Re: [Endymail] Off we go...
Viktor Dukhovni <ietf-dane@dukhovni.org> Wed, 27 August 2014 15:58 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: endymail@ietfa.amsl.com
Delivered-To: endymail@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 202DA1A0AF8
for <endymail@ietfa.amsl.com>; Wed, 27 Aug 2014 08:58:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.8
X-Spam-Level:
X-Spam-Status: No, score=0.8 tagged_above=-999 required=5 tests=[BAYES_50=0.8]
autolearn=ham
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 9zCNHWY-gR3N for <endymail@ietfa.amsl.com>;
Wed, 27 Aug 2014 08:58:43 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19])
(using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 7BC371A0AEF
for <endymail@ietf.org>; Wed, 27 Aug 2014 08:58:43 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034)
id 215A52AB2C0; Wed, 27 Aug 2014 15:58:42 +0000 (UTC)
Date: Wed, 27 Aug 2014 15:58:42 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: endymail@ietf.org
Message-ID: <20140827155841.GO14392@mournblade.imrryr.org>
References: <53FD0B7D.8070705@qti.qualcomm.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <53FD0B7D.8070705@qti.qualcomm.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: http://mailarchive.ietf.org/arch/msg/endymail/Fv0bwpuIjwBY7hbj_OsG4oaAR7c
Subject: Re: [Endymail] Off we go...
X-BeenThere: endymail@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: endymail@ietf.org
List-Id: <endymail.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/endymail>,
<mailto:endymail-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/endymail/>
List-Post: <mailto:endymail@ietf.org>
List-Help: <mailto:endymail-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/endymail>,
<mailto:endymail-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Aug 2014 15:58:45 -0000
On Tue, Aug 26, 2014 at 03:34:37PM -0700, Pete Resnick wrote: > So off we go... What projects are folks working on, and what should the IETF > be doing in this space? If we get the email backbone broadly protected with TLS, the greatest remaining risk is data at rest (messages delivered to the user's mailbox). For me, the first step towards protecting messages at rest, is to encrypt them on delivery to the message store, where key management is simplest, because that store only needs the public keys of the recipient. So I'd like to see support for delivery-time encryption in LMTP servers (dovecot, ...). This gets the recipient's mail protected in storage regardless of the payload encryption capabilities of the sender. Yes, this is not an end-to-end mechanism, and it may be too late if at some point en-route the message was transmitted in the clear. Such support can gradually be moved closer to the edge, with payload encryption at the inbound gateway (roughly as far as many enterprises can allow it, since otherwise they lose visibility into the message content for anti-virus, data-leakage, regulatory archiving, ...). Beyond inbound gateway encryption, there is also an opportunity for gateway-to-gateway message encryption, but frankly I don't see much reason to do that rather than TLS. Finally, there is an opportunity to have end-to-end payload encryption, but seemingly at the cost of many of the features for which users trade-in their privacy with the major consumer email providers. Server-side anti-spam and search for example. With today's technologies we know that "Johnny can't encrypt", if we improve the technology, what will it take for "Johnny" to be willing to encrypt? What's the sweet-spot for protection of messages at rest that does not unacceptably impact usability? Unlike IM conversations, that users expect to be largely ephemeral, people tend to "hoard" email as a long-term record of communication. So with each technology or design discussed on this list, perhaps it might be helpful to understand where it fits into the protection spectrum and what are the usability trade-offs and the target audience. My take, is that with mobile devices and the like, which do not attempt to maintain a complete locally searchable archive of email (as one might with IMAP on a dedicated personal computer) there is strong incentive for email content management at the server, and end-to-end just can't compete. The usability constraints may be far too tight. I don't use any of the major providers for email, and don't synchronize smart-phones and the like to my self-hosted IMAP mailbox. So I can work with the quite decent search and anti-spam capabilities in the desktop/laptop IMAP client. I am very much the exception to the rule. So I am somewhat skeptical that the competing demands in this space can be met simultaneously, and my guess is that usability will win hands down for most users. It would be nice for my hunch to be proved wrong. -- Viktor.
- [Endymail] Off we go... Pete Resnick
- Re: [Endymail] Off we go... Tom Ritter
- Re: [Endymail] Off we go... Phillip Hallam-Baker
- Re: [Endymail] Off we go... Joe Hildebrand (jhildebr)
- Re: [Endymail] Off we go... Viktor Dukhovni
- Re: [Endymail] Off we go... Michael Kjörling
- Re: [Endymail] Off we go... Cyrus Daboo
- Re: [Endymail] Off we go... Frank Li
- Re: [Endymail] Off we go... Phillip Hallam-Baker
- Re: [Endymail] Off we go... Leo Vegoda
- Re: [Endymail] Off we go... Werner Koch
- Re: [Endymail] Off we go... Adam Caudill