IETF Logo Mail Archive

Re: [Endymail] spam versus cleartext

"John Levine" <johnl@taugh.com> Sat, 06 September 2014 19:33 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: endymail@ietfa.amsl.com
Delivered-To: endymail@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7BDB51A0167 for <endymail@ietfa.amsl.com>; Sat, 6 Sep 2014 12:33:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.563
X-Spam-Level: *
X-Spam-Status: No, score=1.563 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yCEZ0qadcXrJ for <endymail@ietfa.amsl.com>; Sat, 6 Sep 2014 12:33:39 -0700 (PDT)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C78D31A00C6 for <endymail@ietf.org>; Sat, 6 Sep 2014 12:33:37 -0700 (PDT)
Received: (qmail 52890 invoked from network); 6 Sep 2014 19:33:35 -0000
Received: from miucha.iecc.com (64.57.183.18) by mail1.iecc.com with QMQP; 6 Sep 2014 19:33:35 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=21e5.540b618f.k1409; i=johnl@user.iecc.com; bh=vf0UBDtVp3+l8lbMR8d0FJN9ED+WND031twqVGLfeMY=; b=JHkmiEtTM7a0Wxo05Femxrhb4gBRmOLudfaUdlLUDm+9KOeVGEzhndtWadZ8O7MeJI6H06O+azJ6FPPtObgwVLlUYExTGQpzyHSxxTpQil7llnRQQCccx1epCswEK+ey5dLQPc1t8/qOfvBof1WFGaprH8gqxo2Oq8ddrQVgBLM3h24oZVnMsnj/+29fd8F3R9Tg4Esb76WAZzvVZpmoUeIghz5sRKyHeqFFXYaKQvsYMyCJ0r+yd5TqBOlq83kF
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=21e5.540b618f.k1409; olt=johnl@user.iecc.com; bh=vf0UBDtVp3+l8lbMR8d0FJN9ED+WND031twqVGLfeMY=; b=Fzlxus5dNISSJz7CY5tFdsTyBWwaM7Emobf+SSiJunlhn8LtDxKBR88hEmCPaie/nyU2nN9zWk3Kj5/6MgWHbeTIJh0qdfuVjlxJ5ZSjlARBCuJBx3c59hYFA2IyZHj57hfvePydB6qF7WJfn4FL1q5sEaZb2nTv1/KO8xUtOuezEhcJ/WsUCZ/JJbQHaqwTPqo8eH8ki76S6chQHSYBjgGveJnHhqRlm834Fp7MxP12abrGN1VW0qHepk/9I2QE
Date: 6 Sep 2014 19:33:13 -0000
Message-ID: <20140906193313.8676.qmail@joyce.lan>
From: "John Levine" <johnl@taugh.com>
To: endymail@ietf.org
In-Reply-To: <540B0911.9050105@cisco.com>
Organization:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/endymail/I9n7VSbTlqtKr7fzOseKDo5Cx14
Cc: lear@cisco.com
Subject: Re: [Endymail] spam versus cleartext
X-BeenThere: endymail@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <endymail.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/endymail>, <mailto:endymail-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/endymail/>
List-Post: <mailto:endymail@ietf.org>
List-Help: <mailto:endymail-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/endymail>, <mailto:endymail-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Sep 2014 19:33:40 -0000

>While I think it would be fun to talk with the gentleman about his
>bitcoin thinking, the key part that I intended for this group was the
>situational analysis involving spam and how bad guys behave.

The historical discussion is pretty good, give or take some minor
sequencing errors.  (Web mail is a lot older than he makes it out to
be, for example.)

The bit at the end with bitcoins and reputation bonds is just
nonsense.  (It's longstanding nonsense -- back in 2009, one of
Satoshi's first messages to the cryptography list suggested using them
for epostage, and I responded saying that wasn't likely to be a good
idea, thereby making me a bitcoin pioneer in the eyes of the Wall
Street Journal.)

I will spare you the long rant about why it won't work, but the rant
touches on the facts that bad guys have access to more computing power
than good guys, that bitcoin transactions are not fast and not
inherently cheap, and bad guys are just as creative as good guys and
are good at subverting systems intended to keep them out.

What I think will actually happen is twofold.  Many mail operators
will tell their users that if they let the mail system look at their
mail under tightly controlled conditions (for some definitions of
tight and control) their spam filtering will be a lot better, and
about 95% of the users will say yes.  For free webmail systems, it'll
be a condition of service, since the tight control will include using
the mail contents to target ads.

For the other 5%, strong crypto will presumably include a hard to
forge signature from the sender, so they can whitelist senders with
some painful way to get new senders into your local whitelist.

I think it's a very open question whether E2E crypto on mail will turn
out to be so painful that people won't bother, outside of small
clusters of people who already know each other and so can exchange
keys in ways that are formally hopeless but in practice work OK.

R's,
John

v2.8.7 | Report a Bug | By Email