Re: [Endymail] Another view of the problem and what the IETF could do
Adam Caudill <adam@adamcaudill.com> Tue, 02 September 2014 20:03 UTC
Return-Path: <adam@adamcaudill.com>
X-Original-To: endymail@ietfa.amsl.com
Delivered-To: endymail@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 750A41A06A7
for <endymail@ietfa.amsl.com>; Tue, 2 Sep 2014 13:03:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id p8ZRIjaKvnW9 for <endymail@ietfa.amsl.com>;
Tue, 2 Sep 2014 13:03:43 -0700 (PDT)
Received: from mail-yk0-x234.google.com (mail-yk0-x234.google.com
[IPv6:2607:f8b0:4002:c07::234])
(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id C16A41A0699
for <endymail@ietf.org>; Tue, 2 Sep 2014 13:03:43 -0700 (PDT)
Received: by mail-yk0-f180.google.com with SMTP id 9so4368397ykp.25
for <endymail@ietf.org>; Tue, 02 Sep 2014 13:03:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=adamcaudill.com; s=google;
h=content-type:mime-version:subject:from:in-reply-to:date:cc
:message-id:references:to;
bh=oaF9becFw/M+qbJwd6ytXz3OM7i3PVBoi4lpuiHGWUo=;
b=mGdsb5gYLT7mxUE/LaMX7ANE1AijuK+vl1pm9WkBRMxxYAwNjx6TtrdmzvqsixW/NX
q4Qr2fDeQmJgm6Ynar+EpYoYwlwYNd+Vrscp44ZU8T0j0UGw5HKNfChYYHog1/NaayWq
G1jaaT1/t52lYR+PjSj3UXCZ9rYmf4t6QFMZs=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:content-type:mime-version:subject:from
:in-reply-to:date:cc:message-id:references:to;
bh=oaF9becFw/M+qbJwd6ytXz3OM7i3PVBoi4lpuiHGWUo=;
b=aqFE0+esdRjkhIWVm7VGu4UOI8Plb+7P2FIf6dKcaeXifo8oV+QcxUG2fwB3daILgd
Khip8AUInp6q7Q45WrUY2lK4qs8E1dS5xUPRDd9WpTpvTubG3jmf505LawvpFrr0WdWN
XUJhACAp5vKT44rAWKqpQQAyYKSM6W9Mq8lzuzEiR88lTbh9gT5Dsn9EUPagy/89GwRF
TsZTfPJLzr6T4a8568BBs8I5yJ5fd8tOkE9HbOIH2UdDuWepQ8+P94A3c4yNSszO9Q23
mP6GoZKu+aA/W3yvYR1bPxMOYOFfoHGNqITZ0Uo3MFRRYtBXGG9frQh9J4Fn3QYcUIO7
LL/A==
X-Gm-Message-State: ALoCoQn3T42Abwt0cVtmDoplLemvcQEbJeAQmKPNQuoKZUMXKrzZCIVFiAKqsrPzp1u8AqimBbp6
X-Received: by 10.236.138.198 with SMTP id a46mr4290615yhj.145.1409688222977;
Tue, 02 Sep 2014 13:03:42 -0700 (PDT)
Received: from [10.0.0.4] (c-50-142-69-73.hsd1.tn.comcast.net. [50.142.69.73])
by mx.google.com with ESMTPSA id
n68sm2793592yha.10.2014.09.02.13.03.41 for <multiple recipients>
(version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
Tue, 02 Sep 2014 13:03:42 -0700 (PDT)
Content-Type: multipart/signed;
boundary="Apple-Mail=_71BB6E44-2BD1-4739-B264-B38D29320BFB";
protocol="application/pgp-signature"; micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\))
From: Adam Caudill <adam@adamcaudill.com>
In-Reply-To: <5404A3A3.9050506@cisco.com>
Date: Tue, 2 Sep 2014 16:03:39 -0400
Message-Id: <A8423D66-369A-4511-8A4C-EE4545E49111@adamcaudill.com>
References: <CAHBU6iuxfqs9RszSaJLaTV_obKBCJ9Pzii+t9XANN3q+bJm-3Q@mail.gmail.com>
<5404A3A3.9050506@cisco.com>
To: Eliot Lear <lear@cisco.com>
X-Mailer: Apple Mail (2.1878.2)
Archived-At: http://mailarchive.ietf.org/arch/msg/endymail/5GJmfEC80xSsHySgeS3az_WHido
Cc: Tim Bray <tbray@textuality.com>, endymail@ietf.org
Subject: Re: [Endymail] Another view of the problem and what the IETF could do
X-BeenThere: endymail@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <endymail.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/endymail>,
<mailto:endymail-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/endymail/>
List-Post: <mailto:endymail@ietf.org>
List-Help: <mailto:endymail-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/endymail>,
<mailto:endymail-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Sep 2014 20:03:45 -0000
On Sep 1, 2014, at 12:49 PM, Eliot Lear <lear@cisco.com> wrote: > On 8/27/14, 6:21 PM, Tim Bray wrote: >> >> 1. Find a public key for the user that the sender’s prepared to trust. >> >> This is a big problem. The PGP Web of Trust has failed, and we’ve all heard the griping about the CA biz. Joe Hildebrand mentioned POSH & WebFinger and they’re both interesting. I’m also interested in the notion of a key directory with associated proofs that you don’t have to trust, for example the one from https://keybase.io. In particular see https://keybase.io/docs/server_security >> WORK FOR IETF: Get pro-active on key discovery/trust work? Standardize key search APIs? > > If the IETF could solve but this problem such that it scales to the size of the Internet, everything else on your list would I think fall into place. Unfortunately, key management really wasn't on your list, and that has to be addressed as well. Also, I suspect that email programs probably need to evolve a bit to cope with all of this. Case and point: I'm pretty sure I've lot one or two private keys along the way. And, at least compared to your average Joe, I'm good at this. No matter what the path forward is for secure messaging, key discovery (and reasonable key management) will be the cornerstone. If we don’t have solid public key discovery, then I fear we’ll just end up reinventing PGP. For a system to scale to the same level email as we know it has, there needs to be transparent key discovery so that the average user need not be aware it’s even happening. In the design I’ve been working on, it’s the responsibility of the messaging service provider to host a user directory, with signed updates that senders can use to get the proper key for a user (so, example.com would provide the sender with the info they need to send to bob@example.com). I really think this needs to be a primary focus, and as Tim pointed out, this is something that makes sense for the IETF to work on. If we can establish a solid solution here, I agree completely with Eliot here, the rest will fall into place - and will open the door to many good options. -- Adam Caudill adam@adamcaudill.com http://adamcaudill.com/
- [Endymail] Another view of the problem and what t… Tim Bray
- Re: [Endymail] Another view of the problem and wh… Werner Koch
- Re: [Endymail] Another view of the problem and wh… Arnt Gulbrandsen
- Re: [Endymail] Another view of the problem and wh… Phillip Hallam-Baker
- Re: [Endymail] Another view of the problem and wh… Eliot Lear
- Re: [Endymail] Another view of the problem and wh… Tim Bray
- Re: [Endymail] Another view of the problem and wh… Werner Koch
- Re: [Endymail] Another view of the problem and wh… Werner Koch
- Re: [Endymail] Another view of the problem and wh… Steffen Nurpmeso
- Re: [Endymail] Another view of the problem and wh… Leo Vegoda
- Re: [Endymail] Another view of the problem and wh… Stephen Farrell
- Re: [Endymail] Another view of the problem and wh… Leo Vegoda
- Re: [Endymail] Another view of the problem and wh… Adam Caudill
- Re: [Endymail] Another view of the problem and wh… Phillip Hallam-Baker
- Re: [Endymail] Another view of the problem and wh… Tim Bray
- Re: [Endymail] Another view of the problem and wh… Werner Koch
- Re: [Endymail] Another view of the problem and wh… Stephen Farrell
- Re: [Endymail] Another view of the problem and wh… Werner Koch
- Re: [Endymail] Another view of the problem and wh… Kathleen Moriarty
- Re: [Endymail] Another view of the problem and wh… Phillip Hallam-Baker
- Re: [Endymail] Another view of the problem and wh… Michael Kjörling
- Re: [Endymail] Another view of the problem and wh… Leo Vegoda