pre.inline {
   1.136 +	  background-color: white;
   1.137 +	  padding: 0em;
   1.138 +	  }
   1.139 +	  pre.text {
   1.140 +	  border-style: dotted;
   1.141 +	  border-width: 1px;
   1.142 +	  background-color: #f8f8f8;
   1.143 +	  width: 69em;
   1.144 +	  }
   1.145 +	  pre.drawing {
   1.146 +	  border-style: solid;
   1.147 +	  border-width: 1px;
   1.148 +	  background-color: #f8f8f8;
   1.149 +	  padding: 2em;
   1.150 +	  }
   1.151 +	  table {
   1.152 +	  margin-left: 2em;
   1.153 +	  }
   1.154 +	  table.tt {
   1.155 +	  vertical-align: top;
   1.156 +	  }
   1.157 +	  table.full {
   1.158 +	  border-style: outset;
   1.159 +	  border-width: 1px;
   1.160 +	  }
   1.161 +	  table.headers {
   1.162 +	  border-style: outset;
   1.163 +	  border-width: 1px;
   1.164 +	  }
   1.165 +	  table.tt td {
   1.166 +	  vertical-align: top;
   1.167 +	  }
   1.168 +	  table.full td {
   1.169 +	  border-style: inset;
   1.170 +	  border-width: 1px;
   1.171 +	  }
   1.172 +	  table.tt th {
   1.173 +	  vertical-align: top;
   1.174 +	  }
   1.175 +	  table.full th {
   1.176 +	  border-style: inset;
   1.177 +	  border-width: 1px;
   1.178 +	  }
   1.179 +	  table.headers th {
   1.180 +	  border-style: none none inset none;
   1.181 +	  border-width: 1px;
   1.182 +	  }
   1.183 +	  table.left {
   1.184 +	  margin-right: auto;
   1.185 +	  }
   1.186 +	  table.right {
   1.187 +	  margin-left: auto;
   1.188 +	  }
   1.189 +	  table.center {
   1.190 +	  margin-left: auto;
   1.191 +	  margin-right: auto;
   1.192 +	  }
   1.193 +	  caption {
   1.194 +	  caption-side: bottom;
   1.195 +	  font-weight: bold;
   1.196 +	  font-size: 9pt;
   1.197 +	  margin-top: .5em;
   1.198 +	  }
   1.199 +	
   1.200 +	  table.header {
   1.201 +	  border-spacing: 1px;
   1.202 +	  width: 95%;
   1.203 +	  font-size: 10pt;
   1.204 +	  color: white;
   1.205 +	  }
   1.206 +	  td.top {
   1.207 +	  vertical-align: top;
   1.208 +	  }
   1.209 +	  td.topnowrap {
   1.210 +	  vertical-align: top;
   1.211 +	  white-space: nowrap; 
   1.212 +	  }
   1.213 +	  table.header td {
   1.214 +	  background-color: gray;
   1.215 +	  width: 50%;
   1.216 +	  }
   1.217 +	  table.header a {
   1.218 +	  color: white;
   1.219 +	  }
   1.220 +	  td.reference {
   1.221 +	  vertical-align: top;
   1.222 +	  white-space: nowrap;
   1.223 +	  padding-right: 1em;
   1.224 +	  }
   1.225 +	  thead {
   1.226 +	  display:table-header-group;
   1.227 +	  }
   1.228 +	  ul.toc, ul.toc ul {
   1.229 +	  list-style: none;
   1.230 +	  margin-left: 1.5em;
   1.231 +	  margin-right: 0em;
   1.232 +	  padding-left: 0em;
   1.233 +	  }
   1.234 +	  ul.toc li {
   1.235 +	  line-height: 150%;
   1.236 +	  font-weight: bold;
   1.237 +	  font-size: 10pt;
   1.238 +	  margin-left: 0em;
   1.239 +	  margin-right: 0em;
   1.240 +	  }
   1.241 +	  ul.toc li li {
   1.242 +	  line-height: normal;
   1.243 +	  font-weight: normal;
   1.244 +	  font-size: 9pt;
   1.245 +	  margin-left: 0em;
   1.246 +	  margin-right: 0em;
   1.247 +	  }
   1.248 +	  li.excluded {
   1.249 +	  font-size: 0pt;
   1.250 +	  }
   1.251 +	  ul p {
   1.252 +	  margin-left: 0em;
   1.253 +	  }
   1.254 +	
   1.255 +	  .comment {
   1.256 +	  background-color: yellow;
   1.257 +	  }
   1.258 +	  .center {
   1.259 +	  text-align: center;
   1.260 +	  }
   1.261 +	  .error {
   1.262 +	  color: red;
   1.263 +	  font-style: italic;
   1.264 +	  font-weight: bold;
   1.265 +	  }
   1.266 +	  .figure {
   1.267 +	  font-weight: bold;
   1.268 +	  text-align: center;
   1.269 +	  font-size: 9pt;
   1.270 +	  }
   1.271 +	  .filename {
   1.272 +	  color: #333333;
   1.273 +	  font-weight: bold;
   1.274 +	  font-size: 12pt;
   1.275 +	  line-height: 21pt;
   1.276 +	  text-align: center;
   1.277 +	  }
   1.278 +	  .fn {
   1.279 +	  font-weight: bold;
   1.280 +	  }
   1.281 +	  .hidden {
   1.282 +	  display: none;
   1.283 +	  }
   1.284 +	  .left {
   1.285 +	  text-align: left;
   1.286 +	  }
   1.287 +	  .right {
   1.288 +	  text-align: right;
   1.289 +	  }
   1.290 +	  .title {
   1.291 +	  color: #990000;
   1.292 +	  font-size: 18pt;
   1.293 +	  line-height: 18pt;
   1.294 +	  font-weight: bold;
   1.295 +	  text-align: center;
   1.296 +	  margin-top: 36pt;
   1.297 +	  }
   1.298 +	  .vcardline {
   1.299 +	  display: block;
   1.300 +	  }
   1.301 +	  .warning {
   1.302 +	  font-size: 14pt;
   1.303 +	  background-color: yellow;
   1.304 +	  }
   1.305 +	
   1.306 +	
   1.307 +	  @media print {
   1.308 +	  .noprint {
   1.309 +		display: none;
   1.310 +	  }
   1.311 +	
   1.312 +	  a {
   1.313 +		color: black;
   1.314 +		text-decoration: none;
   1.315 +	  }
   1.316 +	
   1.317 +	  table.header {
   1.318 +		width: 90%;
   1.319 +	  }
   1.320 +	
   1.321 +	  td.header {
   1.322 +		width: 50%;
   1.323 +		color: black;
   1.324 +		background-color: white;
   1.325 +		vertical-align: top;
   1.326 +		font-size: 12pt;
   1.327 +	  }
   1.328 +	
   1.329 +	  ul.toc a::after {
   1.330 +		content: leader('.') target-counter(attr(href), page);
   1.331 +	  }
   1.332 +	
   1.333 +	  ul.ind li li a {
   1.334 +		content: target-counter(attr(href), page);
   1.335 +	  }
   1.336 +	
   1.337 +	  .print2col {
   1.338 +		column-count: 2;
   1.339 +		-moz-column-count: 2;
   1.340 +		column-fill: auto;
   1.341 +	  }
   1.342 +	  }
   1.343 +	
   1.344 +	  @page {
   1.345 +	  @top-left {
   1.346 +		   content: "Internet-Draft"; 
   1.347 +	  } 
   1.348 +	  @top-right {
   1.349 +		   content: "December 2010"; 
   1.350 +	  } 
   1.351 +	  @top-center {
   1.352 +		   content: "Abbreviated Title";
   1.353 +	  } 
   1.354 +	  @bottom-left {
   1.355 +		   content: "Doe"; 
   1.356 +	  } 
   1.357 +	  @bottom-center {
   1.358 +		   content: "Expires June 2011"; 
   1.359 +	  } 
   1.360 +	  @bottom-right {
   1.361 +		   content: "[Page " counter(page) "]"; 
   1.362 +	  } 
   1.363 +	  }
   1.364 +	
   1.365 +	  @page:first { 
   1.366 +		@top-left {
   1.367 +		  content: normal;
   1.368 +		}
   1.369 +		@top-right {
   1.370 +		  content: normal;
   1.371 +		}
   1.372 +		@top-center {
   1.373 +		  content: normal;
   1.374 +		}
   1.375 +	  }
   1.376 +  /*]]>*/
   1.377 +  </style>
   1.378 +
   1.379 +  <link href="#rfc.toc" rel="Contents">
   1.380 +<link href="#rfc.section.1" rel="Chapter" title="1 Introduction">
   1.381 +<link href="#rfc.section.1.1" rel="Chapter" title="1.1 Requirements Language">
   1.382 +<link href="#rfc.section.1.2" rel="Chapter" title="1.2 Terms">
   1.383 +<link href="#rfc.section.2" rel="Chapter" title="2 Per-Message Privacy Rating">
   1.384 +<link href="#rfc.section.2.1" rel="Chapter" title="2.1 Rating Codes">
   1.385 +<link href="#rfc.section.2.2" rel="Chapter" title="2.2 Color Codes">
   1.386 +<link href="#rfc.section.2.3" rel="Chapter" title="2.3 Surjective Mapping of Rating Codes into Color Codes">
   1.387 +<link href="#rfc.section.2.4" rel="Chapter" title="2.4 Semantics of Color and Rating Codes">
   1.388 +<link href="#rfc.section.2.4.1" rel="Chapter" title="2.4.1 Red">
   1.389 +<link href="#rfc.section.2.4.2" rel="Chapter" title="2.4.2 No Color">
   1.390 +<link href="#rfc.section.2.4.3" rel="Chapter" title="2.4.3 Yellow">
   1.391 +<link href="#rfc.section.2.4.4" rel="Chapter" title="2.4.4 Green">
   1.392 +<link href="#rfc.section.3" rel="Chapter" title="3 Per-Identity Privacy Rating">
   1.393 +<link href="#rfc.section.4" rel="Chapter" title="4 Security Considerations">
   1.394 +<link href="#rfc.section.5" rel="Chapter" title="5 Privacy Considerations">
   1.395 +<link href="#rfc.section.6" rel="Chapter" title="6 IANA Considerations">
   1.396 +<link href="#rfc.section.7" rel="Chapter" title="7 Implementation Status">
   1.397 +<link href="#rfc.section.7.1" rel="Chapter" title="7.1 Introduction">
   1.398 +<link href="#rfc.section.7.2" rel="Chapter" title="7.2 Current software implementing pEp">
   1.399 +<link href="#rfc.section.8" rel="Chapter" title="8 Acknowledgements">
   1.400 +<link href="#rfc.references" rel="Chapter" title="9 References">
   1.401 +<link href="#rfc.references.1" rel="Chapter" title="9.1 Normative References">
   1.402 +<link href="#rfc.references.2" rel="Chapter" title="9.2 Informative References">
   1.403 +<link href="#rfc.appendix.A" rel="Chapter" title="A Excerpts from the pEp Reference Implementation">
   1.404 +<link href="#rfc.appendix.A.1" rel="Chapter" title="A.1 pEp rating">
   1.405 +<link href="#rfc.appendix.B" rel="Chapter" title="B Document Changelog">
   1.406 +<link href="#rfc.appendix.C" rel="Chapter" title="C Open Issues">
   1.407 +<link href="#rfc.authors" rel="Chapter">
   1.408 +
   1.409 +
   1.410 +  <meta name="generator" content="xml2rfc version 2.37.3 - https://tools.ietf.org/tools/xml2rfc" />
   1.411 +  <link rel="schema.dct" href="http://purl.org/dc/terms/" />
   1.412 +
   1.413 +  <meta name="dct.creator" content="Marques, H. and B. Hoeneisen" />
   1.414 +  <meta name="dct.identifier" content="urn:ietf:id:draft-marques-pep-rating-03" />
   1.415 +  <meta name="dct.issued" scheme="ISO8601" content="2020-01-08" />
   1.416 +  <meta name="dct.abstract" content="In many Opportunistic Security scenarios end-to-end encryption is automatized for Internet users. In addition, it is often required to provide the users with easy means to carry out authentication.Depending on several factors, each communication channel to different peers may have a different Privacy Status, e.g., unencrypted, encrypted and encrypted as well as authenticated. Even each message from/to a single peer may have a different Privacy Status.To display the actual Privacy Status to the user, this document defines a Privacy Rating scheme and its mapping to a traffic-light semantics. A Privacy Status is defined on a per-message basis as well as on a per-identity basis. The traffic-light semantics (as color rating) allows for a clear and easily understandable presentation to the user in order to optimize the User Experience (UX).This rating system is most beneficial to Opportunistic Security scenarios and is already implemented in several applications of pretty Easy privacy (pEp)." />
   1.417 +  <meta name="description" content="In many Opportunistic Security scenarios end-to-end encryption is automatized for Internet users. In addition, it is often required to provide the users with easy means to carry out authentication.Depending on several factors, each communication channel to different peers may have a different Privacy Status, e.g., unencrypted, encrypted and encrypted as well as authenticated. Even each message from/to a single peer may have a different Privacy Status.To display the actual Privacy Status to the user, this document defines a Privacy Rating scheme and its mapping to a traffic-light semantics. A Privacy Status is defined on a per-message basis as well as on a per-identity basis. The traffic-light semantics (as color rating) allows for a clear and easily understandable presentation to the user in order to optimize the User Experience (UX).This rating system is most beneficial to Opportunistic Security scenarios and is already implemented in several applications of pretty Easy privacy (pEp)." />
   1.418 +
   1.419 +</head>
   1.420 +
   1.421 +<body>
   1.422 +
   1.423 +  <table class="header">
   1.424 +    <tbody>
   1.425 +    
   1.426 +    	<tr>
   1.427 +<td class="left">Network Working Group</td>
   1.428 +<td class="right">H. Marques</td>
   1.429 +</tr>
   1.430 +<tr>
   1.431 +<td class="left">Internet-Draft</td>
   1.432 +<td class="right">B. Hoeneisen</td>
   1.433 +</tr>
   1.434 +<tr>
   1.435 +<td class="left">Intended status: Informational</td>
   1.436 +<td class="right">pEp Foundation</td>
   1.437 +</tr>
   1.438 +<tr>
   1.439 +<td class="left">Expires: July 11, 2020</td>
   1.440 +<td class="right">January 08, 2020</td>
   1.441 +</tr>
   1.442 +
   1.443 +    	
   1.444 +    </tbody>
   1.445 +  </table>
   1.446 +
   1.447 +  <p class="title">pretty Easy privacy (pEp): Mapping of Privacy Rating<br />
   1.448 +  <span class="filename">draft-marques-pep-rating-03</span></p>
   1.449 +  
   1.450 +  <h1 id="rfc.abstract"><a href="#rfc.abstract">Abstract</a></h1>
   1.451 +<p>In many Opportunistic Security scenarios end-to-end encryption is automatized for Internet users. In addition, it is often required to provide the users with easy means to carry out authentication.</p>
   1.452 +<p>Depending on several factors, each communication channel to different peers may have a different Privacy Status, e.g., unencrypted, encrypted and encrypted as well as authenticated. Even each message from/to a single peer may have a different Privacy Status.</p>
   1.453 +<p>To display the actual Privacy Status to the user, this document defines a Privacy Rating scheme and its mapping to a traffic-light semantics. A Privacy Status is defined on a per-message basis as well as on a per-identity basis. The traffic-light semantics (as color rating) allows for a clear and easily understandable presentation to the user in order to optimize the User Experience (UX).</p>
   1.454 +<p>This rating system is most beneficial to Opportunistic Security scenarios and is already implemented in several applications of pretty Easy privacy (pEp).</p>
   1.455 +<h1 id="rfc.status"><a href="#rfc.status">Status of This Memo</a></h1>
   1.456 +<p>This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.</p>
   1.457 +<p>Internet-Drafts are working documents of the Internet Engineering Task Force (IETF).  Note that other groups may also distribute working documents as Internet-Drafts.  The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.</p>
   1.458 +<p>Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time.  It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."</p>
   1.459 +<p>This Internet-Draft will expire on July 11, 2020.</p>
   1.460 +<h1 id="rfc.copyrightnotice"><a href="#rfc.copyrightnotice">Copyright Notice</a></h1>
   1.461 +<p>Copyright (c) 2020 IETF Trust and the persons identified as the document authors.  All rights reserved.</p>
   1.462 +<p>This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document.  Please review these documents carefully, as they describe your rights and restrictions with respect to this document.  Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.</p>
   1.463 +
   1.464 +  
   1.465 +  <hr class="noprint" />
   1.466 +  <h1 class="np" id="rfc.toc"><a href="#rfc.toc">Table of Contents</a></h1>
   1.467 +  <ul class="toc">
   1.468 +
   1.469 +  	<li>1.   <a href="#rfc.section.1">Introduction</a>
   1.470 +</li>
   1.471 +<ul><li>1.1.   <a href="#rfc.section.1.1">Requirements Language</a>
   1.472 +</li>
   1.473 +<li>1.2.   <a href="#rfc.section.1.2">Terms</a>
   1.474 +</li>
   1.475 +</ul><li>2.   <a href="#rfc.section.2">Per-Message Privacy Rating</a>
   1.476 +</li>
   1.477 +<ul><li>2.1.   <a href="#rfc.section.2.1">Rating Codes</a>
   1.478 +</li>
   1.479 +<li>2.2.   <a href="#rfc.section.2.2">Color Codes</a>
   1.480 +</li>
   1.481 +<li>2.3.   <a href="#rfc.section.2.3">Surjective Mapping of Rating Codes into Color Codes</a>
   1.482 +</li>
   1.483 +<li>2.4.   <a href="#rfc.section.2.4">Semantics of Color and Rating Codes</a>
   1.484 +</li>
   1.485 +<ul><li>2.4.1.   <a href="#rfc.section.2.4.1">Red</a>
   1.486 +</li>
   1.487 +<li>2.4.2.   <a href="#rfc.section.2.4.2">No Color</a>
   1.488 +</li>
   1.489 +<li>2.4.3.   <a href="#rfc.section.2.4.3">Yellow</a>
   1.490 +</li>
   1.491 +<li>2.4.4.   <a href="#rfc.section.2.4.4">Green</a>
   1.492 +</li>
   1.493 +</ul></ul><li>3.   <a href="#rfc.section.3">Per-Identity Privacy Rating</a>
   1.494 +</li>
   1.495 +<li>4.   <a href="#rfc.section.4">Security Considerations</a>
   1.496 +</li>
   1.497 +<li>5.   <a href="#rfc.section.5">Privacy Considerations</a>
   1.498 +</li>
   1.499 +<li>6.   <a href="#rfc.section.6">IANA Considerations</a>
   1.500 +</li>
   1.501 +<li>7.   <a href="#rfc.section.7">Implementation Status</a>
   1.502 +</li>
   1.503 +<ul><li>7.1.   <a href="#rfc.section.7.1">Introduction</a>
   1.504 +</li>
   1.505 +<li>7.2.   <a href="#rfc.section.7.2">Current software implementing pEp</a>
   1.506 +</li>
   1.507 +</ul><li>8.   <a href="#rfc.section.8">Acknowledgements</a>
   1.508 +</li>
   1.509 +<li>9.   <a href="#rfc.references">References</a>
   1.510 +</li>
   1.511 +<ul><li>9.1.   <a href="#rfc.references.1">Normative References</a>
   1.512 +</li>
   1.513 +<li>9.2.   <a href="#rfc.references.2">Informative References</a>
   1.514 +</li>
   1.515 +</ul><li>Appendix A.   <a href="#rfc.appendix.A">Excerpts from the pEp Reference Implementation</a>
   1.516 +</li>
   1.517 +<ul><li>A.1.   <a href="#rfc.appendix.A.1">pEp rating</a>
   1.518 +</li>
   1.519 +</ul><li>Appendix B.   <a href="#rfc.appendix.B">Document Changelog</a>
   1.520 +</li>
   1.521 +<li>Appendix C.   <a href="#rfc.appendix.C">Open Issues</a>
   1.522 +</li>
   1.523 +<li><a href="#rfc.authors">Authors' Addresses</a>
   1.524 +</li>
   1.525 +
   1.526 +
   1.527 +  </ul>
   1.528 +
   1.529 +  <h1 id="rfc.section.1">
   1.530 +<a href="#rfc.section.1">1.</a> <a href="#introduction" id="introduction">Introduction</a>
   1.531 +</h1>
   1.532 +<p id="rfc.section.1.p.1">In many Opportunistic Security <a href="#RFC7435" class="xref">[RFC7435]</a> scenarios end-to-end encryption is automatized for Internet users. In addition, it is often required to provide the users with easy means to carry out authentication.</p>
   1.533 +<p id="rfc.section.1.p.2">Depending on several factors, each communication channel to different identities may have a different Privacy Status, e.g.</p>
   1.534 +<p></p>
   1.535 +
   1.536 +<ul>
   1.537 +<li>unreliable</li>
   1.538 +<li>encrypted</li>
   1.539 +<li>encrypted and authenticated</li>
   1.540 +<li>mistrusted</li>
   1.541 +</ul>
   1.542 +<p id="rfc.section.1.p.4">Even each message from or to a single peer may have a different Privacy Status.</p>
   1.543 +<p id="rfc.section.1.p.5">To display the actual Privacy Status to the user, this document defines a Privacy Rating scheme and its mapping to a traffic-light semantics, i.e., a mapping to different color codes as used in a traffic-light:</p>
   1.544 +<p></p>
   1.545 +
   1.546 +<ul>
   1.547 +<li>red</li>
   1.548 +<li>yellow</li>
   1.549 +<li>green</li>
   1.550 +<li>no color (or gray)</li>
   1.551 +</ul>
   1.552 +<p id="rfc.section.1.p.7">Note: While &#8220;yellow&#8221; color is used in the context of traffic-lights (e.g., in North America), in other parts of the world (e.g., the UK) this is generally referred to as &#8220;orange&#8221; or &#8220;amber&#8221; lights. For the scope of this document, &#8220;yellow&#8221;, &#8220;amber&#8221;, and &#8220;orange&#8221; refer to the same semantics.</p>
   1.553 +<p id="rfc.section.1.p.8">A Privacy Status is defined on a per-message basis as well as on a per-identity basis. The traffic-light semantics (as color rating) allows for a clear and easily understandable presentation to the user in order to optimize the User Experience (UX). To serve also (color-)blind Internet users or those using monochrome displays, the traffic light color semantics may also be presented by simple texts and symbols for signaling the corresponding Privacy Status.</p>
   1.554 +<p id="rfc.section.1.p.9">The proposed definitions are already implemented and used in applications of pretty Easy privacy (pEp) <a href="#I-D.birk-pep" class="xref">[I-D.birk-pep]</a>. This document is targeted to applications based on the pEp framework and Opportunistic Security <a href="#RFC7435" class="xref">[RFC7435]</a>. However, it may be also used in other applications as suitable.</p>
   1.555 +<p id="rfc.section.1.p.10">Note: The pEp <a href="#I-D.birk-pep" class="xref">[I-D.birk-pep]</a> framework proposes to automatize the use of end-to-end encryption for Internet users of email and other messaging applications and introduces methods to easily allow authentication.</p>
   1.556 +<h1 id="rfc.section.1.1">
   1.557 +<a href="#rfc.section.1.1">1.1.</a> <a href="#requirements-language" id="requirements-language">Requirements Language</a>
   1.558 +</h1>
   1.559 +<p id="rfc.section.1.1.p.1">The key words &#8220;MUST&#8221;, &#8220;MUST NOT&#8221;, &#8220;REQUIRED&#8221;, &#8220;SHALL&#8221;, &#8220;SHALL NOT&#8221;, &#8220;SHOULD&#8221;, &#8220;SHOULD NOT&#8221;, &#8220;RECOMMENDED&#8221;, &#8220;MAY&#8221;, and &#8220;OPTIONAL&#8221; in this document are to be interpreted as described in <a href="#RFC2119" class="xref">[RFC2119]</a>.</p>
   1.560 +<h1 id="rfc.section.1.2">
   1.561 +<a href="#rfc.section.1.2">1.2.</a> <a href="#terms" id="terms">Terms</a>
   1.562 +</h1>
   1.563 +<p id="rfc.section.1.2.p.1">The following terms are defined for the scope of this document:</p>
   1.564 +<p></p>
   1.565 +
   1.566 +<ul>
   1.567 +<li>pEp Handshake: The process of one user contacting another over an independent channel in order to verify Trustwords (or fingerprints as a fallback). This can be done in-person or through established verbal communication channels, like a phone call. <a href="#I-D.marques-pep-handshake" class="xref">[I-D.marques-pep-handshake]</a>
   1.568 +</li>
   1.569 +<li>Trustwords: A scalar-to-word representation of 16-bit numbers (0 to 65535) to natural language words. When doing a Handshake, peers are shown combined Trustwords of both public keys involved to ease the comparison. <a href="#I-D.birk-pep-trustwords" class="xref">[I-D.birk-pep-trustwords]</a>
   1.570 +</li>
   1.571 +</ul>
   1.572 +<p></p>
   1.573 +
   1.574 +<ul><li>Trust On First Use (TOFU): cf. <a href="#RFC7435" class="xref">[RFC7435]</a>, which states: &#8220;In a protocol, TOFU calls for accepting and storing a public key or credential associated with an asserted identity, without authenticating that assertion. Subsequent communication that is authenticated using the cached key or credential is secure against an MiTM attack, if such an attack did not succeed during the vulnerable initial communication.&#8221;</li></ul>
   1.575 +<p></p>
   1.576 +
   1.577 +<ul><li>Man-in-the-middle (MITM) attack: cf. <a href="#RFC4949" class="xref">[RFC4949]</a>, which states: &#8220;A form of active wiretapping attack in which the attacker intercepts and selectively modifies communicated data to masquerade as one or more of the entities involved in a communication association.&#8221;</li></ul>
   1.578 +<h1 id="rfc.section.2">
   1.579 +<a href="#rfc.section.2">2.</a> <a href="#per-message-privacy-rating" id="per-message-privacy-rating">Per-Message Privacy Rating</a>
   1.580 +</h1>
   1.581 +<h1 id="rfc.section.2.1">
   1.582 +<a href="#rfc.section.2.1">2.1.</a> <a href="#rating-codes" id="rating-codes">Rating Codes</a>
   1.583 +</h1>
   1.584 +<p id="rfc.section.2.1.p.1">To rate messages (cf. also <a href="#pep-rating" class="xref">Appendix A.1</a>), the following 13 Rating codes are defined as scalar values (decimal):</p>
   1.585 +<table cellpadding="3" cellspacing="0" class="tt full center">
   1.586 +<thead><tr>
   1.587 +<th class="left">Rating code</th>
   1.588 +<th class="right">Rating label</th>
   1.589 +</tr></thead>
   1.590 +<tbody>
   1.591 +<tr>
   1.592 +<td class="left">-3</td>
   1.593 +<td class="right">under attack</td>
   1.594 +</tr>
   1.595 +<tr>
   1.596 +<td class="left">-2</td>
   1.597 +<td class="right">broken</td>
   1.598 +</tr>
   1.599 +<tr>
   1.600 +<td class="left">-1</td>
   1.601 +<td class="right">mistrust</td>
   1.602 +</tr>
   1.603 +<tr>
   1.604 +<td class="left">0</td>
   1.605 +<td class="right">undefined</td>
   1.606 +</tr>
   1.607 +<tr>
   1.608 +<td class="left">1</td>
   1.609 +<td class="right">cannot decrypt</td>
   1.610 +</tr>
   1.611 +<tr>
   1.612 +<td class="left">2</td>
   1.613 +<td class="right">have no key</td>
   1.614 +</tr>
   1.615 +<tr>
   1.616 +<td class="left">3</td>
   1.617 +<td class="right">unencrypted</td>
   1.618 +</tr>
   1.619 +<tr>
   1.620 +<td class="left">4</td>
   1.621 +<td class="right">unencrypted for some</td>
   1.622 +</tr>
   1.623 +<tr>
   1.624 +<td class="left">5</td>
   1.625 +<td class="right">unreliable</td>
   1.626 +</tr>
   1.627 +<tr>
   1.628 +<td class="left">6</td>
   1.629 +<td class="right">reliable</td>
   1.630 +</tr>
   1.631 +<tr>
   1.632 +<td class="left">7</td>
   1.633 +<td class="right">trusted</td>
   1.634 +</tr>
   1.635 +<tr>
   1.636 +<td class="left">8</td>
   1.637 +<td class="right">trusted and anonymized</td>
   1.638 +</tr>
   1.639 +<tr>
   1.640 +<td class="left">9</td>
   1.641 +<td class="right">fully anonymous</td>
   1.642 +</tr>
   1.643 +</tbody>
   1.644 +</table>
   1.645 +<h1 id="rfc.section.2.2">
   1.646 +<a href="#rfc.section.2.2">2.2.</a> <a href="#color-codes" id="color-codes">Color Codes</a>
   1.647 +</h1>
   1.648 +<p id="rfc.section.2.2.p.1">For an Internet user to understand what the available Privacy Status is, the following colors (traffic-light semantics) are defined:</p>
   1.649 +<table cellpadding="3" cellspacing="0" class="tt full center">
   1.650 +<thead><tr>
   1.651 +<th class="left">Color code</th>
   1.652 +<th class="right">Color label</th>
   1.653 +</tr></thead>
   1.654 +<tbody>
   1.655 +<tr>
   1.656 +<td class="left">-1</td>
   1.657 +<td class="right">red</td>
   1.658 +</tr>
   1.659 +<tr>
   1.660 +<td class="left">0</td>
   1.661 +<td class="right">no color</td>
   1.662 +</tr>
   1.663 +<tr>
   1.664 +<td class="left">1</td>
   1.665 +<td class="right">yellow</td>
   1.666 +</tr>
   1.667 +<tr>
   1.668 +<td class="left">2</td>
   1.669 +<td class="right">green</td>
   1.670 +</tr>
   1.671 +</tbody>
   1.672 +</table>
   1.673 +<h1 id="rfc.section.2.3">
   1.674 +<a href="#rfc.section.2.3">2.3.</a> <a href="#surjective-mapping-of-rating-codes-into-color-codes" id="surjective-mapping-of-rating-codes-into-color-codes">Surjective Mapping of Rating Codes into Color Codes</a>
   1.675 +</h1>
   1.676 +<p id="rfc.section.2.3.p.1">Corresponding User Experience (UX) implementations use a surjective mapping of the Rating Codes into the Color Codes (in traffic light semantics) as follows:</p>
   1.677 +<table cellpadding="3" cellspacing="0" class="tt full center">
   1.678 +<thead><tr>
   1.679 +<th class="left">Rating codes</th>
   1.680 +<th class="left">Color code</th>
   1.681 +<th class="right">Color label</th>
   1.682 +</tr></thead>
   1.683 +<tbody>
   1.684 +<tr>
   1.685 +<td class="left">-3 to -1</td>
   1.686 +<td class="left">-1</td>
   1.687 +<td class="right">red</td>
   1.688 +</tr>
   1.689 +<tr>
   1.690 +<td class="left">0 to 5</td>
   1.691 +<td class="left">0</td>
   1.692 +<td class="right">no color</td>
   1.693 +</tr>
   1.694 +<tr>
   1.695 +<td class="left">6</td>
   1.696 +<td class="left">1</td>
   1.697 +<td class="right">yellow</td>
   1.698 +</tr>
   1.699 +<tr>
   1.700 +<td class="left">7 to 9</td>
   1.701 +<td class="left">2</td>
   1.702 +<td class="right">green</td>
   1.703 +</tr>
   1.704 +</tbody>
   1.705 +</table>
   1.706 +<p id="rfc.section.2.3.p.2">This mapping is used in current pEp implementations to signal the Privacy Status (cf. <a href="#current-software-implementing-pep" class="xref">Section 7.2</a>).</p>
   1.707 +<h1 id="rfc.section.2.4">
   1.708 +<a href="#rfc.section.2.4">2.4.</a> <a href="#semantics-of-color-and-rating-codes" id="semantics-of-color-and-rating-codes">Semantics of Color and Rating Codes</a>
   1.709 +</h1>
   1.710 +<h1 id="rfc.section.2.4.1">
   1.711 +<a href="#rfc.section.2.4.1">2.4.1.</a> <a href="#red" id="red">Red</a>
   1.712 +</h1>
   1.713 +<p id="rfc.section.2.4.1.p.1">The red color MUST only be used in three cases:</p>
   1.714 +<p></p>
   1.715 +
   1.716 +<ul>
   1.717 +<li>Rating code -3: A man-in-the-middle (MITM) attack could be detected.</li>
   1.718 +<li>Rating code -2: The message was tempered with.</li>
   1.719 +<li>Rating code -1: The user explicitly states he mistrusts a peer, e.g., because a Handshake <a href="#I-D.marques-pep-handshake" class="xref">[I-D.marques-pep-handshake]</a> mismatched or when the user learns the communication partner was attacked and might have gotten the corresponding secret key leaked.</li>
   1.720 +</ul>
   1.721 +<h1 id="rfc.section.2.4.2">
   1.722 +<a href="#rfc.section.2.4.2">2.4.2.</a> <a href="#no-color" id="no-color">No Color</a>
   1.723 +</h1>
   1.724 +<p id="rfc.section.2.4.2.p.1">No specific (or a gray color) MUST be shown in the following cases:</p>
   1.725 +<p></p>
   1.726 +
   1.727 +<ul>
   1.728 +<li>Rating code 0: A message can be rendered, but the encryption status is not clear, i.e., undefined</li>
   1.729 +<li>Rating code 1: A message cannot be decrypted (because of an error not covered by rating code 2 below).</li>
   1.730 +<li>Rating code 2: No key is available to decrypt a message (because it was encrypted with a public key for which no secret key could be found).</li>
   1.731 +<li>Rating code 3: A message is received or sent out unencrypted (because it was received unencrypted or there&#8217;s no public key to encrypt a message to a recipient).</li>
   1.732 +<li>Rating code 4: A message is sent out unencrypted for some of the recipients of a group (because there&#8217;s at least one recipient in the group whose public key is not available to the sender).</li>
   1.733 +<li>Rating code 5: A message is encrypted, but cryptographic parameters (e.g., the cryptographic method employed or key length) are insufficient.</li>
   1.734 +</ul>
   1.735 +<h1 id="rfc.section.2.4.3">
   1.736 +<a href="#rfc.section.2.4.3">2.4.3.</a> <a href="#yellow" id="yellow">Yellow</a>
   1.737 +</h1>
   1.738 +<p></p>
   1.739 +
   1.740 +<ul><li>Rating code 6: Whenever a message can be encrypted or decrypted with sufficient cryptographic parameters, it&#8217;s considered reliable. It is mapped into the yellow color code.</li></ul>
   1.741 +<h1 id="rfc.section.2.4.4">
   1.742 +<a href="#rfc.section.2.4.4">2.4.4.</a> <a href="#green" id="green">Green</a>
   1.743 +</h1>
   1.744 +<p></p>
   1.745 +
   1.746 +<ul><li>Rating code 7: A message is mapped into the green color code only if a pEp handshake <a href="#I-D.marques-pep-handshake" class="xref">[I-D.marques-pep-handshake]</a> was successfully carried out.</li></ul>
   1.747 +<p id="rfc.section.2.4.4.p.2">By consequence that means, that the pEp propositions don&#8217;t strictly follow the TOFU (cf. <a href="#RFC7435" class="xref">[RFC7435]</a>) approach, in order to avoid signaling trust without peers verifying their channel first.</p>
   1.748 +<p id="rfc.section.2.4.4.p.3">In current pEp implementations (cf. <a href="#implementation-status" class="xref">Section 7</a>) only rating code 7 is achieved.</p>
   1.749 +<p id="rfc.section.2.4.4.p.4">The rating codes 8 and 9 are reserved for future use in pEp implementations which also secure meta-data (rating code 8), by using a peer-to-peer framework like GNUnet <a href="#GNUnet" class="xref">[GNUnet]</a>, and/or allow for fully anonymous communications (rating code 9), where sender and receiver don&#8217;t know each other, but trust between the endpoints could be established nevertheless.</p>
   1.750 +<h1 id="rfc.section.3">
   1.751 +<a href="#rfc.section.3">3.</a> <a href="#per-identity-privacy-rating" id="per-identity-privacy-rating">Per-Identity Privacy Rating</a>
   1.752 +</h1>
   1.753 +<p id="rfc.section.3.p.1">The same Color Codes (red, no color, yellow and green) as for messages (cf. <a href="#color-codes" class="xref">Section 2.2</a>) MUST be applied for identities (peers), so that a user can easily understand, which identities private communication is possible with.</p>
   1.754 +<p id="rfc.section.3.p.2">The green color code MUST be applied to an identity whom the pEp handshake <a href="#I-D.marques-pep-handshake" class="xref">[I-D.marques-pep-handshake]</a> was successfully carried out with.</p>
   1.755 +<p id="rfc.section.3.p.3">The yellow color code MUST be set whenever a public key could be obtained to securely encrypt messages to an identity, although a MITM attack cannot be excluded.</p>
   1.756 +<p id="rfc.section.3.p.4">The no color code MUST be used for the case that no public key is available to engage in private communications with an identity.</p>
   1.757 +<p id="rfc.section.3.p.5">The red color code MUST only be used when an identity is marked as mistrusted.</p>
   1.758 +<p id="rfc.section.3.p.6">[[ It&#8217;s not yet clear if there are proper cases where it makes sense to set an identity automatically to the red color code, as it appears to be difficult to detect attacks (e.g., secret key leakage) at the other endpoint with certainty.  ]]</p>
   1.759 +<h1 id="rfc.section.4">
   1.760 +<a href="#rfc.section.4">4.</a> <a href="#security-considerations" id="security-considerations">Security Considerations</a>
   1.761 +</h1>
   1.762 +<p id="rfc.section.4.p.1">[[ TODO ]]</p>
   1.763 +<h1 id="rfc.section.5">
   1.764 +<a href="#rfc.section.5">5.</a> <a href="#privacy-considerations" id="privacy-considerations">Privacy Considerations</a>
   1.765 +</h1>
   1.766 +<p id="rfc.section.5.p.1">[[ TODO ]]</p>
   1.767 +<h1 id="rfc.section.6">
   1.768 +<a href="#rfc.section.6">6.</a> <a href="#iana-considerations" id="iana-considerations">IANA Considerations</a>
   1.769 +</h1>
   1.770 +<p id="rfc.section.6.p.1">This document has no actions for IANA.</p>
   1.771 +<h1 id="rfc.section.7">
   1.772 +<a href="#rfc.section.7">7.</a> <a href="#implementation-status" id="implementation-status">Implementation Status</a>
   1.773 +</h1>
   1.774 +<h1 id="rfc.section.7.1">
   1.775 +<a href="#rfc.section.7.1">7.1.</a> <a href="#introduction-1" id="introduction-1">Introduction</a>
   1.776 +</h1>
   1.777 +<p id="rfc.section.7.1.p.1">This section records the status of known implementations of the protocol defined by this specification at the time of posting of this Internet-Draft, and is based on a proposal described in <a href="#RFC7942" class="xref">[RFC7942]</a>.  The description of implementations in this section is intended to assist the IETF in its decision processes in progressing drafts to RFCs. Please note that the listing of any individual implementation here does not imply endorsement by the IETF. Furthermore, no effort has been spent to verify the information presented here that was supplied by IETF contributors.  This is not intended as, and must not be construed to be, a catalog of available implementations or their features. Readers are advised to note that other implementations may exist.</p>
   1.778 +<p id="rfc.section.7.1.p.2">According to <a href="#RFC7942" class="xref">[RFC7942]</a>, &#8220;[&#8230;] this will allow reviewers and working groups to assign due consideration to documents that have the benefit of running code, which may serve as evidence of valuable experimentation and feedback that have made the implemented protocols more mature. It is up to the individual working groups to use this information as they see fit.&#8221;</p>
   1.779 +<h1 id="rfc.section.7.2">
   1.780 +<a href="#rfc.section.7.2">7.2.</a> <a href="#current-software-implementing-pep" id="current-software-implementing-pep">Current software implementing pEp</a>
   1.781 +</h1>
   1.782 +<p id="rfc.section.7.2.p.1">The following software implementing the pEp protocols (to varying degrees) already exists:</p>
   1.783 +<p></p>
   1.784 +
   1.785 +<ul>
   1.786 +<li>pEp for Outlook as add-on for Microsoft Outlook, release <a href="#SRC.pepforoutlook" class="xref">[SRC.pepforoutlook]</a>
   1.787 +</li>
   1.788 +<li>pEp for Android (based on a fork of the K9 MUA), release <a href="#SRC.pepforandroid" class="xref">[SRC.pepforandroid]</a>
   1.789 +</li>
   1.790 +<li>Enigmail/pEp as add-on for Mozilla Thunderbird, release <a href="#SRC.enigmailpep" class="xref">[SRC.enigmailpep]</a>
   1.791 +</li>
   1.792 +<li>pEp for iOS (implemented in a new MUA), beta <a href="#SRC.pepforios" class="xref">[SRC.pepforios]</a>
   1.793 +</li>
   1.794 +</ul>
   1.795 +<p id="rfc.section.7.2.p.3">pEp for Android, iOS and Outlook are provided by pEp Security, a commercial entity specializing in end-user software implementing pEp while Enigmail/pEp is pursued as community project, supported by the pEp Foundation.</p>
   1.796 +<p id="rfc.section.7.2.p.4">All software is available as Free Software and published also in source form.</p>
   1.797 +<h1 id="rfc.section.8">
   1.798 +<a href="#rfc.section.8">8.</a> <a href="#acknowledgements" id="acknowledgements">Acknowledgements</a>
   1.799 +</h1>
   1.800 +<p id="rfc.section.8.p.1">The authors would like to thank the following people who have provided feedback or significant contributions to the development of this document: Leon Schumacher and Volker Birk</p>
   1.801 +<p id="rfc.section.8.p.2">This work was initially created by pEp Foundation, and then reviewed and extended with funding by the Internet Society&#8217;s Beyond the Net Programme on standardizing pEp. <a href="#ISOC.bnet" class="xref">[ISOC.bnet]</a></p>
   1.802 +<h1 id="rfc.references">
   1.803 +<a href="#rfc.references">9.</a> References</h1>
   1.804 +<h1 id="rfc.references.1">
   1.805 +<a href="#rfc.references.1">9.1.</a> Normative References</h1>
   1.806 +<table><tbody>
   1.807 +<tr>
   1.808 +<td class="reference"><b id="I-D.birk-pep">[I-D.birk-pep]</b></td>
   1.809 +<td class="top">
   1.810 +<a>Birk, V.</a>, <a>Marques, H.</a> and <a>B. Hoeneisen</a>, "<a href="https://tools.ietf.org/html/draft-birk-pep-05">pretty Easy privacy (pEp): Privacy by Default</a>", Internet-Draft draft-birk-pep-05, November 2019.</td>
   1.811 +</tr>
   1.812 +<tr>
   1.813 +<td class="reference"><b id="RFC2119">[RFC2119]</b></td>
   1.814 +<td class="top">
   1.815 +<a>Bradner, S.</a>, "<a href="https://tools.ietf.org/html/rfc2119">Key words for use in RFCs to Indicate Requirement Levels</a>", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997.</td>
   1.816 +</tr>
   1.817 +<tr>
   1.818 +<td class="reference"><b id="RFC4949">[RFC4949]</b></td>
   1.819 +<td class="top">
   1.820 +<a>Shirey, R.</a>, "<a href="https://tools.ietf.org/html/rfc4949">Internet Security Glossary, Version 2</a>", FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007.</td>
   1.821 +</tr>
   1.822 +<tr>
   1.823 +<td class="reference"><b id="RFC7435">[RFC7435]</b></td>
   1.824 +<td class="top">
   1.825 +<a>Dukhovni, V.</a>, "<a href="https://tools.ietf.org/html/rfc7435">Opportunistic Security: Some Protection Most of the Time</a>", RFC 7435, DOI 10.17487/RFC7435, December 2014.</td>
   1.826 +</tr>
   1.827 +</tbody></table>
   1.828 +<h1 id="rfc.references.2">
   1.829 +<a href="#rfc.references.2">9.2.</a> Informative References</h1>
   1.830 +<table><tbody>
   1.831 +<tr>
   1.832 +<td class="reference"><b id="GNUnet">[GNUnet]</b></td>
   1.833 +<td class="top">
   1.834 +<a>Grothoff, C.</a>, "<a href="https://grothoff.org/christian/habil.pdf">The GNUnet System</a>", October 2017.</td>
   1.835 +</tr>
   1.836 +<tr>
   1.837 +<td class="reference"><b id="I-D.birk-pep-trustwords">[I-D.birk-pep-trustwords]</b></td>
   1.838 +<td class="top">
   1.839 +<a>Hoeneisen, B.</a> and <a>H. Marques</a>, "<a href="https://tools.ietf.org/html/draft-birk-pep-trustwords-04">IANA Registration of Trustword Lists: Guide, Template and IANA Considerations</a>", Internet-Draft draft-birk-pep-trustwords-04, July 2019.</td>
   1.840 +</tr>
   1.841 +<tr>
   1.842 +<td class="reference"><b id="I-D.marques-pep-handshake">[I-D.marques-pep-handshake]</b></td>
   1.843 +<td class="top">
   1.844 +<a>Marques, H.</a> and <a>B. Hoeneisen</a>, "<a href="https://tools.ietf.org/html/draft-marques-pep-handshake-03">pretty Easy privacy (pEp): Contact and Channel Authentication through Handshake</a>", Internet-Draft draft-marques-pep-handshake-03, July 2019.</td>
   1.845 +</tr>
   1.846 +<tr>
   1.847 +<td class="reference"><b id="ISOC.bnet">[ISOC.bnet]</b></td>
   1.848 +<td class="top">
   1.849 +<a>Simao, I.</a>, "<a href="https://www.internetsociety.org/blog/2017/06/12-innovative-projects-selected-for-beyond-the-net-funding/">Beyond the Net. 12 Innovative Projects Selected for Beyond the Net Funding. Implementing Privacy via Mass Encryption: Standardizing pretty Easy privacy&#8217;s protocols</a>", June 2017.</td>
   1.850 +</tr>
   1.851 +<tr>
   1.852 +<td class="reference"><b id="RFC7942">[RFC7942]</b></td>
   1.853 +<td class="top">
   1.854 +<a>Sheffer, Y.</a> and <a>A. Farrel</a>, "<a href="https://tools.ietf.org/html/rfc7942">Improving Awareness of Running Code: The Implementation Status Section</a>", BCP 205, RFC 7942, DOI 10.17487/RFC7942, July 2016.</td>
   1.855 +</tr>
   1.856 +<tr>
   1.857 +<td class="reference"><b id="SRC.enigmailpep">[SRC.enigmailpep]</b></td>
   1.858 +<td class="top">"<a href="https://enigmail.net/index.php/en/download/source-code">Source code for Enigmail/pEp</a>", July 2019.</td>
   1.859 +</tr>
   1.860 +<tr>
   1.861 +<td class="reference"><b id="SRC.pepforandroid">[SRC.pepforandroid]</b></td>
   1.862 +<td class="top">"<a href="https://pep-security.lu/gitlab/android/pep">Source code for pEp for Android</a>", July 2019.</td>
   1.863 +</tr>
   1.864 +<tr>
   1.865 +<td class="reference"><b id="SRC.pepforios">[SRC.pepforios]</b></td>
   1.866 +<td class="top">"<a href="https://pep-security.ch/dev/repos/pEp_for_iOS/">Source code for pEp for iOS</a>", July 2019.</td>
   1.867 +</tr>
   1.868 +<tr>
   1.869 +<td class="reference"><b id="SRC.pepforoutlook">[SRC.pepforoutlook]</b></td>
   1.870 +<td class="top">"<a href="https://pep-security.lu/dev/repos/pEp_for_Outlook/">Source code for pEp for Outlook</a>", July 2019.</td>
   1.871 +</tr>
   1.872 +</tbody></table>
   1.873 +<h1 id="rfc.appendix.A">
   1.874 +<a href="#rfc.appendix.A">Appendix A.</a> <a href="#excerpts-from-the-pep-reference-implementation" id="excerpts-from-the-pep-reference-implementation">Excerpts from the pEp Reference Implementation</a>
   1.875 +</h1>
   1.876 +<p id="rfc.section.A.p.1">This section provides excerpts of the running code from the pEp reference implementation pEp engine (C99 programming language).</p>
   1.877 +<h1 id="rfc.appendix.A.1">
   1.878 +<a href="#rfc.appendix.A.1">A.1.</a> <a href="#pep-rating" id="pep-rating">pEp rating</a>
   1.879 +</h1>
   1.880 +<p id="rfc.section.A.1.p.1">From the reference implementation by the pEp foundation, src/message_api.h:</p>
   1.881 +<pre>
   1.882 +      typedef enum _PEP_rating {
   1.883 +          PEP_rating_undefined = 0,
   1.884 +          PEP_rating_cannot_decrypt,
   1.885 +          PEP_rating_have_no_key,
   1.886 +          PEP_rating_unencrypted,
   1.887 +          PEP_rating_unencrypted_for_some,
   1.888 +          PEP_rating_unreliable,
   1.889 +          PEP_rating_reliable,
   1.890 +          PEP_rating_trusted,
   1.891 +          PEP_rating_trusted_and_anonymized,
   1.892 +          PEP_rating_fully_anonymous,
   1.893 +
   1.894 +          PEP_rating_mistrust = -1,
   1.895 +          PEP_rating_b0rken = -2,
   1.896 +          PEP_rating_under_attack = -3
   1.897 +      } PEP_rating;
   1.898 +</pre>
   1.899 +<h1 id="rfc.appendix.B">
   1.900 +<a href="#rfc.appendix.B">Appendix B.</a> <a href="#document-changelog" id="document-changelog">Document Changelog</a>
   1.901 +</h1>
   1.902 +<p id="rfc.section.B.p.1">[[ RFC Editor: This section is to be removed before publication ]]</p>
   1.903 +<p></p>
   1.904 +
   1.905 +<ul>
   1.906 +<li>draft-marques-pep-rating-03: <ul><li>Updates terms and references; other minor changes</li></ul>
   1.907 +</li>
   1.908 +<li>draft-marques-pep-rating-02: <ul>
   1.909 +<li>Add Privacy and IANA Considerations sections</li>
   1.910 +<li>Updated Terms</li>
   1.911 +</ul>
   1.912 +</li>
   1.913 +<li>draft-marques-pep-rating-01: <ul>
   1.914 +<li>Update references</li>
   1.915 +<li>Minor edits</li>
   1.916 +</ul>
   1.917 +</li>
   1.918 +<li>draft-marques-pep-rating-00: <ul><li>Initial version</li></ul>
   1.919 +</li>
   1.920 +</ul>
   1.921 +<h1 id="rfc.appendix.C">
   1.922 +<a href="#rfc.appendix.C">Appendix C.</a> <a href="#open-issues" id="open-issues">Open Issues</a>
   1.923 +</h1>
   1.924 +<p id="rfc.section.C.p.1">[[ RFC Editor: This section should be empty and is to be removed before publication ]]</p>
   1.925 +<p></p>
   1.926 +
   1.927 +<ul>
   1.928 +<li>Better explain usage of Color Codes in Per-Identity Privacy Rating</li>
   1.929 +<li>Decide whether rating code scalars 6 and 7-9 should be raised to leave space for future extensions</li>
   1.930 +<li>Add Security Considerations</li>
   1.931 +<li>Add more source code excerpts to Appendix</li>
   1.932 +<li>Add rating codes for secure cryptographic methods and parameters and reference them</li>
   1.933 +</ul>
   1.934 +<h1 id="rfc.authors"><a href="#rfc.authors">Authors' Addresses</a></h1>
   1.935 +<div class="avoidbreak">
   1.936 +  <address class="vcard">
   1.937 +	<span class="vcardline">
   1.938 +	  <span class="fn">Hernani Marques</span> 
   1.939 +	  <span class="n hidden">
   1.940 +		<span class="family-name">Marques</span>
   1.941 +	  </span>
   1.942 +	</span>
   1.943 +	<span class="org vcardline">pEp Foundation</span>
   1.944 +	<span class="adr">
   1.945 +	  <span class="vcardline">Oberer Graben 4</span>
   1.946 +
   1.947 +	  <span class="vcardline">
   1.948 +		<span class="locality">CH-8400 Winterthur</span>,  
   1.949 +		<span class="region"></span>
   1.950 +		<span class="code"></span>
   1.951 +	  </span>
   1.952 +	  <span class="country-name vcardline">Switzerland</span>
   1.953 +	</span>
   1.954 +	<span class="vcardline">EMail: <a href="mailto:hernani.marques@pep.foundation">hernani.marques@pep.foundation</a></span>
   1.955 +
   1.956 +<span class="vcardline">URI: <a href="https://pep.foundation/">https://pep.foundation/</a></span>
   1.957 +
   1.958 +  </address>
   1.959 +</div><div class="avoidbreak">
   1.960 +  <address class="vcard">
   1.961 +	<span class="vcardline">
   1.962 +	  <span class="fn">Bernie Hoeneisen</span> 
   1.963 +	  <span class="n hidden">
   1.964 +		<span class="family-name">Hoeneisen</span>
   1.965 +	  </span>
   1.966 +	</span>
   1.967 +	<span class="org vcardline">pEp Foundation</span>
   1.968 +	<span class="adr">
   1.969 +	  <span class="vcardline">Oberer Graben 4</span>
   1.970 +
   1.971 +	  <span class="vcardline">
   1.972 +		<span class="locality">CH-8400 Winterthur</span>,  
   1.973 +		<span class="region"></span>
   1.974 +		<span class="code"></span>
   1.975 +	  </span>
   1.976 +	  <span class="country-name vcardline">Switzerland</span>
   1.977 +	</span>
   1.978 +	<span class="vcardline">EMail: <a href="mailto:bernie.hoeneisen@pep.foundation">bernie.hoeneisen@pep.foundation</a></span>
   1.979 +
   1.980 +<span class="vcardline">URI: <a href="https://pep.foundation/">https://pep.foundation/</a></span>
   1.981 +
   1.982 +  </address>
   1.983 +</div>
   1.984 +
   1.985 +</body>
   1.986 +</html>
     2.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     2.2 +++ b/pep-rating/archive/draft-marques-pep-rating-03.txt	Wed Jan 08 18:37:13 2020 +0100
     2.3 @@ -0,0 +1,728 @@
     2.4 +
     2.5 +
     2.6 +
     2.7 +
     2.8 +Network Working Group                                         H. Marques
     2.9 +Internet-Draft                                              B. Hoeneisen
    2.10 +Intended status: Informational                            pEp Foundation
    2.11 +Expires: July 11, 2020                                  January 08, 2020
    2.12 +
    2.13 +
    2.14 +          pretty Easy privacy (pEp): Mapping of Privacy Rating
    2.15 +                      draft-marques-pep-rating-03
    2.16 +
    2.17 +Abstract
    2.18 +
    2.19 +   In many Opportunistic Security scenarios end-to-end encryption is
    2.20 +   automatized for Internet users.  In addition, it is often required to
    2.21 +   provide the users with easy means to carry out authentication.
    2.22 +
    2.23 +   Depending on several factors, each communication channel to different
    2.24 +   peers may have a different Privacy Status, e.g., unencrypted,
    2.25 +   encrypted and encrypted as well as authenticated.  Even each message
    2.26 +   from/to a single peer may have a different Privacy Status.
    2.27 +
    2.28 +   To display the actual Privacy Status to the user, this document
    2.29 +   defines a Privacy Rating scheme and its mapping to a traffic-light
    2.30 +   semantics.  A Privacy Status is defined on a per-message basis as
    2.31 +   well as on a per-identity basis.  The traffic-light semantics (as
    2.32 +   color rating) allows for a clear and easily understandable
    2.33 +   presentation to the user in order to optimize the User Experience
    2.34 +   (UX).
    2.35 +
    2.36 +   This rating system is most beneficial to Opportunistic Security
    2.37 +   scenarios and is already implemented in several applications of
    2.38 +   pretty Easy privacy (pEp).
    2.39 +
    2.40 +Status of This Memo
    2.41 +
    2.42 +   This Internet-Draft is submitted in full conformance with the
    2.43 +   provisions of BCP 78 and BCP 79.
    2.44 +
    2.45 +   Internet-Drafts are working documents of the Internet Engineering
    2.46 +   Task Force (IETF).  Note that other groups may also distribute
    2.47 +   working documents as Internet-Drafts.  The list of current Internet-
    2.48 +   Drafts is at https://datatracker.ietf.org/drafts/current/.
    2.49 +
    2.50 +   Internet-Drafts are draft documents valid for a maximum of six months
    2.51 +   and may be updated, replaced, or obsoleted by other documents at any
    2.52 +   time.  It is inappropriate to use Internet-Drafts as reference
    2.53 +   material or to cite them other than as "work in progress."
    2.54 +
    2.55 +   This Internet-Draft will expire on July 11, 2020.
    2.56 +
    2.57 +
    2.58 +
    2.59 +Marques & Hoeneisen       Expires July 11, 2020                 [Page 1]
    2.60 +
    2.61 +Internet-Draft      pretty Easy privacy (pEp) Rating        January 2020
    2.62 +
    2.63 +
    2.64 +Copyright Notice
    2.65 +
    2.66 +   Copyright (c) 2020 IETF Trust and the persons identified as the
    2.67 +   document authors.  All rights reserved.
    2.68 +
    2.69 +   This document is subject to BCP 78 and the IETF Trust's Legal
    2.70 +   Provisions Relating to IETF Documents
    2.71 +   (https://trustee.ietf.org/license-info) in effect on the date of
    2.72 +   publication of this document.  Please review these documents
    2.73 +   carefully, as they describe your rights and restrictions with respect
    2.74 +   to this document.  Code Components extracted from this document must
    2.75 +   include Simplified BSD License text as described in Section 4.e of
    2.76 +   the Trust Legal Provisions and are provided without warranty as
    2.77 +   described in the Simplified BSD License.
    2.78 +
    2.79 +Table of Contents
    2.80 +
    2.81 +   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
    2.82 +     1.1.  Requirements Language . . . . . . . . . . . . . . . . . .   4
    2.83 +     1.2.  Terms . . . . . . . . . . . . . . . . . . . . . . . . . .   4
    2.84 +   2.  Per-Message Privacy Rating  . . . . . . . . . . . . . . . . .   5
    2.85 +     2.1.  Rating Codes  . . . . . . . . . . . . . . . . . . . . . .   5
    2.86 +     2.2.  Color Codes . . . . . . . . . . . . . . . . . . . . . . .   5
    2.87 +     2.3.  Surjective Mapping of Rating Codes into Color Codes . . .   6
    2.88 +     2.4.  Semantics of Color and Rating Codes . . . . . . . . . . .   6
    2.89 +       2.4.1.  Red . . . . . . . . . . . . . . . . . . . . . . . . .   6
    2.90 +       2.4.2.  No Color  . . . . . . . . . . . . . . . . . . . . . .   7
    2.91 +       2.4.3.  Yellow  . . . . . . . . . . . . . . . . . . . . . . .   7
    2.92 +       2.4.4.  Green . . . . . . . . . . . . . . . . . . . . . . . .   7
    2.93 +   3.  Per-Identity Privacy Rating . . . . . . . . . . . . . . . . .   8
    2.94 +   4.  Security Considerations . . . . . . . . . . . . . . . . . . .   8
    2.95 +   5.  Privacy Considerations  . . . . . . . . . . . . . . . . . . .   8
    2.96 +   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   8
    2.97 +   7.  Implementation Status . . . . . . . . . . . . . . . . . . . .   8
    2.98 +     7.1.  Introduction  . . . . . . . . . . . . . . . . . . . . . .   9
    2.99 +     7.2.  Current software implementing pEp . . . . . . . . . . . .   9
   2.100 +   8.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .  10
   2.101 +   9.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  10
   2.102 +     9.1.  Normative References  . . . . . . . . . . . . . . . . . .  10
   2.103 +     9.2.  Informative References  . . . . . . . . . . . . . . . . .  10
   2.104 +   Appendix A.  Excerpts from the pEp Reference Implementation . . .  11
   2.105 +     A.1.  pEp rating  . . . . . . . . . . . . . . . . . . . . . . .  11
   2.106 +   Appendix B.  Document Changelog . . . . . . . . . . . . . . . . .  12
   2.107 +   Appendix C.  Open Issues  . . . . . . . . . . . . . . . . . . . .  12
   2.108 +   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  13
   2.109 +
   2.110 +
   2.111 +
   2.112 +
   2.113 +
   2.114 +
   2.115 +Marques & Hoeneisen       Expires July 11, 2020                 [Page 2]
   2.116 +
   2.117 +Internet-Draft      pretty Easy privacy (pEp) Rating        January 2020
   2.118 +
   2.119 +
   2.120 +1.  Introduction
   2.121 +
   2.122 +   In many Opportunistic Security [RFC7435] scenarios end-to-end
   2.123 +   encryption is automatized for Internet users.  In addition, it is
   2.124 +   often required to provide the users with easy means to carry out
   2.125 +   authentication.
   2.126 +
   2.127 +   Depending on several factors, each communication channel to different
   2.128 +   identities may have a different Privacy Status, e.g.
   2.129 +
   2.130 +   o  unreliable
   2.131 +
   2.132 +   o  encrypted
   2.133 +
   2.134 +   o  encrypted and authenticated
   2.135 +
   2.136 +   o  mistrusted
   2.137 +
   2.138 +   Even each message from or to a single peer may have a different
   2.139 +   Privacy Status.
   2.140 +
   2.141 +   To display the actual Privacy Status to the user, this document
   2.142 +   defines a Privacy Rating scheme and its mapping to a traffic-light
   2.143 +   semantics, i.e., a mapping to different color codes as used in a
   2.144 +   traffic-light:
   2.145 +
   2.146 +   o  red
   2.147 +
   2.148 +   o  yellow
   2.149 +
   2.150 +   o  green
   2.151 +
   2.152 +   o  no color (or gray)
   2.153 +
   2.154 +   Note: While "yellow" color is used in the context of traffic-lights
   2.155 +   (e.g., in North America), in other parts of the world (e.g., the UK)
   2.156 +   this is generally referred to as "orange" or "amber" lights.  For the
   2.157 +   scope of this document, "yellow", "amber", and "orange" refer to the
   2.158 +   same semantics.
   2.159 +
   2.160 +   A Privacy Status is defined on a per-message basis as well as on a
   2.161 +   per-identity basis.  The traffic-light semantics (as color rating)
   2.162 +   allows for a clear and easily understandable presentation to the user
   2.163 +   in order to optimize the User Experience (UX).  To serve also
   2.164 +   (color-)blind Internet users or those using monochrome displays, the
   2.165 +   traffic light color semantics may also be presented by simple texts
   2.166 +   and symbols for signaling the corresponding Privacy Status.
   2.167 +
   2.168 +
   2.169 +
   2.170 +
   2.171 +Marques & Hoeneisen       Expires July 11, 2020                 [Page 3]
   2.172 +
   2.173 +Internet-Draft      pretty Easy privacy (pEp) Rating        January 2020
   2.174 +
   2.175 +
   2.176 +   The proposed definitions are already implemented and used in
   2.177 +   applications of pretty Easy privacy (pEp) [I-D.birk-pep].  This
   2.178 +   document is targeted to applications based on the pEp framework and
   2.179 +   Opportunistic Security [RFC7435].  However, it may be also used in
   2.180 +   other applications as suitable.
   2.181 +
   2.182 +   Note: The pEp [I-D.birk-pep] framework proposes to automatize the use
   2.183 +   of end-to-end encryption for Internet users of email and other
   2.184 +   messaging applications and introduces methods to easily allow
   2.185 +   authentication.
   2.186 +
   2.187 +1.1.  Requirements Language
   2.188 +
   2.189 +   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   2.190 +   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   2.191 +   document are to be interpreted as described in [RFC2119].
   2.192 +
   2.193 +1.2.  Terms
   2.194 +
   2.195 +   The following terms are defined for the scope of this document:
   2.196 +
   2.197 +   o  pEp Handshake: The process of one user contacting another over an
   2.198 +      independent channel in order to verify Trustwords (or fingerprints
   2.199 +      as a fallback).  This can be done in-person or through established
   2.200 +      verbal communication channels, like a phone call.
   2.201 +      [I-D.marques-pep-handshake]
   2.202 +
   2.203 +   o  Trustwords: A scalar-to-word representation of 16-bit numbers (0
   2.204 +      to 65535) to natural language words.  When doing a Handshake,
   2.205 +      peers are shown combined Trustwords of both public keys involved
   2.206 +      to ease the comparison.  [I-D.birk-pep-trustwords]
   2.207 +
   2.208 +   o  Trust On First Use (TOFU): cf. [RFC7435], which states: "In a
   2.209 +      protocol, TOFU calls for accepting and storing a public key or
   2.210 +      credential associated with an asserted identity, without
   2.211 +      authenticating that assertion.  Subsequent communication that is
   2.212 +      authenticated using the cached key or credential is secure against
   2.213 +      an MiTM attack, if such an attack did not succeed during the
   2.214 +      vulnerable initial communication."
   2.215 +
   2.216 +   o  Man-in-the-middle (MITM) attack: cf. [RFC4949], which states: "A
   2.217 +      form of active wiretapping attack in which the attacker intercepts
   2.218 +      and selectively modifies communicated data to masquerade as one or
   2.219 +      more of the entities involved in a communication association."
   2.220 +
   2.221 +
   2.222 +
   2.223 +
   2.224 +
   2.225 +
   2.226 +
   2.227 +Marques & Hoeneisen       Expires July 11, 2020                 [Page 4]
   2.228 +
   2.229 +Internet-Draft      pretty Easy privacy (pEp) Rating        January 2020
   2.230 +
   2.231 +
   2.232 +2.  Per-Message Privacy Rating
   2.233 +
   2.234 +2.1.  Rating Codes
   2.235 +
   2.236 +   To rate messages (cf. also Appendix A.1), the following 13 Rating
   2.237 +   codes are defined as scalar values (decimal):
   2.238 +
   2.239 +                 +-------------+------------------------+
   2.240 +                 | Rating code |           Rating label |
   2.241 +                 +-------------+------------------------+
   2.242 +                 | -3          |           under attack |
   2.243 +                 |             |                        |
   2.244 +                 | -2          |                 broken |
   2.245 +                 |             |                        |
   2.246 +                 | -1          |               mistrust |
   2.247 +                 |             |                        |
   2.248 +                 | 0           |              undefined |
   2.249 +                 |             |                        |
   2.250 +                 | 1           |         cannot decrypt |
   2.251 +                 |             |                        |
   2.252 +                 | 2           |            have no key |
   2.253 +                 |             |                        |
   2.254 +                 | 3           |            unencrypted |
   2.255 +                 |             |                        |
   2.256 +                 | 4           |   unencrypted for some |
   2.257 +                 |             |                        |
   2.258 +                 | 5           |             unreliable |
   2.259 +                 |             |                        |
   2.260 +                 | 6           |               reliable |
   2.261 +                 |             |                        |
   2.262 +                 | 7           |                trusted |
   2.263 +                 |             |                        |
   2.264 +                 | 8           | trusted and anonymized |
   2.265 +                 |             |                        |
   2.266 +                 | 9           |        fully anonymous |
   2.267 +                 +-------------+------------------------+
   2.268 +
   2.269 +2.2.  Color Codes
   2.270 +
   2.271 +   For an Internet user to understand what the available Privacy Status
   2.272 +   is, the following colors (traffic-light semantics) are defined:
   2.273 +
   2.274 +
   2.275 +
   2.276 +
   2.277 +
   2.278 +
   2.279 +
   2.280 +
   2.281 +
   2.282 +
   2.283 +Marques & Hoeneisen       Expires July 11, 2020                 [Page 5]
   2.284 +
   2.285 +Internet-Draft      pretty Easy privacy (pEp) Rating        January 2020
   2.286 +
   2.287 +
   2.288 +                       +------------+-------------+
   2.289 +                       | Color code | Color label |
   2.290 +                       +------------+-------------+
   2.291 +                       | -1         |         red |
   2.292 +                       |            |             |
   2.293 +                       | 0          |    no color |
   2.294 +                       |            |             |
   2.295 +                       | 1          |      yellow |
   2.296 +                       |            |             |
   2.297 +                       | 2          |       green |
   2.298 +                       +------------+-------------+
   2.299 +
   2.300 +2.3.  Surjective Mapping of Rating Codes into Color Codes
   2.301 +
   2.302 +   Corresponding User Experience (UX) implementations use a surjective
   2.303 +   mapping of the Rating Codes into the Color Codes (in traffic light
   2.304 +   semantics) as follows:
   2.305 +
   2.306 +                +--------------+------------+-------------+
   2.307 +                | Rating codes | Color code | Color label |
   2.308 +                +--------------+------------+-------------+
   2.309 +                | -3 to -1     | -1         |         red |
   2.310 +                |              |            |             |
   2.311 +                | 0 to 5       | 0          |    no color |
   2.312 +                |              |            |             |
   2.313 +                | 6            | 1          |      yellow |
   2.314 +                |              |            |             |
   2.315 +                | 7 to 9       | 2          |       green |
   2.316 +                +--------------+------------+-------------+
   2.317 +
   2.318 +   This mapping is used in current pEp implementations to signal the
   2.319 +   Privacy Status (cf.  Section 7.2).
   2.320 +
   2.321 +2.4.  Semantics of Color and Rating Codes
   2.322 +
   2.323 +2.4.1.  Red
   2.324 +
   2.325 +   The red color MUST only be used in three cases:
   2.326 +
   2.327 +   o  Rating code -3: A man-in-the-middle (MITM) attack could be
   2.328 +      detected.
   2.329 +
   2.330 +   o  Rating code -2: The message was tempered with.
   2.331 +
   2.332 +   o  Rating code -1: The user explicitly states he mistrusts a peer,
   2.333 +      e.g., because a Handshake [I-D.marques-pep-handshake] mismatched
   2.334 +      or when the user learns the communication partner was attacked and
   2.335 +      might have gotten the corresponding secret key leaked.
   2.336 +
   2.337 +
   2.338 +
   2.339 +Marques & Hoeneisen       Expires July 11, 2020                 [Page 6]
   2.340 +
   2.341 +Internet-Draft      pretty Easy privacy (pEp) Rating        January 2020
   2.342 +
   2.343 +
   2.344 +2.4.2.  No Color
   2.345 +
   2.346 +   No specific (or a gray color) MUST be shown in the following cases:
   2.347 +
   2.348 +   o  Rating code 0: A message can be rendered, but the encryption
   2.349 +      status is not clear, i.e., undefined
   2.350 +
   2.351 +   o  Rating code 1: A message cannot be decrypted (because of an error
   2.352 +      not covered by rating code 2 below).
   2.353 +
   2.354 +   o  Rating code 2: No key is available to decrypt a message (because
   2.355 +      it was encrypted with a public key for which no secret key could
   2.356 +      be found).
   2.357 +
   2.358 +   o  Rating code 3: A message is received or sent out unencrypted
   2.359 +      (because it was received unencrypted or there's no public key to
   2.360 +      encrypt a message to a recipient).
   2.361 +
   2.362 +   o  Rating code 4: A message is sent out unencrypted for some of the
   2.363 +      recipients of a group (because there's at least one recipient in
   2.364 +      the group whose public key is not available to the sender).
   2.365 +
   2.366 +   o  Rating code 5: A message is encrypted, but cryptographic
   2.367 +      parameters (e.g., the cryptographic method employed or key length)
   2.368 +      are insufficient.
   2.369 +
   2.370 +2.4.3.  Yellow
   2.371 +
   2.372 +   o  Rating code 6: Whenever a message can be encrypted or decrypted
   2.373 +      with sufficient cryptographic parameters, it's considered
   2.374 +      reliable.  It is mapped into the yellow color code.
   2.375 +
   2.376 +2.4.4.  Green
   2.377 +
   2.378 +   o  Rating code 7: A message is mapped into the green color code only
   2.379 +      if a pEp handshake [I-D.marques-pep-handshake] was successfully
   2.380 +      carried out.
   2.381 +
   2.382 +   By consequence that means, that the pEp propositions don't strictly
   2.383 +   follow the TOFU (cf.  [RFC7435]) approach, in order to avoid
   2.384 +   signaling trust without peers verifying their channel first.
   2.385 +
   2.386 +   In current pEp implementations (cf.  Section 7) only rating code 7 is
   2.387 +   achieved.
   2.388 +
   2.389 +   The rating codes 8 and 9 are reserved for future use in pEp
   2.390 +   implementations which also secure meta-data (rating code 8), by using
   2.391 +   a peer-to-peer framework like GNUnet [GNUnet], and/or allow for fully
   2.392 +
   2.393 +
   2.394 +
   2.395 +Marques & Hoeneisen       Expires July 11, 2020                 [Page 7]
   2.396 +
   2.397 +Internet-Draft      pretty Easy privacy (pEp) Rating        January 2020
   2.398 +
   2.399 +
   2.400 +   anonymous communications (rating code 9), where sender and receiver
   2.401 +   don't know each other, but trust between the endpoints could be
   2.402 +   established nevertheless.
   2.403 +
   2.404 +3.  Per-Identity Privacy Rating
   2.405 +
   2.406 +   The same Color Codes (red, no color, yellow and green) as for
   2.407 +   messages (cf.  Section 2.2) MUST be applied for identities (peers),
   2.408 +   so that a user can easily understand, which identities private
   2.409 +   communication is possible with.
   2.410 +
   2.411 +   The green color code MUST be applied to an identity whom the pEp
   2.412 +   handshake [I-D.marques-pep-handshake] was successfully carried out
   2.413 +   with.
   2.414 +
   2.415 +   The yellow color code MUST be set whenever a public key could be
   2.416 +   obtained to securely encrypt messages to an identity, although a MITM
   2.417 +   attack cannot be excluded.
   2.418 +
   2.419 +   The no color code MUST be used for the case that no public key is
   2.420 +   available to engage in private communications with an identity.
   2.421 +
   2.422 +   The red color code MUST only be used when an identity is marked as
   2.423 +   mistrusted.
   2.424 +
   2.425 +   [[ It's not yet clear if there are proper cases where it makes sense
   2.426 +   to set an identity automatically to the red color code, as it appears
   2.427 +   to be difficult to detect attacks (e.g., secret key leakage) at the
   2.428 +   other endpoint with certainty.  ]]
   2.429 +
   2.430 +4.  Security Considerations
   2.431 +
   2.432 +   [[ TODO ]]
   2.433 +
   2.434 +5.  Privacy Considerations
   2.435 +
   2.436 +   [[ TODO ]]
   2.437 +
   2.438 +6.  IANA Considerations
   2.439 +
   2.440 +   This document has no actions for IANA.
   2.441 +
   2.442 +7.  Implementation Status
   2.443 +
   2.444 +
   2.445 +
   2.446 +
   2.447 +
   2.448 +
   2.449 +
   2.450 +
   2.451 +Marques & Hoeneisen       Expires July 11, 2020                 [Page 8]
   2.452 +
   2.453 +Internet-Draft      pretty Easy privacy (pEp) Rating        January 2020
   2.454 +
   2.455 +
   2.456 +7.1.  Introduction
   2.457 +
   2.458 +   This section records the status of known implementations of the
   2.459 +   protocol defined by this specification at the time of posting of this
   2.460 +   Internet-Draft, and is based on a proposal described in [RFC7942].
   2.461 +   The description of implementations in this section is intended to
   2.462 +   assist the IETF in its decision processes in progressing drafts to
   2.463 +   RFCs.  Please note that the listing of any individual implementation
   2.464 +   here does not imply endorsement by the IETF.  Furthermore, no effort
   2.465 +   has been spent to verify the information presented here that was
   2.466 +   supplied by IETF contributors.  This is not intended as, and must not
   2.467 +   be construed to be, a catalog of available implementations or their
   2.468 +   features.  Readers are advised to note that other implementations may
   2.469 +   exist.
   2.470 +
   2.471 +   According to [RFC7942], "[...] this will allow reviewers and working
   2.472 +   groups to assign due consideration to documents that have the benefit
   2.473 +   of running code, which may serve as evidence of valuable
   2.474 +   experimentation and feedback that have made the implemented protocols
   2.475 +   more mature.  It is up to the individual working groups to use this
   2.476 +   information as they see fit."
   2.477 +
   2.478 +7.2.  Current software implementing pEp
   2.479 +
   2.480 +   The following software implementing the pEp protocols (to varying
   2.481 +   degrees) already exists:
   2.482 +
   2.483 +   o  pEp for Outlook as add-on for Microsoft Outlook, release
   2.484 +      [SRC.pepforoutlook]
   2.485 +
   2.486 +   o  pEp for Android (based on a fork of the K9 MUA), release
   2.487 +      [SRC.pepforandroid]
   2.488 +
   2.489 +   o  Enigmail/pEp as add-on for Mozilla Thunderbird, release
   2.490 +      [SRC.enigmailpep]
   2.491 +
   2.492 +   o  pEp for iOS (implemented in a new MUA), beta [SRC.pepforios]
   2.493 +
   2.494 +   pEp for Android, iOS and Outlook are provided by pEp Security, a
   2.495 +   commercial entity specializing in end-user software implementing pEp
   2.496 +   while Enigmail/pEp is pursued as community project, supported by the
   2.497 +   pEp Foundation.
   2.498 +
   2.499 +   All software is available as Free Software and published also in
   2.500 +   source form.
   2.501 +
   2.502 +
   2.503 +
   2.504 +
   2.505 +
   2.506 +
   2.507 +Marques & Hoeneisen       Expires July 11, 2020                 [Page 9]
   2.508 +
   2.509 +Internet-Draft      pretty Easy privacy (pEp) Rating        January 2020
   2.510 +
   2.511 +
   2.512 +8.  Acknowledgements
   2.513 +
   2.514 +   The authors would like to thank the following people who have
   2.515 +   provided feedback or significant contributions to the development of
   2.516 +   this document: Leon Schumacher and Volker Birk
   2.517 +
   2.518 +   This work was initially created by pEp Foundation, and then reviewed
   2.519 +   and extended with funding by the Internet Society's Beyond the Net
   2.520 +   Programme on standardizing pEp.  [ISOC.bnet]
   2.521 +
   2.522 +9.  References
   2.523 +
   2.524 +9.1.  Normative References
   2.525 +
   2.526 +   [I-D.birk-pep]
   2.527 +              Birk, V., Marques, H., and B. Hoeneisen, "pretty Easy
   2.528 +              privacy (pEp): Privacy by Default", draft-birk-pep-05
   2.529 +              (work in progress), November 2019.
   2.530 +
   2.531 +   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
   2.532 +              Requirement Levels", BCP 14, RFC 2119,
   2.533 +              DOI 10.17487/RFC2119, March 1997,
   2.534 +              <https://www.rfc-editor.org/info/rfc2119>.
   2.535 +
   2.536 +   [RFC4949]  Shirey, R., "Internet Security Glossary, Version 2",
   2.537 +              FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007,
   2.538 +              <https://www.rfc-editor.org/info/rfc4949>.
   2.539 +
   2.540 +   [RFC7435]  Dukhovni, V., "Opportunistic Security: Some Protection
   2.541 +              Most of the Time", RFC 7435, DOI 10.17487/RFC7435,
   2.542 +              December 2014, <https://www.rfc-editor.org/info/rfc7435>.
   2.543 +
   2.544 +9.2.  Informative References
   2.545 +
   2.546 +   [GNUnet]   Grothoff, C., "The GNUnet System", October 2017,
   2.547 +              <https://grothoff.org/christian/habil.pdf>.
   2.548 +
   2.549 +   [I-D.birk-pep-trustwords]
   2.550 +              Hoeneisen, B. and H. Marques, "IANA Registration of
   2.551 +              Trustword Lists: Guide, Template and IANA Considerations",
   2.552 +              draft-birk-pep-trustwords-04 (work in progress), July
   2.553 +              2019.
   2.554 +
   2.555 +   [I-D.marques-pep-handshake]
   2.556 +              Marques, H. and B. Hoeneisen, "pretty Easy privacy (pEp):
   2.557 +              Contact and Channel Authentication through Handshake",
   2.558 +              draft-marques-pep-handshake-03 (work in progress), July
   2.559 +              2019.
   2.560 +
   2.561 +
   2.562 +
   2.563 +Marques & Hoeneisen       Expires July 11, 2020                [Page 10]
   2.564 +
   2.565 +Internet-Draft      pretty Easy privacy (pEp) Rating        January 2020
   2.566 +
   2.567 +
   2.568 +   [ISOC.bnet]
   2.569 +              Simao, I., "Beyond the Net. 12 Innovative Projects
   2.570 +              Selected for Beyond the Net Funding. Implementing Privacy
   2.571 +              via Mass Encryption: Standardizing pretty Easy privacy's
   2.572 +              protocols", June 2017, <https://www.internetsociety.org/
   2.573 +              blog/2017/06/12-innovative-projects-selected-for-beyond-
   2.574 +              the-net-funding/>.
   2.575 +
   2.576 +   [RFC7942]  Sheffer, Y. and A. Farrel, "Improving Awareness of Running
   2.577 +              Code: The Implementation Status Section", BCP 205,
   2.578 +              RFC 7942, DOI 10.17487/RFC7942, July 2016,
   2.579 +              <https://www.rfc-editor.org/info/rfc7942>.
   2.580 +
   2.581 +   [SRC.enigmailpep]
   2.582 +              "Source code for Enigmail/pEp", July 2019,
   2.583 +              <https://enigmail.net/index.php/en/download/source-code>.
   2.584 +
   2.585 +   [SRC.pepforandroid]
   2.586 +              "Source code for pEp for Android", July 2019,
   2.587 +              <https://pep-security.lu/gitlab/android/pep>.
   2.588 +
   2.589 +   [SRC.pepforios]
   2.590 +              "Source code for pEp for iOS", July 2019,
   2.591 +              <https://pep-security.ch/dev/repos/pEp_for_iOS/>.
   2.592 +
   2.593 +   [SRC.pepforoutlook]
   2.594 +              "Source code for pEp for Outlook", July 2019,
   2.595 +              <https://pep-security.lu/dev/repos/pEp_for_Outlook/>.
   2.596 +
   2.597 +Appendix A.  Excerpts from the pEp Reference Implementation
   2.598 +
   2.599 +   This section provides excerpts of the running code from the pEp
   2.600 +   reference implementation pEp engine (C99 programming language).
   2.601 +
   2.602 +A.1.  pEp rating
   2.603 +
   2.604 +   From the reference implementation by the pEp foundation, src/
   2.605 +   message_api.h:
   2.606 +
   2.607 +
   2.608 +
   2.609 +
   2.610 +
   2.611 +
   2.612 +
   2.613 +
   2.614 +
   2.615 +
   2.616 +
   2.617 +
   2.618 +
   2.619 +Marques & Hoeneisen       Expires July 11, 2020                [Page 11]
   2.620 +
   2.621 +Internet-Draft      pretty Easy privacy (pEp) Rating        January 2020
   2.622 +
   2.623 +
   2.624 +         typedef enum _PEP_rating {
   2.625 +             PEP_rating_undefined = 0,
   2.626 +             PEP_rating_cannot_decrypt,
   2.627 +             PEP_rating_have_no_key,
   2.628 +             PEP_rating_unencrypted,
   2.629 +             PEP_rating_unencrypted_for_some,
   2.630 +             PEP_rating_unreliable,
   2.631 +             PEP_rating_reliable,
   2.632 +             PEP_rating_trusted,
   2.633 +             PEP_rating_trusted_and_anonymized,
   2.634 +             PEP_rating_fully_anonymous,
   2.635 +
   2.636 +             PEP_rating_mistrust = -1,
   2.637 +             PEP_rating_b0rken = -2,
   2.638 +             PEP_rating_under_attack = -3
   2.639 +         } PEP_rating;
   2.640 +
   2.641 +Appendix B.  Document Changelog
   2.642 +
   2.643 +   [[ RFC Editor: This section is to be removed before publication ]]
   2.644 +
   2.645 +   o  draft-marques-pep-rating-03:
   2.646 +
   2.647 +      *  Updates terms and references; other minor changes
   2.648 +
   2.649 +   o  draft-marques-pep-rating-02:
   2.650 +
   2.651 +      *  Add Privacy and IANA Considerations sections
   2.652 +
   2.653 +      *  Updated Terms
   2.654 +
   2.655 +   o  draft-marques-pep-rating-01:
   2.656 +
   2.657 +      *  Update references
   2.658 +
   2.659 +      *  Minor edits
   2.660 +
   2.661 +   o  draft-marques-pep-rating-00:
   2.662 +
   2.663 +      *  Initial version
   2.664 +
   2.665 +Appendix C.  Open Issues
   2.666 +
   2.667 +   [[ RFC Editor: This section should be empty and is to be removed
   2.668 +   before publication ]]
   2.669 +
   2.670 +   o  Better explain usage of Color Codes in Per-Identity Privacy Rating
   2.671 +
   2.672 +
   2.673 +
   2.674 +
   2.675 +Marques & Hoeneisen       Expires July 11, 2020                [Page 12]
   2.676 +
   2.677 +Internet-Draft      pretty Easy privacy (pEp) Rating        January 2020
   2.678 +
   2.679 +
   2.680 +   o  Decide whether rating code scalars 6 and 7-9 should be raised to
   2.681 +      leave space for future extensions
   2.682 +
   2.683 +   o  Add Security Considerations
   2.684 +
   2.685 +   o  Add more source code excerpts to Appendix
   2.686 +
   2.687 +   o  Add rating codes for secure cryptographic methods and parameters
   2.688 +      and reference them
   2.689 +
   2.690 +Authors' Addresses
   2.691 +
   2.692 +   Hernani Marques
   2.693 +   pEp Foundation
   2.694 +   Oberer Graben 4
   2.695 +   CH-8400 Winterthur
   2.696 +   Switzerland
   2.697 +
   2.698 +   Email: hernani.marques@pep.foundation
   2.699 +   URI:   https://pep.foundation/
   2.700 +
   2.701 +
   2.702 +   Bernie Hoeneisen
   2.703 +   pEp Foundation
   2.704 +   Oberer Graben 4
   2.705 +   CH-8400 Winterthur
   2.706 +   Switzerland
   2.707 +
   2.708 +   Email: bernie.hoeneisen@pep.foundation
   2.709 +   URI:   https://pep.foundation/
   2.710 +
   2.711 +
   2.712 +
   2.713 +
   2.714 +
   2.715 +
   2.716 +
   2.717 +
   2.718 +
   2.719 +
   2.720 +
   2.721 +
   2.722 +
   2.723 +
   2.724 +
   2.725 +
   2.726 +
   2.727 +
   2.728 +
   2.729 +
   2.730 +
   2.731 +Marques & Hoeneisen       Expires July 11, 2020                [Page 13]
     3.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     3.2 +++ b/pep-rating/archive/draft-marques-pep-rating-03.xml	Wed Jan 08 18:37:13 2020 +0100
     3.3 @@ -0,0 +1,880 @@
     3.4 +<?xml version="1.0" encoding="utf-8"?>
     3.5 +  <?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
     3.6 +  <!-- generated by https://github.com/cabo/kramdown-rfc2629 version  -->
     3.7 +
     3.8 +<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
     3.9 +]>
    3.10 +
    3.11 +<?rfc toc="yes"?>
    3.12 +<?rfc sortrefs="yes"?>
    3.13 +<?rfc symrefs="yes"?>
    3.14 +<?rfc comments="yes"?>
    3.15 +
    3.16 +<rfc docName="draft-marques-pep-rating-03" category="info">
    3.17 +
    3.18 +  <front>
    3.19 +    <title abbrev="pretty Easy privacy (pEp) Rating">pretty Easy privacy (pEp): Mapping of Privacy Rating</title>
    3.20 +
    3.21 +    <author initials="H." surname="Marques" fullname="Hernani Marques">
    3.22 +      <organization>pEp Foundation</organization>
    3.23 +      <address>
    3.24 +        <postal>
    3.25 +          <street>Oberer Graben 4</street>
    3.26 +          <city>CH-8400 Winterthur</city>
    3.27 +          <country>Switzerland</country>
    3.28 +        </postal>
    3.29 +        <email>hernani.marques@pep.foundation</email>
    3.30 +        <uri>https://pep.foundation/</uri>
    3.31 +      </address>
    3.32 +    </author>
    3.33 +    <author initials="B." surname="Hoeneisen" fullname="Bernie Hoeneisen">
    3.34 +      <organization>pEp Foundation</organization>
    3.35 +      <address>
    3.36 +        <postal>
    3.37 +          <street>Oberer Graben 4</street>
    3.38 +          <city>CH-8400 Winterthur</city>
    3.39 +          <country>Switzerland</country>
    3.40 +        </postal>
    3.41 +        <email>bernie.hoeneisen@pep.foundation</email>
    3.42 +        <uri>https://pep.foundation/</uri>
    3.43 +      </address>
    3.44 +    </author>
    3.45 +
    3.46 +    <date year="2020" month="January" day="08"/>
    3.47 +
    3.48 +    
    3.49 +    
    3.50 +    
    3.51 +
    3.52 +    <abstract>
    3.53 +
    3.54 +
    3.55 +<t>In many Opportunistic Security scenarios end-to-end encryption is
    3.56 +automatized for Internet users. In addition, it is often required to
    3.57 +provide the users with easy means to carry out authentication.</t>
    3.58 +
    3.59 +<t>Depending on several factors, each communication channel to different
    3.60 +peers may have a different Privacy Status, e.g., unencrypted,
    3.61 +encrypted and encrypted as well as authenticated. Even each message from/to
    3.62 +a single peer may have a different Privacy Status.</t>
    3.63 +
    3.64 +<t>To display the actual Privacy Status to the user, this document
    3.65 +defines a Privacy Rating scheme and its mapping to a traffic-light
    3.66 +semantics. A Privacy Status is defined on a per-message basis as well
    3.67 +as on a per-identity basis. The traffic-light semantics (as color rating) 
    3.68 +allows for a clear and easily understandable presentation to the user 
    3.69 +in order to optimize the User Experience (UX).</t>
    3.70 +
    3.71 +<t>This rating system is most beneficial to Opportunistic Security
    3.72 +scenarios and is already implemented in several applications of pretty
    3.73 +Easy privacy (pEp).</t>
    3.74 +
    3.75 +
    3.76 +
    3.77 +    </abstract>
    3.78 +
    3.79 +
    3.80 +  </front>
    3.81 +
    3.82 +  <middle>
    3.83 +
    3.84 +
    3.85 +<section anchor="introduction" title="Introduction">
    3.86 +
    3.87 +<t>In many Opportunistic Security <xref target="RFC7435"/> scenarios end-to-end
    3.88 +encryption is automatized for Internet users. In addition, it is often
    3.89 +required to provide the users with easy means to carry out
    3.90 +authentication.</t>
    3.91 +
    3.92 +<t>Depending on several factors, each communication channel to different
    3.93 +identities may have a different Privacy Status, e.g.</t>
    3.94 +
    3.95 +<t><list style="symbols">
    3.96 +  <t>unreliable</t>
    3.97 +  <t>encrypted</t>
    3.98 +  <t>encrypted and authenticated</t>
    3.99 +  <t>mistrusted</t>
   3.100 +</list></t>
   3.101 +
   3.102 +<t>Even each message from or to a single peer may have a different
   3.103 +Privacy Status.</t>
   3.104 +
   3.105 +<t>To display the actual Privacy Status to the user, this document
   3.106 +defines a Privacy Rating scheme and its mapping to a traffic-light
   3.107 +semantics, i.e., a mapping to different color codes as used in a
   3.108 +traffic-light:</t>
   3.109 +
   3.110 +<t><list style="symbols">
   3.111 +  <t>red</t>
   3.112 +  <t>yellow</t>
   3.113 +  <t>green</t>
   3.114 +  <t>no color (or gray)</t>
   3.115 +</list></t>
   3.116 +
   3.117 +<t>Note: While “yellow” color is used in the context of traffic-lights
   3.118 +(e.g., in North America), in other parts of the world (e.g., the UK)
   3.119 +this is generally referred to as “orange” or “amber” lights. For the
   3.120 +scope of this document, “yellow”, “amber”, and “orange” refer to the
   3.121 +same semantics.</t>
   3.122 +
   3.123 +<t>A Privacy Status is defined on a per-message basis as well as on a
   3.124 +per-identity basis. The traffic-light semantics (as color rating)
   3.125 +allows for a clear and easily understandable presentation to the user
   3.126 +in order to optimize the User Experience (UX). To serve also
   3.127 +(color-)blind Internet users or those using monochrome displays, the
   3.128 +traffic light color semantics may also be presented by simple texts
   3.129 +and symbols for signaling the corresponding Privacy Status.</t>
   3.130 +
   3.131 +<t>The proposed definitions are already implemented and used in
   3.132 +applications of pretty Easy privacy (pEp) <xref target="I-D.birk-pep"/>. This
   3.133 +document is targeted to applications based on the pEp framework and
   3.134 +Opportunistic Security <xref target="RFC7435"/>. However, it may be also used in
   3.135 +other applications as suitable.</t>
   3.136 +
   3.137 +<t>Note: The pEp <xref target="I-D.birk-pep"/> framework proposes to automatize the
   3.138 +use of end-to-end encryption for Internet users of email and other
   3.139 +messaging applications and introduces methods to easily allow
   3.140 +authentication.</t>
   3.141 +
   3.142 +<section anchor="requirements-language" title="Requirements Language">
   3.143 +
   3.144 +<t>The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”,
   3.145 +“SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in this
   3.146 +document are to be interpreted as described in <xref target="RFC2119"/>.</t>
   3.147 +
   3.148 +</section>
   3.149 +<section anchor="terms" title="Terms">
   3.150 +
   3.151 +<t>The following terms are defined for the scope of this document:</t>
   3.152 +
   3.153 +<t><list style="symbols">
   3.154 +  <t>pEp Handshake: The process of one user contacting another over an
   3.155 +independent channel in order to verify Trustwords (or fingerprints
   3.156 +as a fallback). This can be done in-person or through established
   3.157 +verbal communication channels, like a phone
   3.158 +call. <xref target="I-D.marques-pep-handshake"/></t>
   3.159 +  <t>Trustwords: A scalar-to-word representation of 16-bit numbers (0 to
   3.160 +65535) to natural language words. When doing a Handshake, peers are
   3.161 +shown combined Trustwords of both public keys involved to ease the
   3.162 +comparison. <xref target="I-D.birk-pep-trustwords"/></t>
   3.163 +</list></t>
   3.164 +
   3.165 +<!--
   3.166 +
   3.167 +[KRB] If my suggestions above are kept [[pEp Handshake]], there is no
   3.168 +need to have the second sentence about the Handshake, as it's already
   3.169 +been related in the Handshake definition.
   3.170 +
   3.171 +-->
   3.172 +
   3.173 +<t><list style="symbols">
   3.174 +  <t>Trust On First Use (TOFU): cf. <xref target="RFC7435"/>, which states: “In a
   3.175 +protocol, TOFU calls for accepting and storing a public key or
   3.176 +credential associated with an asserted identity, without
   3.177 +authenticating that assertion. Subsequent communication that is
   3.178 +authenticated using the cached key or credential is secure against
   3.179 +an MiTM attack, if such an attack did not succeed during the
   3.180 +vulnerable initial communication.”</t>
   3.181 +</list></t>
   3.182 +
   3.183 +<!-- TODO: Make clear that we use TOFU without T. -->
   3.184 +
   3.185 +<t><list style="symbols">
   3.186 +  <t>Man-in-the-middle (MITM) attack: cf. <xref target="RFC4949"/>, which states: “A
   3.187 +form of active wiretapping attack in which the attacker intercepts
   3.188 +and selectively modifies communicated data to masquerade as one or
   3.189 +more of the entities involved in a communication association.”</t>
   3.190 +</list></t>
   3.191 +
   3.192 +</section>
   3.193 +</section>
   3.194 +<section anchor="per-message-privacy-rating" title="Per-Message Privacy Rating">
   3.195 +
   3.196 +<section anchor="rating-codes" title="Rating Codes">
   3.197 +
   3.198 +<t>To rate messages (cf. also <xref target="pep-rating"/>), the following 13 Rating
   3.199 +codes are defined as scalar values (decimal):</t>
   3.200 +
   3.201 +<texttable>
   3.202 +      <ttcol align='left'>Rating code</ttcol>
   3.203 +      <ttcol align='right'>Rating label</ttcol>
   3.204 +      <c>-3</c>
   3.205 +      <c>under attack</c>
   3.206 +      <c>-2</c>
   3.207 +      <c>broken</c>
   3.208 +      <c>-1</c>
   3.209 +      <c>mistrust</c>
   3.210 +      <c>0</c>
   3.211 +      <c>undefined</c>
   3.212 +      <c>1</c>
   3.213 +      <c>cannot decrypt</c>
   3.214 +      <c>2</c>
   3.215 +      <c>have no key</c>
   3.216 +      <c>3</c>
   3.217 +      <c>unencrypted</c>
   3.218 +      <c>4</c>
   3.219 +      <c>unencrypted for some</c>
   3.220 +      <c>5</c>
   3.221 +      <c>unreliable</c>
   3.222 +      <c>6</c>
   3.223 +      <c>reliable</c>
   3.224 +      <c>7</c>
   3.225 +      <c>trusted</c>
   3.226 +      <c>8</c>
   3.227 +      <c>trusted and anonymized</c>
   3.228 +      <c>9</c>
   3.229 +      <c>fully anonymous</c>
   3.230 +</texttable>
   3.231 +
   3.232 +</section>
   3.233 +<section anchor="color-codes" title="Color Codes">
   3.234 +
   3.235 +<t>For an Internet user to understand what the available Privacy Status
   3.236 +is, the following colors (traffic-light semantics) are defined:</t>
   3.237 +
   3.238 +<texttable>
   3.239 +      <ttcol align='left'>Color code</ttcol>
   3.240 +      <ttcol align='right'>Color label</ttcol>
   3.241 +      <c>-1</c>
   3.242 +      <c>red</c>
   3.243 +      <c>0</c>
   3.244 +      <c>no color</c>
   3.245 +      <c>1</c>
   3.246 +      <c>yellow</c>
   3.247 +      <c>2</c>
   3.248 +      <c>green</c>
   3.249 +</texttable>
   3.250 +
   3.251 +</section>
   3.252 +<section anchor="surjective-mapping-of-rating-codes-into-color-codes" title="Surjective Mapping of Rating Codes into Color Codes">
   3.253 +
   3.254 +<t>Corresponding User Experience (UX) implementations use a surjective
   3.255 +mapping of the Rating Codes into the Color Codes (in traffic light
   3.256 +semantics) as follows:</t>
   3.257 +
   3.258 +<texttable>
   3.259 +      <ttcol align='left'>Rating codes</ttcol>
   3.260 +      <ttcol align='left'>Color code</ttcol>
   3.261 +      <ttcol align='right'>Color label</ttcol>
   3.262 +      <c>-3 to -1</c>
   3.263 +      <c>-1</c>
   3.264 +      <c>red</c>
   3.265 +      <c>0 to 5</c>
   3.266 +      <c>0</c>
   3.267 +      <c>no color</c>
   3.268 +      <c>6</c>
   3.269 +      <c>1</c>
   3.270 +      <c>yellow</c>
   3.271 +      <c>7 to 9</c>
   3.272 +      <c>2</c>
   3.273 +      <c>green</c>
   3.274 +</texttable>
   3.275 +
   3.276 +<t>This mapping is used in current pEp implementations to signal the
   3.277 +Privacy Status (cf. <xref target="current-software-implementing-pep"/>).</t>
   3.278 +
   3.279 +</section>
   3.280 +<section anchor="semantics-of-color-and-rating-codes" title="Semantics of Color and Rating Codes">
   3.281 +
   3.282 +<section anchor="red" title="Red">
   3.283 +
   3.284 +<t>The red color MUST only be used in three cases:</t>
   3.285 +
   3.286 +<t><list style="symbols">
   3.287 +  <t>Rating code -3: A man-in-the-middle (MITM) attack could be detected.</t>
   3.288 +  <t>Rating code -2: The message was tempered with.</t>
   3.289 +  <t>Rating code -1: The user explicitly states he mistrusts a peer,
   3.290 +e.g., because a Handshake <xref target="I-D.marques-pep-handshake"/> mismatched
   3.291 +or when the user learns the communication partner was attacked and might
   3.292 +have gotten the corresponding secret key leaked.</t>
   3.293 +</list></t>
   3.294 +
   3.295 +</section>
   3.296 +<section anchor="no-color" title="No Color">
   3.297 +
   3.298 +<t>No specific (or a gray color) MUST be shown in the following cases:</t>
   3.299 +
   3.300 +<t><list style="symbols">
   3.301 +  <t>Rating code 0: A message can be rendered, but the encryption status
   3.302 +is not clear, i.e., undefined</t>
   3.303 +  <t>Rating code 1: A message cannot be decrypted (because of an error
   3.304 +not covered by rating code 2 below).</t>
   3.305 +  <t>Rating code 2: No key is available to decrypt a message (because it
   3.306 +was encrypted with a public key for which no secret key could be
   3.307 +found).</t>
   3.308 +  <t>Rating code 3: A message is received or sent out unencrypted
   3.309 +(because it was received unencrypted or there’s no public key to
   3.310 +encrypt a message to a recipient).</t>
   3.311 +  <t>Rating code 4: A message is sent out unencrypted for some of the
   3.312 +recipients of a group (because there’s at least one recipient in
   3.313 +the group whose public key is not available to the sender).</t>
   3.314 +  <t>Rating code 5: A message is encrypted, but cryptographic parameters
   3.315 +(e.g., the cryptographic method employed or key length) are
   3.316 +insufficient.</t>
   3.317 +</list></t>
   3.318 +
   3.319 +</section>
   3.320 +<section anchor="yellow" title="Yellow">
   3.321 +
   3.322 +<t><list style="symbols">
   3.323 +  <t>Rating code 6: Whenever a message can be encrypted or decrypted with
   3.324 +sufficient cryptographic parameters, it’s considered reliable. It
   3.325 +is mapped into the yellow color code.</t>
   3.326 +</list></t>
   3.327 +
   3.328 +</section>
   3.329 +<section anchor="green" title="Green">
   3.330 +
   3.331 +<t><list style="symbols">
   3.332 +  <t>Rating code 7: A message is mapped into the green color code
   3.333 +only if a pEp handshake <xref target="I-D.marques-pep-handshake"/> was
   3.334 +successfully carried out.</t>
   3.335 +</list></t>
   3.336 +
   3.337 +<t>By consequence that means, that the pEp propositions don’t strictly
   3.338 +follow the TOFU (cf. <xref target="RFC7435"/>) approach, in order to avoid
   3.339 +signaling trust without peers verifying their channel first.</t>
   3.340 +
   3.341 +<t>In current pEp implementations (cf. <xref target="implementation-status"/>) only
   3.342 +rating code 7 is achieved.</t>
   3.343 +
   3.344 +<t>The rating codes 8 and 9 are reserved for future use in pEp
   3.345 +implementations which also secure meta-data (rating code 8), by using
   3.346 +a peer-to-peer framework like GNUnet <xref target="GNUnet"/>, and/or allow for
   3.347 +fully anonymous communications (rating code 9), where sender and
   3.348 +receiver don’t know each other, but trust between the endpoints could
   3.349 +be established nevertheless.</t>
   3.350 +
   3.351 +</section>
   3.352 +</section>
   3.353 +</section>
   3.354 +<section anchor="per-identity-privacy-rating" title="Per-Identity Privacy Rating">
   3.355 +
   3.356 +<t>The same Color Codes (red, no color, yellow and green) as for messages
   3.357 +(cf. <xref target="color-codes"/>) MUST be applied for identities (peers), so that
   3.358 +a user can easily understand, which identities private communication
   3.359 +is possible with.</t>
   3.360 +
   3.361 +<t>The green color code MUST be applied to an identity whom the pEp
   3.362 +handshake <xref target="I-D.marques-pep-handshake"/> was successfully carried out
   3.363 +with.</t>
   3.364 +
   3.365 +<t>The yellow color code MUST be set whenever a public key could be
   3.366 +obtained to securely encrypt messages to an identity, although a
   3.367 +MITM attack cannot be excluded.</t>
   3.368 +
   3.369 +<t>The no color code MUST be used for the case that no public key is
   3.370 +available to engage in private communications with an identity.</t>
   3.371 +
   3.372 +<t>The red color code MUST only be used when an identity is marked as
   3.373 +mistrusted.</t>
   3.374 +
   3.375 +<t>[[ It’s not yet clear if there are proper cases where it makes sense
   3.376 +     to set an identity automatically to the red color code, as it
   3.377 +     appears to be difficult to detect attacks (e.g., secret key
   3.378 +     leakage) at the other endpoint with certainty.  ]]</t>
   3.379 +
   3.380 +</section>
   3.381 +<section anchor="security-considerations" title="Security Considerations">
   3.382 +
   3.383 +<t>[[ TODO ]]</t>
   3.384 +
   3.385 +</section>
   3.386 +<section anchor="privacy-considerations" title="Privacy Considerations">
   3.387 +
   3.388 +<t>[[ TODO ]]</t>
   3.389 +
   3.390 +</section>
   3.391 +<section anchor="iana-considerations" title="IANA Considerations">
   3.392 +
   3.393 +<t>This document has no actions for IANA.</t>
   3.394 +
   3.395 +</section>
   3.396 +<section anchor="implementation-status" title="Implementation Status">
   3.397 +
   3.398 +<section anchor="introduction-1" title="Introduction">
   3.399 +
   3.400 +<t>This section records the status of known implementations of the
   3.401 +protocol defined by this specification at the time of posting of this
   3.402 +Internet-Draft, and is based on a proposal described in <xref target="RFC7942"/>.
   3.403 +The description of implementations in this section is intended to
   3.404 +assist the IETF in its decision processes in progressing drafts to
   3.405 +RFCs. Please note that the listing of any individual implementation
   3.406 +here does not imply endorsement by the IETF. Furthermore, no effort
   3.407 +has been spent to verify the information presented here that was
   3.408 +supplied by IETF contributors.  This is not intended as, and must not
   3.409 +be construed to be, a catalog of available implementations or their
   3.410 +features. Readers are advised to note that other implementations may
   3.411 +exist.</t>
   3.412 +
   3.413 +<t>According to <xref target="RFC7942"/>, “[…] this will allow reviewers and
   3.414 +working groups to assign due consideration to documents that have the
   3.415 +benefit of running code, which may serve as evidence of valuable
   3.416 +experimentation and feedback that have made the implemented protocols
   3.417 +more mature. It is up to the individual working groups to use this
   3.418 +information as they see fit.”</t>
   3.419 +
   3.420 +</section>
   3.421 +<section anchor="current-software-implementing-pep" title="Current software implementing pEp">
   3.422 +
   3.423 +<t>The following software implementing the pEp protocols (to varying
   3.424 +degrees) already exists:</t>
   3.425 +
   3.426 +<t><list style="symbols">
   3.427 +  <t>pEp for Outlook as add-on for Microsoft Outlook, release <xref target="SRC.pepforoutlook"/></t>
   3.428 +  <t>pEp for Android (based on a fork of the K9 MUA), release <xref target="SRC.pepforandroid"/></t>
   3.429 +  <t>Enigmail/pEp as add-on for Mozilla Thunderbird, release <xref target="SRC.enigmailpep"/></t>
   3.430 +  <t>pEp for iOS (implemented in a new MUA), beta <xref target="SRC.pepforios"/></t>
   3.431 +</list></t>
   3.432 +
   3.433 +<t>pEp for Android, iOS and Outlook are provided by pEp Security, a commercial
   3.434 +entity specializing in end-user software implementing pEp while Enigmail/pEp
   3.435 +is pursued as community project, supported by the pEp Foundation.</t>
   3.436 +
   3.437 +<t>All software is available as Free Software and published also in source form.</t>
   3.438 +
   3.439 +</section>
   3.440 +</section>
   3.441 +<section anchor="acknowledgements" title="Acknowledgements">
   3.442 +
   3.443 +<t>The authors would like to thank the following people who have provided
   3.444 +feedback or significant contributions to the development of this
   3.445 +document: Leon Schumacher and Volker Birk</t>
   3.446 +
   3.447 +<t>This work was initially created by pEp Foundation, and then reviewed
   3.448 +and extended with funding by the Internet Society’s Beyond the Net
   3.449 +Programme on standardizing pEp. <xref target="ISOC.bnet"/></t>
   3.450 +
   3.451 +</section>
   3.452 +
   3.453 +
   3.454 +  </middle>
   3.455 +
   3.456 +  <back>
   3.457 +
   3.458 +    <references title='Normative References'>
   3.459 +
   3.460 +
   3.461 +
   3.462 +
   3.463 +
   3.464 +<reference  anchor="RFC4949" target='https://www.rfc-editor.org/info/rfc4949'>
   3.465 +<front>
   3.466 +<title>Internet Security Glossary, Version 2</title>
   3.467 +<author initials='R.' surname='Shirey' fullname='R. Shirey'><organization /></author>
   3.468 +<date year='2007' month='August' />
   3.469 +<abstract><t>This Glossary provides definitions, abbreviations, and explanations of terminology for information system security. The 334 pages of entries offer recommendations to improve the comprehensibility of written material that is generated in the Internet Standards Process (RFC 2026). The recommendations follow the principles that such writing should (a) use the same term or definition whenever the same concept is mentioned; (b) use terms in their plainest, dictionary sense; (c) use terms that are already well-established in open publications; and (d) avoid terms that either favor a particular vendor or favor a particular technology or mechanism over other, competing techniques that already exist or could be developed.  This memo provides information for the Internet community.</t></abstract>
   3.470 +</front>
   3.471 +<seriesInfo name='FYI' value='36'/>
   3.472 +<seriesInfo name='RFC' value='4949'/>
   3.473 +<seriesInfo name='DOI' value='10.17487/RFC4949'/>
   3.474 +</reference>
   3.475 +
   3.476 +
   3.477 +
   3.478 +<reference  anchor="RFC7435" target='https://www.rfc-editor.org/info/rfc7435'>
   3.479 +<front>
   3.480 +<title>Opportunistic Security: Some Protection Most of the Time</title>
   3.481 +<author initials='V.' surname='Dukhovni' fullname='V. Dukhovni'><organization /></author>
   3.482 +<date year='2014' month='December' />
   3.483 +<abstract><t>This document defines the concept &quot;Opportunistic Security&quot; in the context of communications protocols.  Protocol designs based on Opportunistic Security use encryption even when authentication is not available, and use authentication when possible, thereby removing barriers to the widespread use of encryption on the Internet.</t></abstract>
   3.484 +</front>
   3.485 +<seriesInfo name='RFC' value='7435'/>
   3.486 +<seriesInfo name='DOI' value='10.17487/RFC7435'/>
   3.487 +</reference>
   3.488 +
   3.489 +
   3.490 +
   3.491 +<reference anchor="I-D.birk-pep">
   3.492 +<front>
   3.493 +<title>pretty Easy privacy (pEp): Privacy by Default</title>
   3.494 +
   3.495 +<author initials='V' surname='Birk' fullname='Volker Birk'>
   3.496 +    <organization />
   3.497 +</author>
   3.498 +
   3.499 +<author initials='H' surname='Marques' fullname='Hernani Marques'>
   3.500 +    <organization />
   3.501 +</author>
   3.502 +
   3.503 +<author initials='B' surname='Hoeneisen' fullname='Bernie Hoeneisen'>
   3.504 +    <organization />
   3.505 +</author>
   3.506 +
   3.507 +<date month='November' day='4' year='2019' />
   3.508 +
   3.509 +<abstract><t>The pretty Easy privacy (pEp) model and protocols describe a set of conventions for the automation of operations traditionally seen as barriers to the use and deployment of secure, privacy-preserving end- to-end interpersonal messaging.  These include, but are not limited to, key management, key discovery, and private key handling (including peer-to-peer synchronization of private keys and other user data across devices).  Human Rights-enabling principles like Data Minimization, End-to-End and Interoperability are explicit design goals.  For the goal of usable privacy, pEp introduces means to verify communication between peers and proposes a trust-rating system to denote secure types of communications and signal the privacy level available on a per-user and per-message level. Significantly, the pEp protocols build on already available security formats and message transports (e.g., PGP/MIME with email), and are written with the intent to be interoperable with already widely- deployed systems in order to ease adoption and implementation.  This document outlines the general design choices and principles of pEp.</t></abstract>
   3.510 +
   3.511 +</front>
   3.512 +
   3.513 +<seriesInfo name='Internet-Draft' value='draft-birk-pep-05' />
   3.514 +<format type='TXT'
   3.515 +        target='http://www.ietf.org/internet-drafts/draft-birk-pep-05.txt' />
   3.516 +</reference>
   3.517 +
   3.518 +
   3.519 +
   3.520 +<reference  anchor="RFC2119" target='https://www.rfc-editor.org/info/rfc2119'>
   3.521 +<front>
   3.522 +<title>Key words for use in RFCs to Indicate Requirement Levels</title>
   3.523 +<author initials='S.' surname='Bradner' fullname='S. Bradner'><organization /></author>
   3.524 +<date year='1997' month='March' />
   3.525 +<abstract><t>In many standards track documents several words are used to signify the requirements in the specification.  These words are often capitalized. This document defines these words as they should be interpreted in IETF documents.  This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t></abstract>
   3.526 +</front>
   3.527 +<seriesInfo name='BCP' value='14'/>
   3.528 +<seriesInfo name='RFC' value='2119'/>
   3.529 +<seriesInfo name='DOI' value='10.17487/RFC2119'/>
   3.530 +</reference>
   3.531 +
   3.532 +
   3.533 +
   3.534 +
   3.535 +    </references>
   3.536 +
   3.537 +    <references title='Informative References'>
   3.538 +
   3.539 +
   3.540 +
   3.541 +
   3.542 +
   3.543 +<reference anchor="I-D.birk-pep-trustwords">
   3.544 +<front>
   3.545 +<title>IANA Registration of Trustword Lists: Guide, Template and IANA Considerations</title>
   3.546 +
   3.547 +<author initials='B' surname='Hoeneisen' fullname='Bernie Hoeneisen'>
   3.548 +    <organization />
   3.549 +</author>
   3.550 +
   3.551 +<author initials='H' surname='Marques' fullname='Hernani Marques'>
   3.552 +    <organization />
   3.553 +</author>
   3.554 +
   3.555 +<date month='July' day='8' year='2019' />
   3.556 +
   3.557 +<abstract><t>This document specifies the IANA Registration Guidelines for Trustwords, describes corresponding registration procedures, and provides a guideline for creating Trustword list specifications.  Trustwords are common words in a natural language (e.g., English), which hexadecimal strings are mapped to.  Such a mapping makes verification processes like fingerprint comparisons more practical, and less prone to misunderstandings.</t></abstract>
   3.558 +
   3.559 +</front>
   3.560 +
   3.561 +<seriesInfo name='Internet-Draft' value='draft-birk-pep-trustwords-04' />
   3.562 +<format type='TXT'
   3.563 +        target='http://www.ietf.org/internet-drafts/draft-birk-pep-trustwords-04.txt' />
   3.564 +</reference>
   3.565 +
   3.566 +
   3.567 +
   3.568 +<reference anchor="I-D.marques-pep-handshake">
   3.569 +<front>
   3.570 +<title>pretty Easy privacy (pEp): Contact and Channel Authentication through Handshake</title>
   3.571 +
   3.572 +<author initials='H' surname='Marques' fullname='Hernani Marques'>
   3.573 +    <organization />
   3.574 +</author>
   3.575 +
   3.576 +<author initials='B' surname='Hoeneisen' fullname='Bernie Hoeneisen'>
   3.577 +    <organization />
   3.578 +</author>
   3.579 +
   3.580 +<date month='July' day='7' year='2019' />
   3.581 +
   3.582 +<abstract><t>In interpersonal messaging end-to-end encryption means for public key distribution and verification of its authenticity are needed; the latter to prevent man-in-the-middle (MITM) attacks.  This document proposes a new method to easily verify a public key is authentic by a Handshake process that allows users to easily authenticate their communication channel.  The new method is targeted to Opportunistic Security scenarios and is already implemented in several applications of pretty Easy privacy (pEp).</t></abstract>
   3.583 +
   3.584 +</front>
   3.585 +
   3.586 +<seriesInfo name='Internet-Draft' value='draft-marques-pep-handshake-03' />
   3.587 +<format type='TXT'
   3.588 +        target='http://www.ietf.org/internet-drafts/draft-marques-pep-handshake-03.txt' />
   3.589 +</reference>
   3.590 +
   3.591 +
   3.592 +<reference anchor="GNUnet" target="https://grothoff.org/christian/habil.pdf">
   3.593 +  <front>
   3.594 +    <title>The GNUnet System</title>
   3.595 +    <author initials="C." surname="Grothoff" fullname="Christian Grothoff">
   3.596 +      <organization></organization>
   3.597 +    </author>
   3.598 +    <date year="2017" month="October" day="07"/>
   3.599 +  </front>
   3.600 +</reference>
   3.601 +<reference anchor="ISOC.bnet" target="https://www.internetsociety.org/blog/2017/06/12-innovative-projects-selected-for-beyond-the-net-funding/">
   3.602 +  <front>
   3.603 +    <title>Beyond the Net. 12 Innovative Projects Selected for Beyond the Net Funding. Implementing Privacy via Mass Encryption: Standardizing pretty Easy privacy’s protocols</title>
   3.604 +    <author initials="I." surname="Simao" fullname="Ilda Simao">
   3.605 +      <organization></organization>
   3.606 +    </author>
   3.607 +    <date year="2017" month="June"/>
   3.608 +  </front>
   3.609 +</reference>
   3.610 +
   3.611 +
   3.612 +
   3.613 +
   3.614 +<reference  anchor="RFC7942" target='https://www.rfc-editor.org/info/rfc7942'>
   3.615 +<front>
   3.616 +<title>Improving Awareness of Running Code: The Implementation Status Section</title>
   3.617 +<author initials='Y.' surname='Sheffer' fullname='Y. Sheffer'><organization /></author>
   3.618 +<author initials='A.' surname='Farrel' fullname='A. Farrel'><organization /></author>
   3.619 +<date year='2016' month='July' />
   3.620 +<abstract><t>This document describes a simple process that allows authors of Internet-Drafts to record the status of known implementations by including an Implementation Status section.  This will allow reviewers and working groups to assign due consideration to documents that have the benefit of running code, which may serve as evidence of valuable experimentation and feedback that have made the implemented protocols more mature.</t><t>This process is not mandatory.  Authors of Internet-Drafts are encouraged to consider using the process for their documents, and working groups are invited to think about applying the process to all of their protocol specifications.  This document obsoletes RFC 6982, advancing it to a Best Current Practice.</t></abstract>
   3.621 +</front>
   3.622 +<seriesInfo name='BCP' value='205'/>
   3.623 +<seriesInfo name='RFC' value='7942'/>
   3.624 +<seriesInfo name='DOI' value='10.17487/RFC7942'/>
   3.625 +</reference>
   3.626 +
   3.627 +
   3.628 +<reference anchor="SRC.pepforandroid" target="https://pep-security.lu/gitlab/android/pep">
   3.629 +  <front>
   3.630 +    <title>Source code for pEp for Android</title>
   3.631 +    <author >
   3.632 +      <organization></organization>
   3.633 +    </author>
   3.634 +    <date year="2019" month="July"/>
   3.635 +  </front>
   3.636 +</reference>
   3.637 +<reference anchor="SRC.pepforios" target="https://pep-security.ch/dev/repos/pEp_for_iOS/">
   3.638 +  <front>
   3.639 +    <title>Source code for pEp for iOS</title>
   3.640 +    <author >
   3.641 +      <organization></organization>
   3.642 +    </author>
   3.643 +    <date year="2019" month="July"/>
   3.644 +  </front>
   3.645 +</reference>
   3.646 +<reference anchor="SRC.pepforoutlook" target="https://pep-security.lu/dev/repos/pEp_for_Outlook/">
   3.647 +  <front>
   3.648 +    <title>Source code for pEp for Outlook</title>
   3.649 +    <author >
   3.650 +      <organization></organization>
   3.651 +    </author>
   3.652 +    <date year="2019" month="July"/>
   3.653 +  </front>
   3.654 +</reference>
   3.655 +<reference anchor="SRC.enigmailpep" target="https://enigmail.net/index.php/en/download/source-code">
   3.656 +  <front>
   3.657 +    <title>Source code for Enigmail/pEp</title>
   3.658 +    <author >
   3.659 +      <organization></organization>
   3.660 +    </author>
   3.661 +    <date year="2019" month="July"/>
   3.662 +  </front>
   3.663 +</reference>
   3.664 +
   3.665 +
   3.666 +    </references>
   3.667 +
   3.668 +
   3.669 +<section anchor="excerpts-from-the-pep-reference-implementation" title="Excerpts from the pEp Reference Implementation">
   3.670 +
   3.671 +<t>This section provides excerpts of the running code from the pEp
   3.672 +reference implementation pEp engine (C99 programming language).</t>
   3.673 +
   3.674 +<section anchor="pep-rating" title="pEp rating">
   3.675 +
   3.676 +<t>From the reference implementation by the pEp foundation, src/message_api.h:</t>
   3.677 +
   3.678 +<figure><artwork><![CDATA[
   3.679 +      typedef enum _PEP_rating {
   3.680 +          PEP_rating_undefined = 0,
   3.681 +          PEP_rating_cannot_decrypt,
   3.682 +          PEP_rating_have_no_key,
   3.683 +          PEP_rating_unencrypted,
   3.684 +          PEP_rating_unencrypted_for_some,
   3.685 +          PEP_rating_unreliable,
   3.686 +          PEP_rating_reliable,
   3.687 +          PEP_rating_trusted,
   3.688 +          PEP_rating_trusted_and_anonymized,
   3.689 +          PEP_rating_fully_anonymous,
   3.690 +
   3.691 +          PEP_rating_mistrust = -1,
   3.692 +          PEP_rating_b0rken = -2,
   3.693 +          PEP_rating_under_attack = -3
   3.694 +      } PEP_rating;
   3.695 +]]></artwork></figure>
   3.696 +
   3.697 +</section>
   3.698 +</section>
   3.699 +<section anchor="document-changelog" title="Document Changelog">
   3.700 +
   3.701 +<t>[[ RFC Editor: This section is to be removed before publication ]]</t>
   3.702 +
   3.703 +<t><list style="symbols">
   3.704 +  <t>draft-marques-pep-rating-03:
   3.705 +  <list style="symbols">
   3.706 +      <t>Updates terms and references; other minor changes</t>
   3.707 +    </list></t>
   3.708 +  <t>draft-marques-pep-rating-02:
   3.709 +  <list style="symbols">
   3.710 +      <t>Add Privacy and IANA Considerations sections</t>
   3.711 +      <t>Updated Terms</t>
   3.712 +    </list></t>
   3.713 +  <t>draft-marques-pep-rating-01:
   3.714 +  <list style="symbols">
   3.715 +      <t>Update references</t>
   3.716 +      <t>Minor edits</t>
   3.717 +    </list></t>
   3.718 +  <t>draft-marques-pep-rating-00:
   3.719 +  <list style="symbols">
   3.720 +      <t>Initial version</t>
   3.721 +    </list></t>
   3.722 +</list></t>
   3.723 +
   3.724 +</section>
   3.725 +<section anchor="open-issues" title="Open Issues">
   3.726 +
   3.727 +<t>[[ RFC Editor: This section should be empty and is to be removed
   3.728 +     before publication ]]</t>
   3.729 +
   3.730 +<t><list style="symbols">
   3.731 +  <t>Better explain usage of Color Codes in Per-Identity Privacy Rating</t>
   3.732 +  <t>Decide whether rating code scalars 6 and 7-9 should be raised to
   3.733 +leave space for future extensions</t>
   3.734 +  <t>Add Security Considerations</t>
   3.735 +  <t>Add more source code excerpts to Appendix</t>
   3.736 +  <t>Add rating codes for secure cryptographic methods and parameters
   3.737 +and reference them</t>
   3.738 +</list></t>
   3.739 +
   3.740 +</section>
   3.741 +
   3.742 +
   3.743 +  </back>
   3.744 +
   3.745 +<!-- ##markdown-source:
   3.746 +H4sIABITFl4AA81b6XIbSXL+309Ry/kx5AQaPHSS63WYoqgRY0RRFimvNzQK
   3.747 +RqG7APSyD2xXgxSGksOv4dfzk/j7sqpPgpRmfYQVM0EAXUdWnl9mVodhGERF
   3.748 +nOSzA7WspuHzIKiSKjUHamNRmqpaqWNtV2pRJtc6WqnNxfFi60Cd6sUCU1Qx
   3.749 +Ve/8k/e6wi8bgZ5MSnP90PRmaFxEuc6wVVzqaRVmuvzb0thwYRZhKUPCnUdB
   3.750 +pCszK8rVgUryaREEttJ5fKnTIsfElbHBIjlQH6siGilblFVpphafVpn7EBVZ
   3.751 +ZvLKfgoCvazmRXkQBEqF+F9hPXugXo9xGNlXfnP0vDZlrvOk96QowSGQr14V
   3.752 +yzwGeUUuv1tsaaoDdTYxpSnVz6WemFw9lmdRUoHuo9fh88c7O+rPSV6Zspov
   3.753 +S/cQ61Q81/lNUv1myhTnkgcm00l6oOaOiLFnyz+BLeNpf+9libPPq2phD7a3
   3.754 ++8+3B+d8MVavC5ObxJq8c9IX2CQxg0f/50edCBXjeU3F7z9rXpQZPl+bAwx+
   3.755 +/+ro8f7j/YPgByVfnjza2/O/P3v86Ak/noQvx5OkvKKyQSUC6lazgp/2+Pnz
   3.756 +ne4au82XZ3tPnssXLtNVW3eewfphVS5tdVOUsXUrDGc5Za+ndZ/MwSg711dy
   3.757 +rJ/ffsjBfuFGpcsZRVEzZFYW0O7pdAzZbUfzMrFVovPtuZ4k6XgRT90kb9gX
   3.758 +c+MXU+crW5lsQx7XBqJUqx9H9VKQttvBPxalOhr3f4Y4MGdvZ/dZuLsT7jwL
   3.759 +muPyMFdmZVd5JOc8PzsaT+49zc3NzVg0CCNsESWmWsnBJmkx2+by2ztPt3f3
   3.760 +wiTPi2sRWrgoi7+aqLKhNSn+mjiEQMOJWRV5HFZzE2KpcAqNAae3e9x4IWMU
   3.761 +xqi3phqr3T110qwL9+bWVed+XYV1VX+OeuXWHauTbJEaOhw6x9ozXicansRa
   3.762 +dZxH5WpBjYUl0I3pMk5+49A1vvI///0/LD4X8GxFau+X0Ekaa3WeZLroSuZk
   3.763 +3PmtI5adp94O9h/viTKevz+icKKi9Ip/RxgDW4vN9bYf6Bh4hKlwvcsyMjD0
   3.764 +2CgcTMH7wkfk+CmpWSLTGTHoWTZNPktyN1bHegFZ2y23bEPtc2pQQyHYjsFl
   3.765 +kcTrdYYaZk0ENwFlSZfbM1CnJ9t+Dh93pX7eoZcCJU38e+iG99m2PyQkKex3
   3.766 +EBHNhVmlWRR2GxtcYuZlcna+/T2EYNw3iCiWVVoUV9/HjbuEnLnp30WMH3sv
   3.767 +QSZPZvR84kzXkVMPGMMKt5M8Np/Hi/kCP2/HxU2eFjredhoUcu+HSDr2K/Ec
   3.768 +a+gJwjBUeoJIpaMqCE5ylel8pc4WC2CDZU5fFsGUHWOUjUyuKU1l6CWKEH/w
   3.769 +sbZSlViihoJx4Tdv+SfeLamlhcrC4nPob5xw+EglFaZAxSuExdL8bZmUmFUV
   3.770 +Acz4OsEB6C9knkIcnCtDc8+Mzi0GqUiX5UpBqmLm9CGRmMw4CF6ahREPo0CU
   3.771 +Ndem1Kma4oRFCYxjdDQXoIPzuSkqQuDITcpl42QqplgFC8OdM71Scw3PpttH
   3.772 +jauCV6qWXHI8G4/UMve8MPEoaD6KzXa+4TAmTfm3Q7eJx+r4GmwQ4jJjrZ5B
   3.773 +gGWRbYMfWlkcJjWKJH0PReDBBY9iFykGk404/BJM6A/jeWsej/AJwgDGXNL7
   3.774 +BLGZwuGAyAFihRLM4Z/kVElF/jhoi6W0ghpNp0kUpslsXgUW4Z3Hg9gPhztz
   3.775 +K9khpow0TlaG9bEn2uKxZ1SAv80IKAUWhCbKkLFiZO7tqZo91SYmIhRABx1e
   3.776 +2FKBTtPixopeahWlRpdOOFgsXUF8MQQucWZCXpfGNm64wygF8APIh7H8tYDm
   3.777 +Z9B2efyBj48/g9JEfPnmh3/doijI2NJzTwAEj58VtgKSy8GFKNGie+vNLmjN
   3.778 +TpiOP2lpdLxqYwW4mLSaDomkXrOtBBCJlsHdzGLs7D9L4jg1BB+w1rKIl5Gg
   3.779 +yG95g9tbDxC/fl3rGYKeZ1B/r2cIOp5B/T7PEPwveQavhon5He4hCH6ChpUm
   3.780 +Tahd/Nb4hN4XF+K7noGPM/CeqJjf1vsJqKSzwW+5iuD/tauA6McGvlR3R7ec
   3.781 +dQbN6CYOAtSI5uugt9wBWVY6zq0MjZ6fZsjGcn7IC7/OJv6flXq1FQRvC4bF
   3.782 +P88TsG7Dzdnwo5J2H3IgKqC4nysaVm9TG2y6MIBxb2Evc3WYwRFEekt+AuyH
   3.783 +QBa6rMQmuRJSnDRWfpb4j1+2AmEt/pvBM0A54ZcEG3r9x5k3COxmZoMC39AZ
   3.784 +csEN5QgYIwEtuRA8RrEwbpuOoEbNyUb1zJEIp1lStvKiDizwcutPoSd/vxNX
   3.785 +3okH/20n/j/jw3+nC1ewEPxOO0ptEWwKReHWJAU0G/gxMcN5YbkPtTcr8gL5
   3.786 +ZQFWehuzIutaYZ3o/Bnbc9NwuRcCRH0IMHkCCCY+X1EDAbawvV1lEyQ8whCb
   3.787 +zHKditGIokJr7KJw/u6u1c+5dAGMi5VFjImLGLo0ayMMd/OGEKwPMeuKV7e3
   3.788 +3dz+61fKGzix1knqkEO/XsG7C0NBnGrxOAKuS+gkzOaKxATfjkss4tzQy0tE
   3.789 +IVMnTobNQZxZ9naFytllUlGBxrVjuPAEDE/TocjzUjxlG+tE1tiMTFoPmu/G
   3.790 +QhlL0C4sFwoDZ1YUZJ9WulYftBmNDHQvFhK8QYi53I2DwQ/IHd+7wCoFP/UG
   3.791 +HmAJw3WKcWVWSiowauP0w/kFHQb/qrdn8vn98T9/OHl//JKfz18fvnnTfHAj
   3.792 +Anw5+/DGP+endubR2enp8duXbvLp4V9qH3T27uLk7O3hmw3naLs6Qo2sxBak
   3.793 +ykFlc0gaYSAqk4lzzre3f4Dg93Z39yH4wJ/xwpSZdWeaFuSFWAd/lFVr9zV1
   3.794 +jlOtd5yseP0k8n/dFJiUtx+wXQRW5B4eMj4ghIqocqdexTV1jHU55nJEIBLL
   3.795 +PLTo+iIMTKYrddFUwCRGgcYZj43Ts7jK1AGgJU0nOrracgYF0JOTQTHpSHJo
   3.796 +Z2lZPuCxkPrOgJEsVTqxc8N0HRtNEOTXgh14qDS5ImhYzLEcRkfYbOyVf229
   3.797 +7etXMKil+gCA32KSLqnw/AmhpeeMwbHdp+EEVpkvGYlw0B2mfko9ffLk0ZMt
   3.798 +MiOHpyI+S71qOo0cI0oDAMWFcLiVyEi5hA1ixSp2jkSZx5uIfDsMxc4TiEUt
   3.799 +luBGRE1HIMuvi/TaeSAYjrNa1mEzBOwEjBwPLL9To8TRg3/4QxgGwcdf3r/4
   3.800 +pE6mKoOfXs5m4Lgz0knB0FHSrBaV+vixp0mfPklAwFNIMS+C3Dg6BLeJTpqI
   3.801 +xTOJAQxJWA5JL590zg6dSKofm9QgmBjJqVNdtcilGd5x95IC/GNQS0+d5epV
   3.802 +ggjKQKg2L85efdg6UNF03PWqI3UzTwA/oVCVgaw3CN3Brrr6NlKcJ0rjA3UU
   3.803 +4eDOInAQgG0nu1YEUFTyGyiHboo5jGUhU6gXhA/txk+mlON4ADGSR8T5qlcD
   3.804 +kPinKz+Bh1Tny4mFt3MQsqvyMjCx/RVM7KO3hFEgbfzgiOySCHFJyQgSmekk
   3.805 +t0JGrk6Ti1OlK/iAK0SdKTQhcuTLT0ABMaRc8eeIko6Xpd+JVrlMifoIXUQ+
   3.806 +QwsdbzhdA4NfnrGtBFk6DCTnuBEX5LjvWaMuxsoL+FTnITwDi7su41ObpycX
   3.807 +p1ueso6Y2Q1YI+ZDUMiyP02IHg76eYP4UXmg7g8IZXPzJJeQ3+DbxHFTC4TV
   3.808 +os6sD2MNBKmsAMJnNtUelpzRlaYhZNpCcqVmqdSKnxVlyVhH9Ui6SccaQ2ZS
   3.809 +MBB1rVKejwwQ6h3w6KlHrP3kRcKHz2OOmG9IngQUauq0Cy6LHBM4cXvbNia+
   3.810 +ft1ycL4NOLuP6lV96tIJPYQb4irVtU6XXDU2UZLpdAth50tNghT0mm+pniBw
   3.811 +tP++BF8Ows6/L+H6fwcY2EwKH2GiQ8y17HortgP3OHBSFlfwKcN/vYG7HFjn
   3.812 +qg8MVDv11o4H9w+UFRHbaDLgC0HT+oFCo/hMpHc01vtW9KduE+77Bj4eDhSI
   3.813 +TSQ/GPjEDaxz+/sP85QD1w4bDHzGgT7hVw8NfN4dKJWDvMhXmRRZegP3OXC6
   3.814 +ZD7phhTI35oVqetHkoJ4VWciCZ/Vw6W0xTa/gpFrF4X0NaCqnKifYwSJHdqB
   3.815 +pDnQ8HvSva2uYYj2HzX5vqq/NLo/UPqhzh8MNJOcv1/YO3je1AXWPOd8lzyv
   3.816 +n7+H51Jg6K5Ptp4vy786R9e9BdB1LPSNRZ/9R73UbV1OOugTSYmCxZ9mtyBr
   3.817 +d6MQ7u7IXzu7qk3ChG5WGnQFY70Y7dArWfWAmIaOqS+lL2vlBb8E6kRi94qv
   3.818 +5T1RIyzwAVE2j7ryojE+IN52/Wdcf189IOovvsJbM7xTLwI6kLIVAd9QYFjW
   3.819 +5esS+weVlU0Xi/380BbT6ga2ESadhqnLQFnEpZo1pQPI20mARtoPYD8wpLEs
   3.820 +xtyF7HQ8ksyuyFPJjttSF44Iz2sZ+gkfuoEofESEnz0MKHiNIY0lKUG+xl7w
   3.821 ++M46ey6PqotGN1CzymTQdI/77s7YdTPEIZnPTIWTCpQ7kKK4lg8/VgpSSP2B
   3.822 +FVyJbWIi7cykRcIP5jRcC2l85FImcOqGmUfTCCDwoiCl1tJFGqzyAcfJcTwC
   3.823 +ct45E7NSLk7Niqoy+ZpSDVAlUJUEMWxxJXyj6N56L8GihLILoASa6qZUwljG
   3.824 +dOLccvIE210O5MF/xwmLTIeM3RGJejn4ZLJkpgpRgHU+4+jULaxz8sqlLZXD
   3.825 +oXX5tgntw212B9twpmhIHWQ3aykRZObKlKWgPdmBebQrg5WdJfewAI62dUdX
   3.826 +oFxvHRZgJbKJUiwoeyShG1KabRPKh4Jr475LQLrZylR0gSA3L7riqjVegDJ4
   3.827 +cJemR93zsy1kIpMQsEr5D66CmL0DOrBShzQhrJnSxSauflGaHymMLqmSU/tx
   3.828 +nfNKDR4rJQvElOounY8HdK6jrQVELsZgo2ZF8UNUy2K5aE9QkwjkAG0BRCSa
   3.829 +b+awHqdEzdy0G6mjds7iNa0nSpchU0/vHuLJ4BBte1YUWr4UsJwFREmj1Znh
   3.830 +xQryvC3K90e5CpuCj0qLleO7s9N8Vs23fPEByeCSYZSH8rb7l6YN0SXw6YEU
   3.831 +M4zUh4bW1xNuayDURhY4mh3uPcfIlQQiRJtE7LjBnmN1UjnLZdASh+9Z6YNg
   3.832 +22fx9P9cN0+65D8b8He4mIuS7Vp0ogwzCVWDMXH+nX4Yai9HjlhtcyiWTb6E
   3.833 +vFmSxS9WckxJ8SPjsmHpB47c57qA7Iq0vtAdF/mPFW/pJRFCSOA8pAyVDHpz
   3.834 +UPbYYum1LHQ0H/VqdvqaN2A6tXdJfur82xWlXF3PJ/pJ2dT+pqy1jKXV+hBW
   3.835 +8KT0fw6dByZh5GrQ9YnPxOVF8wSqFftif9nFbM8lHu0L4GZdrrz29jxdVixp
   3.836 +iL/JSUwwJMY5Pkl7ff0D6qZDSdc3u0Q8Rx4MXy2llMAFY5YDpTPZ1s2l1Oiv
   3.837 +193eug8sPoC+bYY2EQooC4bZSy/m2v7W+1usXrCo5nyD9Au84yy94K9yLCx9
   3.838 +VKnS+iAnwpuY6sb42Iz5i4KVV+fdA1pmW0pVYrwYl0Izx01N4aTucQ2LChSE
   3.839 +NNZ6yFtibI1ZR7URUkJiQh5+l03lIajxoTSiRKJUgzrwS4vAy7PTq94UXdzi
   3.840 +xV+xCsjEVawZZ4f9s7r605kvjZ1qAHaQ5SmYlE3ojz1ku1hj+3eIo+XkTS2P
   3.841 +zj6rzTT4HX7hXq8QdIi549VajAStu2ldcCfYNLG8mFRaqhRVrfDYqI6oTS2o
   3.842 +fxyob0r7n8FQAoLiBhM3kMd8jtJl3Fhnk7H0yBM0XjcnIleZhjvrh3heu+qG
   3.843 +RMQiccj5eonZpqJaUzseZgQtDb20QOBvV2ji80tBtzZo7yhgvV8//voRQeZH
   3.844 +F7FXxuNDun5X7KbjoTcW/WPbzJmrtOmujAAO6262Ob5XvY3rBlskHXIfbvr0
   3.845 ++5q4W4KBSZfWd5F4nyCJlmnlsCCTEy8fW0f+FtS5BQjEwVTmNrKXa+zUvsFx
   3.846 +NIIjgKaAn0r9+unXT+INmrbkkQ/DTgaeQ6zjtmNrZ/EdQ08O3x7eGXfRbVoh
   3.847 +uAoW1JETuvQZMcs5qZP+NVNfsWEm2b8DJEtaI9+I1KSFIpjLJapAefSj+Z2Q
   3.848 +5SFh3RNoyp2Tleut1fmLr806rlaJA5NwKFVTu4B613Wo8CXffBjV96Ca/rD2
   3.849 +gV2nw5agv7vLjiBV3D1d1C2oIdG+89gcOJFSCSOI3EvUcHPWUXpyfPGKw3mv
   3.850 +hfVaK3mfawdKgYVf4AOt9BHkhQ1qXwB67Fi9S6XLBNMwLT5Jk+bQvHWVIBm8
   3.851 +TmJexemTGYihxIVxtsWH9EdxUVoZ5FjsSByrV0tGp5LVcgkxZgpFqAIqh/SI
   3.852 +IIe86rQeObO53S9nqm8fyLauzwBrt0vvx7GbMIN9TzB+yatUMIALf49FSKx5
   3.853 +qK2TXcYgiycMpsRt8BvOv05otnAIlU4Lx4nGsd1RsNJhqWBq2Cc02PS90bFv
   3.854 +ASodXyfWLdqy2VntcKVMrwLzOREgdhhRxf29o476jNTGrx/H4/Gvn5yG3CS8
   3.855 +1SJRpTTXibmRfQEyiGk4XVIYFxYssaGKl6aB4s2FlNpYraOv7vkF7l6gXDIq
   3.856 +l3le45o6KPMmg7+QgqyGN+KIejGYLQS5X2akXNgaOLk+NSZmy7izV6b9Zbru
   3.857 +RY/mFn0gPZZM2MuUQUpbi9rddhT07qFdtgfT7eqSFtdB0g2Qb8UuDAvPHvjW
   3.858 +RS7VLXIJHBi079cP7EB8R73apFbrkrA7iA0BCQuZ/maLCNyVQQbXtqW/Hseh
   3.859 +v5txmkRlwS3r5yOmUWK/t7d3rpdLI3xwOx75b+uopsS8vib7yz6C7OHW+gX9
   3.860 +TXxZsHuLe0he8RtUUcPeBLtNkjIerte5bt4jLzk7V5uDO6QagPbGUwUUrHsk
   3.861 +JYV0uwfHG8lCVLCGgS62Uy/FP3BCHQdHvi9nSt56DXw8l2iA9Ene7gAZvCoj
   3.862 +2PRepaAlwCv07rcTii5Lu3RdNQ96Kt5IkpdSENWXcmWoDkNm8NYW7R9m3e7Z
   3.863 +LRthxVcsiZ7XT3liQWGSB0g+xEu47gI+ld5F2sOIATI18czdtHHa7F5NgR8R
   3.864 +lCk5kJiVzq8G5bqFKXjjC/jYmWzN2KAxZ3/zS6KpNLi9I67LzJUEvmuTFguJ
   3.865 +D3VUba63qDeGGCCaLzM2u13p+F+KlI3bF0l55WGApGuE3L43TbwNY6paIbes
   3.866 +dH6eHfXaP8ZyXc189qFAEJN/waiJWHW76dy9xAT02H9zKHjHoKozogSpQHbf
   3.867 +CTpeyC2N+lUpaipvN5NFlMPxZ+CzBTyt3Jathf++efGmj4gGyMcz3RK1u1W8
   3.868 +CXe9c2/l4N5Xeritf51n82h/3wEFnMk1dt1VF1/V59DSZ46v6sXvXbij09OO
   3.869 +IGwZbfs05VIvkvEcTu/f/D//DlS1WhgANJC1zNTlu+N3lz6Zvg3avkf782Xb
   3.870 +uf2T2hmtH+MynUtfuLpnEDX6Mi8ugbPvGdF7qeJbI+RNHVYk7x1aV8DuGfCN
   3.871 +xz6/efjppbxw2/Rh7xks+eplU80YBeuHNc30P6lw956lJjslO/MYsXfvuREa
   3.872 +Ln0KinGP/LCvnUF/bJUC1vKyziKO5rwaDDTm0xAgInUcJ0B5B+pigJVddlWa
   3.873 +rGA1aWKmhA8uUXUa6tKXnx56gZkvRP2kPixi6ef4m3rdN+TsHz2Mg8EUrpLG
   3.874 +isiDq+65VQ/juMmxuOaaJKo+ju2QEde3CB/aYrdLeIda+fVUSDVg2zdW2XGr
   3.875 +nPjLP8DkVpzRD+oMOF2dWMv3q78hCTuvG28mW1SrOlvqSccpwAMiemGqyrfY
   3.876 +kNMCz7Gk0PQW6zbyg8Wun9RLRPWYscuIxLoVOnfnxaqnQt6zcL9Ddqk9dA8k
   3.877 +8UbQswvtgmpdn5Q4YkVQTq735dnuaTZ86bLx4+DK4UJeCvnsx/bqpNLicFXO
   3.878 +dY0Ap5u91kH/dU6cOwv+C5gDCII1QAAA
   3.879 +
   3.880 +-->
   3.881 +
   3.882 +</rfc>
   3.883 +
     4.1 --- a/pep-rating/draft-marques-pep-rating.mkd	Wed Jan 08 18:33:34 2020 +0100
     4.2 +++ b/pep-rating/draft-marques-pep-rating.mkd	Wed Jan 08 18:37:13 2020 +0100
     4.3 @@ -343,6 +343,8 @@
     4.4  
     4.5  \[\[ RFC Editor: This section is to be removed before publication \]\]
     4.6  
     4.7 +* draft-marques-pep-rating-03:
     4.8 +  * Updates terms and references; other minor changes
     4.9  
    4.10  * draft-marques-pep-rating-02:
    4.11    * Add Privacy and IANA Considerations sections