Re: [Endymail] spam versus cleartext

Viktor Dukhovni <ietf-dane@dukhovni.org> Sun, 07 September 2014 14:34 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: endymail@ietfa.amsl.com
Delivered-To: endymail@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 833861A0503 for <endymail@ietfa.amsl.com>; Sun, 7 Sep 2014 07:34:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XRpZlp8mu7hl for <endymail@ietfa.amsl.com>; Sun, 7 Sep 2014 07:34:11 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 886C61A04B9 for <endymail@ietf.org>; Sun, 7 Sep 2014 07:34:11 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 5EA152AB2C0; Sun, 7 Sep 2014 14:34:10 +0000 (UTC)
Date: Sun, 7 Sep 2014 14:34:10 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: endymail@ietf.org
Message-ID: <20140907143410.GN26920@mournblade.imrryr.org>
References: <540AABF8.8000605@cisco.com> <540C5BE1.6010405@qti.qualcomm.com> <540C6731.7040805@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <540C6731.7040805@gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: http://mailarchive.ietf.org/arch/msg/endymail/S9ZN8GCPBLDN6DcdA_yAWzdO50o
Subject: Re: [Endymail] spam versus cleartext
X-BeenThere: endymail@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: endymail@ietf.org
List-Id: <endymail.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/endymail>, <mailto:endymail-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/endymail/>
List-Post: <mailto:endymail@ietf.org>
List-Help: <mailto:endymail-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/endymail>, <mailto:endymail-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Sep 2014 14:34:12 -0000

On Sun, Sep 07, 2014 at 07:09:53AM -0700, Dave Crocker wrote:

> > Since we are blue-skying here, I think it is
> > perfectly plausible to say, "If you want to send me e2e encrypted
> > messages, you also have to send me signed messages, 
> 
> So you want to eliminate anonymous communications?  Anonymity has
> historical importance for some kinds of communication.

Signatures can be pseudonymous.  In the scheme Phillip proposed,
where whitelisting for encryption is an action akin to adding to
the contact list or replying with an attached key, ...  There is
nothing that requires Alice's signature to assert her "true"
identity.

Since email already carries identifying information in the form of
the reply mailbox address (also pseudonymous).  The signature does
not add new constraints.  Thus to send mail that is encrypted all
the way to the user, not just the gateway, the sender needs a
pseudonymous mailbox with an associated signature plus a willingness
by the recipient to whitelist an initial communication that is not
e2e.

-- 
	Viktor.