Re: [dispatch] [Secdispatch] A protocol for anonymity
Barry Leiba <barryleiba@computer.org> Tue, 12 March 2019 06:41 UTC
Return-Path: <barryleiba@gmail.com>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46739130EFB; Mon, 11 Mar 2019 23:41:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.649
X-Spam-Level:
X-Spam-Status: No, score=-1.649 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PfCiD0pIFXA3; Mon, 11 Mar 2019 23:41:25 -0700 (PDT)
Received: from mail-it1-f174.google.com (mail-it1-f174.google.com [209.85.166.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B374F130EE7; Mon, 11 Mar 2019 23:41:25 -0700 (PDT)
Received: by mail-it1-f174.google.com with SMTP id f186so1652979ita.0; Mon, 11 Mar 2019 23:41:25 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=lvL7Zr8CD6DG7tH2Qoqa0p+CbWWKZRPY7xCdNas71OY=; b=iPP93guhdbm+JsQ2suyMjkvJGDomcItXAmjYfd+sics9x24uPFaZhEcyVfD79zeLsu UsSR5jNQN+VfrhxbrdsVZn+2+18Tk3WtfjaqBPSSkk6LmIpQSNW3XsqjvCKxLpViyhH+ Twai6kfQH+nV6un48GrWgT2+s0WmXOGIPrMxGrvyySur9Yhr5f2vKF3/XPYPMyt8FYcA M/R0KjNJYeSlWTOEiIG1VsN2PQlKP0Qv0YHotefPhyWQz38tzo8v0W7j+F6Tb4bIhLnI P2nuYkSTeZopa299rEUl+7+Ca1dFUs6+9DWplbx1qhEkL8hVswpN40aVg3YCPEN4CsSZ SafQ==
X-Gm-Message-State: APjAAAWbJlbryTDcVerXOi2iQ3vjJDD6m46WD6lLgrNG0o2uJTEtJGcF 3nZdWTZNxitNWa8Q6w/nO5gW4SuUV273efpK1dk=
X-Google-Smtp-Source: APXvYqwLUvDItNtfr7+3SML7qiiBXjy3tX7i/PeWvTJf7zNiijumSBt/EO8iQmRSg2rORba7LGzVDQYGUouY/cboD/Q=
X-Received: by 2002:a02:984d:: with SMTP id x13mr18575051jaj.140.1552372884460; Mon, 11 Mar 2019 23:41:24 -0700 (PDT)
MIME-Version: 1.0
References: <1d369e948382f1431f6e67abce4ca0c8.squirrel@www.amsl.com> <F7BDADFC-FBEF-4049-945B-BD865AB58229@akamai.com> <336679b2-abd1-6372-050e-974530088821@gwerder.net> <26313F4A-06FF-4155-B646-09C96F370894@akamai.com> <6dd6ed2c-b2a6-f42f-9edc-25c9607bf173@gwerder.net>
In-Reply-To: <6dd6ed2c-b2a6-f42f-9edc-25c9607bf173@gwerder.net>
From: Barry Leiba <barryleiba@computer.org>
Date: Tue, 12 Mar 2019 15:41:13 +0900
Message-ID: <CALaySJK7rrzFCs-spcUV2YvEkKNUoPNSVn0jSv5-5eEaGjTuMQ@mail.gmail.com>
To: Martin <martin@gwerder.net>
Cc: "Salz, Rich" <rsalz@akamai.com>, "rfc-ise@rfc-editor.org" <rfc-ise@rfc-editor.org>, "secdispatch@ietf.org" <secdispatch@ietf.org>, "dispatch@ietf.org" <dispatch@ietf.org>, "sec-ads@ietf.org" <sec-ads@ietf.org>, "art-ads@ietf.org" <art-ads@ietf.org>, "draft-gwerder-messagevortexmain@ietf.org" <draft-gwerder-messagevortexmain@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dispatch/2b1WXYvK8Cv9dPhx56sAKvAXF6Y>
Subject: Re: [dispatch] [Secdispatch] A protocol for anonymity
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Mar 2019 06:41:28 -0000
I would feel better about this if it were done as an Experimental RFC in the IETF stream, ideally through an ART/SEC working group, as it's too much to be AD-sponsored. As such, it should go through secdispatch or dispatch, and it's a bit late to do that for Prague. I'd be hesitant to actually *block* it from the Independent stream (more specifically, asking the ISE not to publish it because it needs IETF review), but I'd rather see it in the IETF stream. I also don't know the history here, as I'm just stepping in as AD now, so perhaps the issue of doing it in the IETF stream has already been hashed out. If so, please clue me in. Barry On Tue, Mar 12, 2019 at 3:19 PM Martin <martin@gwerder.net> wrote: > > Hi Rich > > This is a valid point. Requested status is experimental. This allows > going for a standard later. So the primary goal is to become a standard > on the long term and to expose the protocol to a broader public. In my > eyes, for the standard, it would require that we have two seconding > documents — one dealing with best current practices and one focusing > security considerations (maybe both in one document). The main problem > with those two documents is not the protocol itself. As SMTP or HTTP in > its pure form, this is a transport protocol only. It does not deal with > the client side or the content itself. > > Anonymity is broken easily by the users themselves. As an example, you > may take the fact that almost no user is ready to write emails in plain > text. They want to embed graphics and emoticons. Allowing HTML encoding > on the other side makes the protocol vulnerable to bugging attacks. At > the moment I am using Thunderbird as the client and the MessageVortex > node as "local mail server." While this makes sense from the user > perspective (no new client), it is maybe not the wisest decision from an > anonymity perspective. This, however, is not a problem of the protocol. > MessageVortex allows transferring any message and is not limited to > emails. These possibilities should be further explored. > > At least for my person, this protocol opens a whole new world full of > possibilities. So I am very keen to see what it can do. > > Regards > Martin > > > Am 11.03.2019 um 15:31 schrieb Salz, Rich: > > I would turn this around: why does this have to be an RFC? > >
- [dispatch] A protocol for anonymity RFC ISE (Adrian Farrel)
- Re: [dispatch] A protocol for anonymity Hernâni Marques (p≡p project)
- Re: [dispatch] [Secdispatch] A protocol for anony… Stephen Farrell
- Re: [dispatch] [Secdispatch] A protocol for anony… Salz, Rich
- Re: [dispatch] [Secdispatch] A protocol for anony… Martin
- Re: [dispatch] [Secdispatch] A protocol for anony… Salz, Rich
- Re: [dispatch] [Secdispatch] A protocol for anony… Martin
- Re: [dispatch] [Secdispatch] A protocol for anony… Barry Leiba
- Re: [dispatch] [Secdispatch] A protocol for anony… Eric Burger
- Re: [dispatch] [Secdispatch] A protocol for anony… RFC ISE (Adrian Farrel)
- Re: [dispatch] [Secdispatch] A protocol for anony… Martin Thomson
- Re: [dispatch] [Secdispatch] A protocol for anony… Eric Rescorla