IETF Logo Mail Archive

Re: [Endymail] spam versus cleartext

Viktor Dukhovni <ietf-dane@dukhovni.org> Sat, 06 September 2014 14:54 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: endymail@ietfa.amsl.com
Delivered-To: endymail@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BABF91A0416 for <endymail@ietfa.amsl.com>; Sat, 6 Sep 2014 07:54:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CNAARV0K6F4m for <endymail@ietfa.amsl.com>; Sat, 6 Sep 2014 07:54:10 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 934D61A040F for <endymail@ietf.org>; Sat, 6 Sep 2014 07:54:10 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id E58592AB2AC; Sat, 6 Sep 2014 14:54:09 +0000 (UTC)
Date: Sat, 6 Sep 2014 14:54:09 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: endymail@ietf.org
Message-ID: <20140906145409.GI26920@mournblade.imrryr.org>
References: <540AABF8.8000605@cisco.com> <540AFF4F.30407@cs.tcd.ie> <540B0911.9050105@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <540B0911.9050105@cisco.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: http://mailarchive.ietf.org/arch/msg/endymail/--GtDB1cfri5gS9vsARMxEC0duM
Subject: Re: [Endymail] spam versus cleartext
X-BeenThere: endymail@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: endymail@ietf.org
List-Id: <endymail.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/endymail>, <mailto:endymail-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/endymail/>
List-Post: <mailto:endymail@ietf.org>
List-Help: <mailto:endymail-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/endymail>, <mailto:endymail-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Sep 2014 14:54:11 -0000

On Sat, Sep 06, 2014 at 03:16:01PM +0200, Eliot Lear wrote:

> While I think it would be fun to talk with the gentleman about his
> bitcoin thinking, the key part that I intended for this group was the
> situational analysis involving spam and how bad guys behave.

For many users there are parties to their email service that want
to apply additional content security policies beyond the immediate
personal security interests of the user.  Sometimes it is a service
to user (less spam), other times it is corporate security policy
(block malware, detect data leakage, comply with regulatory email
archiving requirements, ...).

This is why I generally think of protecting email as two separate
problems:

	* data in motion
	* data at rest

for data in motion, I am working on more flexibility and security
with STARTTS.  For data at rest, I'd like to see LMTP servers that
support S/MIME encryption at time of final delivery, which still
allows various processing of email before it is deposited into the
mailbox.  This extends PFS to email already delivered before any
warrants are served to intercept content.  Of course it does not
protect email received while under surveillance.

While truly end-to-end email is used already, and may be used more
widely in the future, I don't expect mass adoption, there are many
obstacles beyond just the key management.

-- 
	Viktor.

v2.8.7 | Report a Bug | By Email