Re: [Endymail] spam versus cleartext

[Pete Resnick <presnick@qti.qualcomm.com>]

On 9/7/14 11:09 AM, Dave Crocker wrote:
> On 9/7/2014 6:21 AM, Pete Resnick wrote:
>    
>>    Obviously doing e2e
>> crypto gets you signatures.
>>      
> No it doesn't.  As a matter of practice, it probably will, but the
> technology does not require it.  Sigs are an entirely independent action
> when doing object encryption.
>    

Signatures, just like encryption, are part of cryptography. If you are 
doing cryptography (in the way we normally do so for e2e encryption), 
you can do signatures too. That's all I meant.

>> Since we are blue-skying here, I think it is
>> perfectly plausible to say, "If you want to send me e2e encrypted
>> messages, you also have to send me signed messages,
>>      
> So you want to eliminate anonymous communications?  Anonymity has
> historical importance for some kinds of communication.
>    

Pseudonymity (i.e., a signature that is not attached to a particular 
human identity) may be sufficient for most cases. Doing so would still 
require a prior-to-real-communication step of me allowing that signature 
into my whitelist/contact list/whatever. For my personal email, I am 
perfectly willing to say, "You get two choices: (1) You set up a prior 
relationship with me with your signature, and only then do you get to 
encrypt e2e; or (2) you only get to encrypt as far as my spam scanning 
service."

Now, to take a recent example, the only way for Snowden to contact me 
encrypted, unbrokered, and anonymously would involve a rather 
interesting maneuver to get into my whitelist. But I think I can live 
with that.

>> and you don't or
>> your signature is not in my contacts list already, your encrypted mail
>> is going to bounce." I think it's possible that in the fullness of time,
>> many users go to a contact-list model of email (a la IM) where the mail
>> simply bounces unless it has a signature that is already in the contacts
>> list.
>>      
> The Procrustean bed always makes things simpler, and with only a few,
> uhhh... shortcomings.
>    

Indeed. And that is true of both this future environment where I would 
bounce mail without a required signature, and my current environment 
that requires me (or my agent) to accept, scan, review, and otherwise 
deal with anonymous mail. Each has....shortcomings.

> My point is not that signing is bad or checking against address books is
> bad, but that mandating such things constrains legitimate communication
> in important ways.

Let's not miss the point that we are *currently* constraining legitimate 
communication in important ways, as my weekly hunt through my spam 
folder and my occasional out-of-band, "Why did my mail bounce?" 
complaint amply demonstrate. I choose my tradeoffs, I get the advantages 
and disadvantages of those tradeoffs.

pr

-- 
Pete Resnick<http://www.qualcomm.com/~presnick/>
Qualcomm Technologies, Inc. - +1 (858)651-4478