Re: [Endymail] We're not done yet
Paul Wouters <paul@nohats.ca> Mon, 17 November 2014 07:34 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: endymail@ietfa.amsl.com
Delivered-To: endymail@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC56E1A01E5 for <endymail@ietfa.amsl.com>; Sun, 16 Nov 2014 23:34:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.594
X-Spam-Level:
X-Spam-Status: No, score=-2.594 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.594] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y7tpcrfSkeML for <endymail@ietfa.amsl.com>; Sun, 16 Nov 2014 23:34:08 -0800 (PST)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 098841A0171 for <endymail@ietf.org>; Sun, 16 Nov 2014 23:34:08 -0800 (PST)
Received: from bofh.nohats.ca (bofh.nohats.ca [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 08372817C1 for <endymail@ietf.org>; Mon, 17 Nov 2014 02:34:06 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1416209647; bh=1kosXseKp518b4FhPtFjpi+XBmWgJlh0mZVUgCOVje8=; h=Date:From:To:Subject:In-Reply-To:References; b=dD8ZWcCyIRDoBIZe1AsGDWEH2s5bIXDUVjcyH+kP7EiyxK3D8t82AHtOdRg/nB7ab BQeccyuJk79F78W+0MQefF8bMjmTtEHIqdDDfz+n+De1DhmEG6UajtLnY3N3OMD3U/ 4p1gY6vHbE0UocKQDvxOQjuPGotvkrUIP3yFZmB0=
Received: from localhost (paul@localhost) by bofh.nohats.ca (8.14.7/8.14.7/Submit) with ESMTP id sAH7Y6uo012712 for <endymail@ietf.org>; Mon, 17 Nov 2014 02:34:06 -0500
X-Authentication-Warning: bofh.nohats.ca: paul owned process doing -bs
Date: Mon, 17 Nov 2014 02:34:06 -0500
From: Paul Wouters <paul@nohats.ca>
To: endymail@ietf.org
In-Reply-To: <20141117072536.GY13179@mournblade.imrryr.org>
Message-ID: <alpine.LFD.2.10.1411170229450.7218@bofh.nohats.ca>
References: <CACsn0ck-bueehMDjgx-Co=bL0pLkeJM=Fqc0T_SDT4bdX4nzPg@mail.gmail.com> <20141117063948.GX13179@mournblade.imrryr.org> <alpine.LFD.2.10.1411170150290.7218@bofh.nohats.ca> <20141117072536.GY13179@mournblade.imrryr.org>
User-Agent: Alpine 2.10 (LFD 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
Archived-At: http://mailarchive.ietf.org/arch/msg/endymail/MPy7G00_f8e-a52g5mC2yEF4Dlc
Subject: Re: [Endymail] We're not done yet
X-BeenThere: endymail@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <endymail.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/endymail>, <mailto:endymail-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/endymail/>
List-Post: <mailto:endymail@ietf.org>
List-Help: <mailto:endymail-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/endymail>, <mailto:endymail-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Nov 2014 07:34:12 -0000
On Mon, 17 Nov 2014, Viktor Dukhovni wrote: > The client does not know whether these are safely treated as the > same address, so should only query for the address it is sending > to as-is. Any variant equivalent lookup keys should be created at > the receving domain. So there's only one lookup. Well, that's a nice theory. Now in practise what happens is that SMTP servers really don't have different accounts for LHS that are only different in case. And we have the issue of too many phone input boxes and webforms automatically capitalizing names. I just happened to me today on my phone, so it send email to Paul@nohats.ca. If those are different people those people are going to end up with each others email already. So the problem will not be worse. > Users likely also need to store old private keys forever so that > old mail can still be read. The complete architecture for encrypted > email has many parts we're not making explicit, but all have a > bearing on key management requirements for MUAs. I'd call that out of scope. I think of OPENPGKEY as a transport plus data in rest protection while in-transit. Once the final enduser gets the email, I expect their email client to decrypt it and store it locally, so it remains searchable, indexable, etc. I also expect them to use full disk encryption to protect all their email. This method does not require keeping old private keys. Paul
- Re: [Endymail] We're not done yet Viktor Dukhovni
- [Endymail] We're not done yet Watson Ladd
- Re: [Endymail] We're not done yet Paul Wouters
- Re: [Endymail] We're not done yet Viktor Dukhovni
- Re: [Endymail] We're not done yet Paul Wouters
- Re: [Endymail] We're not done yet Viktor Dukhovni
- Re: [Endymail] We're not done yet Watson Ladd
- Re: [Endymail] We're not done yet Viktor Dukhovni
- Re: [Endymail] We're not done yet Stephen Farrell
- Re: [Endymail] We're not done yet carlo von lynX
- Re: [Endymail] We're not done yet Dave Crocker