Re: [dispatch] [Secdispatch] A protocol for anonymity
Martin <martin@gwerder.net> Tue, 12 March 2019 06:18 UTC
Return-Path: <martin@gwerder.net>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02DE2130EF9; Mon, 11 Mar 2019 23:18:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SiqlLinFam2V; Mon, 11 Mar 2019 23:18:56 -0700 (PDT)
Received: from horus.gwerder.net (horus.gwerder.net [5.9.56.41]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1B961130E64; Mon, 11 Mar 2019 23:18:55 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by horus.gwerder.net (Postfix) with ESMTP id ECD0AE2AC93; Tue, 12 Mar 2019 07:18:52 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at horus.gwerder.net
Received: from horus.gwerder.net ([127.0.0.1]) by localhost (horus.gwerder.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bmLtote-Bb0h; Tue, 12 Mar 2019 07:18:52 +0100 (CET)
Received: from [192.168.244.105] (145.180.195.178.dynamic.wline.res.cust.swisscom.ch [178.195.180.145]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) (Authenticated sender: mgwerder) by horus.gwerder.net (Postfix) with ESMTPSA id 309D5E2AC96; Tue, 12 Mar 2019 07:18:52 +0100 (CET)
To: "Salz, Rich" <rsalz@akamai.com>, "rfc-ise@rfc-editor.org" <rfc-ise@rfc-editor.org>, "secdispatch@ietf.org" <secdispatch@ietf.org>, "dispatch@ietf.org" <dispatch@ietf.org>
Cc: "sec-ads@ietf.org" <sec-ads@ietf.org>, "art-ads@ietf.org" <art-ads@ietf.org>, "draft-gwerder-messagevortexmain@ietf.org" <draft-gwerder-messagevortexmain@ietf.org>
References: <1d369e948382f1431f6e67abce4ca0c8.squirrel@www.amsl.com> <F7BDADFC-FBEF-4049-945B-BD865AB58229@akamai.com> <336679b2-abd1-6372-050e-974530088821@gwerder.net> <26313F4A-06FF-4155-B646-09C96F370894@akamai.com>
From: Martin <martin@gwerder.net>
Message-ID: <6dd6ed2c-b2a6-f42f-9edc-25c9607bf173@gwerder.net>
Date: Tue, 12 Mar 2019 07:18:51 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.5.3
MIME-Version: 1.0
In-Reply-To: <26313F4A-06FF-4155-B646-09C96F370894@akamai.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/dispatch/PlNlhQYf6Enl-9sKP4aY61rCRpc>
Subject: Re: [dispatch] [Secdispatch] A protocol for anonymity
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Mar 2019 06:18:58 -0000
Hi Rich This is a valid point. Requested status is experimental. This allows going for a standard later. So the primary goal is to become a standard on the long term and to expose the protocol to a broader public. In my eyes, for the standard, it would require that we have two seconding documents — one dealing with best current practices and one focusing security considerations (maybe both in one document). The main problem with those two documents is not the protocol itself. As SMTP or HTTP in its pure form, this is a transport protocol only. It does not deal with the client side or the content itself. Anonymity is broken easily by the users themselves. As an example, you may take the fact that almost no user is ready to write emails in plain text. They want to embed graphics and emoticons. Allowing HTML encoding on the other side makes the protocol vulnerable to bugging attacks. At the moment I am using Thunderbird as the client and the MessageVortex node as "local mail server." While this makes sense from the user perspective (no new client), it is maybe not the wisest decision from an anonymity perspective. This, however, is not a problem of the protocol. MessageVortex allows transferring any message and is not limited to emails. These possibilities should be further explored. At least for my person, this protocol opens a whole new world full of possibilities. So I am very keen to see what it can do. Regards Martin Am 11.03.2019 um 15:31 schrieb Salz, Rich: > I would turn this around: why does this have to be an RFC? >
- [dispatch] A protocol for anonymity RFC ISE (Adrian Farrel)
- Re: [dispatch] A protocol for anonymity Hernâni Marques (p≡p project)
- Re: [dispatch] [Secdispatch] A protocol for anony… Stephen Farrell
- Re: [dispatch] [Secdispatch] A protocol for anony… Salz, Rich
- Re: [dispatch] [Secdispatch] A protocol for anony… Martin
- Re: [dispatch] [Secdispatch] A protocol for anony… Salz, Rich
- Re: [dispatch] [Secdispatch] A protocol for anony… Martin
- Re: [dispatch] [Secdispatch] A protocol for anony… Barry Leiba
- Re: [dispatch] [Secdispatch] A protocol for anony… Eric Burger
- Re: [dispatch] [Secdispatch] A protocol for anony… RFC ISE (Adrian Farrel)
- Re: [dispatch] [Secdispatch] A protocol for anony… Martin Thomson
- Re: [dispatch] [Secdispatch] A protocol for anony… Eric Rescorla