Re: [Endymail] We're not done yet
Watson Ladd <watsonbladd@gmail.com> Tue, 18 November 2014 05:11 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: endymail@ietfa.amsl.com
Delivered-To: endymail@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C7361AD0C9 for <endymail@ietfa.amsl.com>; Mon, 17 Nov 2014 21:11:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dYcKlz8B_FIx for <endymail@ietfa.amsl.com>; Mon, 17 Nov 2014 21:11:03 -0800 (PST)
Received: from mail-yk0-x231.google.com (mail-yk0-x231.google.com [IPv6:2607:f8b0:4002:c07::231]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2A9701AD10A for <endymail@ietf.org>; Mon, 17 Nov 2014 21:11:03 -0800 (PST)
Received: by mail-yk0-f177.google.com with SMTP id 9so4703883ykp.22 for <endymail@ietf.org>; Mon, 17 Nov 2014 21:11:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=uaStfQFlFq2mYhWTJXeEG6LUbVXtX5F+qBFTKIAIS2o=; b=YHZ+1Zjq3GFZg19E5vaEi6LoTcTKk4I+jabBvZsX27ss5nLLAFnMRUbGuqL08KJugM G3opGzntKej5WsrgINe4YdNrs+lggENBW5qHPQQzJHosKj8k774Vcn+k75xNgmdalTaa PpVygt1I3kS7hWKYDhX/Kwp2KDrNOLlt++KhGPxIPyDhUdZXrQvZq6GOTIs0RQxveelA FCiyOWslbZid55rIuxhRb4j4Fp7W5Em20K+7+BHxc54D1dkAUQv9kXJLk1NdH6Kf6xSi /nrG6ApKpZGQKK4/NLBlNLeVV++W1eLTm4hH+ryEuZSdaW132udiXBXLolN23G7fytwQ DYDA==
MIME-Version: 1.0
X-Received: by 10.170.125.146 with SMTP id r140mr18781ykb.122.1416287462149; Mon, 17 Nov 2014 21:11:02 -0800 (PST)
Received: by 10.170.195.203 with HTTP; Mon, 17 Nov 2014 21:11:02 -0800 (PST)
In-Reply-To: <20141117074941.GA13179@mournblade.imrryr.org>
References: <CACsn0ck-bueehMDjgx-Co=bL0pLkeJM=Fqc0T_SDT4bdX4nzPg@mail.gmail.com> <20141117063948.GX13179@mournblade.imrryr.org> <alpine.LFD.2.10.1411170150290.7218@bofh.nohats.ca> <20141117072536.GY13179@mournblade.imrryr.org> <alpine.LFD.2.10.1411170229450.7218@bofh.nohats.ca> <20141117074941.GA13179@mournblade.imrryr.org>
Date: Mon, 17 Nov 2014 21:11:02 -0800
Message-ID: <CACsn0cmbjTMR__Fh_Z6i=_Ky8z5XPaqUu5NZetVJW0YYnpOC1A@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: endymail <endymail@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/endymail/NmSIlk6lBn8P4hlKQ1tDbVCFJXc
Subject: Re: [Endymail] We're not done yet
X-BeenThere: endymail@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <endymail.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/endymail>, <mailto:endymail-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/endymail/>
List-Post: <mailto:endymail@ietf.org>
List-Help: <mailto:endymail-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/endymail>, <mailto:endymail-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Nov 2014 05:11:05 -0000
On Sun, Nov 16, 2014 at 11:49 PM, Viktor Dukhovni <ietf-dane@dukhovni.org> wrote: > On Mon, Nov 17, 2014 at 02:34:06AM -0500, Paul Wouters wrote: > >> >Users likely also need to store old private keys forever so that >> >old mail can still be read. The complete architecture for encrypted >> >email has many parts we're not making explicit, but all have a >> >bearing on key management requirements for MUAs. >> >> I'd call that out of scope. I think of OPENPGKEY as a transport plus >> data in rest protection while in-transit. Once the final enduser gets >> the email, I expect their email client to decrypt it and store it >> locally, so it remains searchable, indexable, etc. I also expect them >> to use full disk encryption to protect all their email. This method >> does not require keeping old private keys. > > It is out of scope for the DANE SMIMEA and OPENPGP documents, but > it is not out of scope for an architecture or requirements document. > The pieces have to fit together. Provide mechanism not policy. How MUAs decide to handle old messages and keys isn't really relevant, nor should we force changes from existing practice: people already have keys they will want to use with whatever system for discovering keys we make. Do architecture and requirements documents actually work? Or do they end up overcomplicating solutions, as designers attempt to address things that maybe should be punted on, as they cost too much to implement? They certainly don't help with analysis: the requirements documents may be wrong themselves! > > Decrypted local storage is a fine model. We need more MUAs that > support that mode of operation. We also need to consider the > implications for sign-then-encrypt vs. encrypt-then-sign, and how > signature validation status is retained. Yes, of course not in > the DANE-specific documents, but these should be part of a more > complete architecture (IIRC something along those lines is an argument > that PHB is making). The correct construction is sign-then-encrypt. However, it could be that authenticated encryption is a better idea, but S/MIME and PGP do not support this. One weakness of DNS vs. HTTPS is that HTTPS works in javascript for browser extensions, while DNS data access may be an issue. I understand Google wants to put PGP in the browser: the easiest way to access keys would then be via HTTPS at a well-known URL. However, a DANE-to-Web bridge shouldn't be that much of a pain if needed. This minor, probably wrong, technical point, underscores a broader deployability issue. Success of e2e email depends on everyone in the world doing something. I'd be more confident in our getting this right if people who understood the limitations and possibilities of webmail better would participate in the discussion, or if we had running code for whatever solution was being proposed. Sincerely, Watson Ladd > > -- > Viktor. > > _______________________________________________ > Endymail mailing list > Endymail@ietf.org > https://www.ietf.org/mailman/listinfo/endymail -- "Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety." -- Benjamin Franklin
- Re: [Endymail] We're not done yet Viktor Dukhovni
- [Endymail] We're not done yet Watson Ladd
- Re: [Endymail] We're not done yet Paul Wouters
- Re: [Endymail] We're not done yet Viktor Dukhovni
- Re: [Endymail] We're not done yet Paul Wouters
- Re: [Endymail] We're not done yet Viktor Dukhovni
- Re: [Endymail] We're not done yet Watson Ladd
- Re: [Endymail] We're not done yet Viktor Dukhovni
- Re: [Endymail] We're not done yet Stephen Farrell
- Re: [Endymail] We're not done yet carlo von lynX
- Re: [Endymail] We're not done yet Dave Crocker