IETF Logo Mail Archive

Re: [Endymail] spam versus cleartext

Leo Vegoda <leo@vegoda.org> Tue, 09 September 2014 15:55 UTC

Return-Path: <leo@vegoda.org>
X-Original-To: endymail@ietfa.amsl.com
Delivered-To: endymail@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2BE2E1A6FF3 for <endymail@ietfa.amsl.com>; Tue, 9 Sep 2014 08:55:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9p-5LtsWFf64 for <endymail@ietfa.amsl.com>; Tue, 9 Sep 2014 08:55:49 -0700 (PDT)
Received: from mail-we0-f179.google.com (mail-we0-f179.google.com [74.125.82.179]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4469E1A6FF6 for <endymail@ietf.org>; Tue, 9 Sep 2014 08:55:46 -0700 (PDT)
Received: by mail-we0-f179.google.com with SMTP id u56so3188641wes.24 for <endymail@ietf.org>; Tue, 09 Sep 2014 08:55:45 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-type:content-disposition:in-reply-to :user-agent; bh=PiDkobs4fk88L3hjE3Kf2RuUvqYLjIY07WDMLnoy+l4=; b=AFy/sWVz9SoRd57sDnORzgkA7DbKhs6+QgOlx7YCJvU+NcedN0hgpdLr9kOYDtXxJr 76eLS+M7e5JCDkjjXWZ7C8VLxPha9an/FsAEtD4VYO/tY4P6IPiIvoGE1SwVT5oa5bWn 6P7rL92RVMvtCOUevkc2JgBlbgDRSQ/XOhyzOaRD7v3DQxMtg8Rm4cyOWF4Niri3gqEY u4ZGg7MYMi4mbLDZZqGMIN/YA/ZIeTBAHD7v41ZFztxuHSM1bmQ+RTocl2Id0ftFHtMy WDkIL0owKvlM5XTm8V+faSpAK6yjiKiRYENyAnIeB3FdSXWU5ujbS6yFbvIwzSfeFZaz mioQ==
X-Gm-Message-State: ALoCoQlaNvgkyWFUpiX2RZTBzFseH+Y5LtIJ+wbPvJCxlrjJ9LDi71+YE8XngWHIogNpAh+B+l0T
X-Received: by 10.194.6.195 with SMTP id d3mr5798408wja.107.1410278145549; Tue, 09 Sep 2014 08:55:45 -0700 (PDT)
Received: from vegoda.org (vps.ldn.vegoda.org. [2001:67c:1b8:100f::2]) by mx.google.com with ESMTPSA id dc9sm16056771wib.5.2014.09.09.08.55.44 for <multiple recipients> (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Tue, 09 Sep 2014 08:55:44 -0700 (PDT)
Date: Tue, 9 Sep 2014 16:55:41 +0100
From: Leo Vegoda <leo@vegoda.org>
To: Phillip Hallam-Baker <phill@hallambaker.com>
Message-ID: <20140909155541.GF19979@vegoda.org>
References: <540AABF8.8000605@cisco.com> <CAMm+Lwh1JJQTOgRN_31b3+oTreeHzntBxx5sNeAFQAwnac9trw@mail.gmail.com> <540C5BE1.6010405@qti.qualcomm.com> <540CCA3E.8020505@qti.qualcomm.com> <alpine.BSF.2.11.1409071906310.16169@joyce.lan> <20140908030941.GT26920@mournblade.imrryr.org> <CAMm+LwhMsx7pGJo_pRPUWj_GqZfD_s78z+KMw_YOZ92LsoExMg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <CAMm+LwhMsx7pGJo_pRPUWj_GqZfD_s78z+KMw_YOZ92LsoExMg@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: http://mailarchive.ietf.org/arch/msg/endymail/0Hpu8EP2Xg15H75807FlgCUyyd0
Cc: endymail <endymail@ietf.org>
Subject: Re: [Endymail] spam versus cleartext
X-BeenThere: endymail@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <endymail.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/endymail>, <mailto:endymail-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/endymail/>
List-Post: <mailto:endymail@ietf.org>
List-Help: <mailto:endymail-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/endymail>, <mailto:endymail-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Sep 2014 15:55:53 -0000

On Mon, Sep 08, 2014 at 09:53:34AM -0400, Phillip Hallam-Baker wrote:

[...]

> But the certificate issued is only
> authenticating alice@gmail.com, it isn't authenticating Alice.

That's quite a subtle distinction. Experience shows that most people
do not understand the difference between a web browser and a search
engine[1]. How likely do you think it is that people will understand
the difference between the authentication of an e-mail address and
the person controlling that address?

Leo

[1] https://www.youtube.com/watch?v=o4MwTvtyrUQ

v2.8.7 | Report a Bug | By Email