IETF Logo Mail Archive

Re: [Endymail] spam versus cleartext

Viktor Dukhovni <ietf-dane@dukhovni.org> Tue, 09 September 2014 16:11 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: endymail@ietfa.amsl.com
Delivered-To: endymail@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32F9B1A7001 for <endymail@ietfa.amsl.com>; Tue, 9 Sep 2014 09:11:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.5
X-Spam-Level:
X-Spam-Status: No, score=-0.5 tagged_above=-999 required=5 tests=[BAYES_05=-0.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AZ4AJez-UPpJ for <endymail@ietfa.amsl.com>; Tue, 9 Sep 2014 09:11:18 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E14701A7004 for <endymail@ietf.org>; Tue, 9 Sep 2014 09:10:40 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id BD48C2AACFF; Tue, 9 Sep 2014 16:10:38 +0000 (UTC)
Date: Tue, 9 Sep 2014 16:10:38 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: endymail@ietf.org
Message-ID: <20140909161038.GW26920@mournblade.imrryr.org>
References: <540AABF8.8000605@cisco.com> <CAMm+Lwh1JJQTOgRN_31b3+oTreeHzntBxx5sNeAFQAwnac9trw@mail.gmail.com> <540C5BE1.6010405@qti.qualcomm.com> <540CCA3E.8020505@qti.qualcomm.com> <alpine.BSF.2.11.1409071906310.16169@joyce.lan> <20140908030941.GT26920@mournblade.imrryr.org> <CAMm+LwhMsx7pGJo_pRPUWj_GqZfD_s78z+KMw_YOZ92LsoExMg@mail.gmail.com> <20140909155541.GF19979@vegoda.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20140909155541.GF19979@vegoda.org>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: http://mailarchive.ietf.org/arch/msg/endymail/Rtr1ATMJr2BezUtIcBwezzi7Lhg
Subject: Re: [Endymail] spam versus cleartext
X-BeenThere: endymail@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: endymail@ietf.org
List-Id: <endymail.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/endymail>, <mailto:endymail-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/endymail/>
List-Post: <mailto:endymail@ietf.org>
List-Help: <mailto:endymail-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/endymail>, <mailto:endymail-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Sep 2014 16:11:20 -0000

On Tue, Sep 09, 2014 at 04:55:41PM +0100, Leo Vegoda wrote:

> > But the certificate issued is only
> > authenticating alice@gmail.com, it isn't authenticating Alice.
> 
> That's quite a subtle distinction. Experience shows that most people
> do not understand the difference between a web browser and a search
> engine[1]. How likely do you think it is that people will understand
> the difference between the authentication of an e-mail address and
> the person controlling that address?

And if I want to send an email with sensitive business materials
to Alice's work email address, I don't expect to securely deliver
it to "Alice", rather it is intended for Alice's "at work" mailbox.

Which is not to say that it might not be interesting to have some
types of keys that are bounnd to a particular person, and allow
that person to establish related identities hosted by various email
providers.

But even then Alice might prefer certain types of messages to be
delivered to some addresses and not to others (Alice's fetish emails
should perhaps not be sent to the office).

So the picture is rather complex, ... Neither a pure "person"
identity nor a pure "role" identity is right for all cases.

-- 
	Viktor.

v2.8.7 | Report a Bug | By Email