IETF Logo Mail Archive

Re: [Endymail] where's the end, was spam versus cleartext

"John Levine" <johnl@taugh.com> Sun, 07 September 2014 17:54 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: endymail@ietfa.amsl.com
Delivered-To: endymail@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0A791A048F for <endymail@ietfa.amsl.com>; Sun, 7 Sep 2014 10:54:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.563
X-Spam-Level: *
X-Spam-Status: No, score=1.563 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HzlS57cEq-7R for <endymail@ietfa.amsl.com>; Sun, 7 Sep 2014 10:54:49 -0700 (PDT)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B31641A048C for <endymail@ietf.org>; Sun, 7 Sep 2014 10:54:48 -0700 (PDT)
Received: (qmail 71073 invoked from network); 7 Sep 2014 17:54:46 -0000
Received: from miucha.iecc.com (64.57.183.18) by mail1.iecc.com with QMQP; 7 Sep 2014 17:54:46 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=3b4f.540c9be6.k1409; i=johnl@user.iecc.com; bh=TLxCc6plNYYTslTh2ad8CVxqV/3fU+sewfnWdLEhtzI=; b=D1U9sg9SFjFKYFZqcNihFiDEANIy4xdbQKWcObNcGIh8rf0be500i0bMJRSBUx4r6AxahOISLNgc8XdSBr9jVYsJrYb0Cg3Obpun9uVtrHEoIFD4AoYhIFgBFesbMxxvkfR9CQaabqWD8LKnsCrChCcCRjRwQTT7Y3vBzlDpUKFekWF1ow8Szn0fNupoTFrIX7fXNBfp8MjVYM5HEDOZzPBctlC1anYHHPjyoQn9scjyqmW/GdePuYsBjLpLkEMX
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=3b4f.540c9be6.k1409; olt=johnl@user.iecc.com; bh=TLxCc6plNYYTslTh2ad8CVxqV/3fU+sewfnWdLEhtzI=; b=xepHe6ImJ+2fS437VmP00Qkkt0MdG7rqnccgkaS2Qn0qIT6+Y+ir5TVlT7VB4Sw7xKK0nGBMcuYRPQtCoZAkpzMUrfh9V9hBrDfJW7XRGWVkUND9fbGk8GGjyQUS6XI4ygYHgFkX9M8xCmMkxisax6EgRAUrjemJ/fARQBfA6Tgf1vMwtK1xTftcT7sURlrVKE3b/PryEVLYXS4GqXYEOSs0/twYG/vZgzr/yWmxCDH2LdtZGBaLJ9yFxPxjUxxG
Date: 7 Sep 2014 17:54:24 -0000
Message-ID: <20140907175424.15182.qmail@joyce.lan>
From: "John Levine" <johnl@taugh.com>
To: endymail@ietf.org
In-Reply-To: <CB73389C55B1C9BC50D5E016@cyrus-3.local>
Organization:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/endymail/SBhRDq2Zg8R0V1wzek6MoIzpYvk
Cc: cyrus@daboo.name
Subject: Re: [Endymail] where's the end, was spam versus cleartext
X-BeenThere: endymail@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <endymail.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/endymail>, <mailto:endymail-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/endymail/>
List-Post: <mailto:endymail@ietf.org>
List-Help: <mailto:endymail-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/endymail>, <mailto:endymail-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Sep 2014 17:54:50 -0000

>True - which likely means you are going to want your desktop client to 
>always be on and actively filtering your email so the mobile device is not 
>forced to download something that will eventually get removed. That 
>basically implies you are running a server (though you could call it an 
>"agent") on your desktop and would want guarantees of uptime, etc. That is 
>basically only a small step away from running your own mail server...

This sounds very unlike a design that has any chance of being
implemented for millions of civilians.

My daughter has a laptop that she carries between her apartment where
she uses it on the building's shared broadband, and her school where
she uses it on the school's network.  She uses a Gmail account, which
she also checks from her phone, particularly when she's in transit and
the laptop is turned off.  At a company where I consult, there's a
similar setup, they give everyone a laptop which they use on their
desk, typically with an external screen, mouse, and keyboard, and can
and do take home or on trips.  So there isn't anything on which to
usefully run a mail server.

It seems to me that for any sort of E2E encryption, each user is going
to have some computer somewhere that they have to trust to hold the
keys and do the decryption.  Different people will make different
decisions about which computer that is, and it's not always going to
one they can physically touch.  A lot of people are likely to decide
that their mail provider is reliable enough to use as their end.

v2.8.7 | Report a Bug | By Email