Re: [dmarc-ietf] Email security beyond DMARC?

Bernie Hoeneisen <bernie@ietf.hoeneisen.ch> Mon, 18 March 2019 12:57 UTC

Return-Path: <bernie@ietf.hoeneisen.ch>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5F92131137 for <dmarc@ietfa.amsl.com>; Mon, 18 Mar 2019 05:57:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DRyXDFlNARNN for <dmarc@ietfa.amsl.com>; Mon, 18 Mar 2019 05:57:56 -0700 (PDT)
Received: from softronics.hoeneisen.ch (softronics.hoeneisen.ch [62.2.86.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 34E9813110F for <dmarc@ietf.org>; Mon, 18 Mar 2019 05:57:56 -0700 (PDT)
Received: from localhost ([127.0.0.1]) by softronics.hoeneisen.ch with esmtp (Exim 4.86_2) (envelope-from <bernie@ietf.hoeneisen.ch>) id 1h5rpy-0001RP-29; Mon, 18 Mar 2019 13:57:54 +0100
Date: Mon, 18 Mar 2019 13:57:54 +0100 (CET)
From: Bernie Hoeneisen <bernie@ietf.hoeneisen.ch>
X-X-Sender: bhoeneis@softronics.hoeneisen.ch
To: "Douglas E. Foster" <fosterd@bayviewphysicians.com>
cc: dmarc@ietf.org
In-Reply-To: <1dc451a973a8443a87d37b6e5c41fe38@bayviewphysicians.com>
Message-ID: <alpine.DEB.2.20.1903181355520.5419@softronics.hoeneisen.ch>
References: <1dc451a973a8443a87d37b6e5c41fe38@bayviewphysicians.com>
User-Agent: Alpine 2.20 (DEB 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Mail-From: bernie@ietf.hoeneisen.ch
X-SA-Exim-Scanned: No (on softronics.hoeneisen.ch); SAEximRunCond expanded to false
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/8Aoso76MdhkiNlFdhsg_MZ2Euyk>
Subject: Re: [dmarc-ietf] Email security beyond DMARC?
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Mar 2019 12:58:10 -0000

Hi Doug

On Sat, 16 Mar 2019, Douglas E. Foster wrote:

> I tried to understand what IETF is doing about email security, and this 
> working group seems to be the only surviving effort.  Based on the 
> index, the groups attention is focused on polishing the existing DMARC 
> implementaton rather than plowing new territory.  Given the devastating 
> effect of WannaCry and the success of other email-based attacks, I think 
> our work is far from finished.

You may want to have a look on some upcoming work. We just started a new 
mailing list, which includes the topic of email security:

  MEDUP -- Missing Elements for Decentralized and Usable Privacy

To subscribe:

- https://www.ietf.org/mailman/listinfo/medup

Please find more information on:

- https://mailarchive.ietf.org/arch/msg/medup/mbrbhFekt_srXShzpCa4RiXgPbY

- https://mailarchive.ietf.org/arch/msg/pearg/oBjgAwG3_eoR6tpLQGTE_9OggzQ

The former also includes a list of Internet-Drafts describing the MEDUP 
challenges.


Please be also informated that the LAMPS WG has requested a new work item 
on email header protection to be added to its charter.


Hope that helps!

Best,
  Bernie

--

http://ucom.ch/
Modern Telephony Solutions and Tech Consulting for Internet Technology