IETF Logo Mail Archive

Re: [Endymail] spam versus cleartext

Phillip Hallam-Baker <phill@hallambaker.com> Sat, 06 September 2014 16:23 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: endymail@ietfa.amsl.com
Delivered-To: endymail@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7AC731A048D for <endymail@ietfa.amsl.com>; Sat, 6 Sep 2014 09:23:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 03zOQ5Lhhoz1 for <endymail@ietfa.amsl.com>; Sat, 6 Sep 2014 09:23:03 -0700 (PDT)
Received: from mail-la0-x22f.google.com (mail-la0-x22f.google.com [IPv6:2a00:1450:4010:c03::22f]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 38F3D1A045C for <endymail@ietf.org>; Sat, 6 Sep 2014 09:23:03 -0700 (PDT)
Received: by mail-la0-f47.google.com with SMTP id el20so6965427lab.34 for <endymail@ietf.org>; Sat, 06 Sep 2014 09:23:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=Q/l3pPcMhBIcxOTJ4gNeuXBseFf2tJibZP1jtq5Z2X8=; b=CPcKLXMkEPE/z2tkL8d+1PUyAXoAH5tOhzI5DNJImQAj44T4gD4FpUtqX120Pd5UhV JiI2Cv64HRru4Hz2iFzwcRTVxEKAVxhBEN/qmBUXbvqgB40lEbl+PDnnX/JfHLcz1woQ /rNihSs9sqWTMQiJBaBzrAaUjqrFZIsBWWMW0WF9e7pbqw19oRu1xlqjiH14uXN+aozq F++Ab1KNBFSSiSX+x+i9OUojMll4va4JGvXOqO5T3rN3Kbp1hKrgKng2T29Mrt5128Kl NHMeIlghh6GmHNah4tAnqNzhSM5NIw9dyHYjmI2o0CEf4Io2cfcoYezBCfKXsGevnxT8 euUQ==
MIME-Version: 1.0
X-Received: by 10.152.19.5 with SMTP id a5mr18459972lae.21.1410020581431; Sat, 06 Sep 2014 09:23:01 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.122.50 with HTTP; Sat, 6 Sep 2014 09:23:01 -0700 (PDT)
In-Reply-To: <540B0911.9050105@cisco.com>
References: <540AABF8.8000605@cisco.com> <540AFF4F.30407@cs.tcd.ie> <540B0911.9050105@cisco.com>
Date: Sat, 6 Sep 2014 12:23:01 -0400
X-Google-Sender-Auth: -JzYUDXAbwdv1Ugg01JoRKgKFwY
Message-ID: <CAMm+LwjBKV9t0KsjpnuE27USNm-Df_8PJuZ2zodCy5e3qFcyJw@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Eliot Lear <lear@cisco.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: http://mailarchive.ietf.org/arch/msg/endymail/_et3hZQRrV2ysXb6IueB0StYAPc
Cc: endymail <endymail@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [Endymail] spam versus cleartext
X-BeenThere: endymail@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <endymail.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/endymail>, <mailto:endymail-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/endymail/>
List-Post: <mailto:endymail@ietf.org>
List-Help: <mailto:endymail-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/endymail>, <mailto:endymail-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Sep 2014 16:23:04 -0000

On Sat, Sep 6, 2014 at 9:16 AM, Eliot Lear <lear@cisco.com> wrote:
> Hi Stephen,
>
> While I think it would be fun to talk with the gentleman about his bitcoin
> thinking, the key part that I intended for this group was the situational
> analysis involving spam and how bad guys behave.

Well spam prevention is where a lot of the proof of work stuff got its start.


I don't have an implementation for this yet but this is my strategy

* An endy-key is a key that is held by an end user at their device.

* All mail is encrypted at the message layer when possible but not all
mail is encrypted under an endy-key.

* Domains may publish keys for use where an endy-key is not available
or use is not authorized.


* Use of an endy-key has to be specifically authorized. This is
because (1) I have to read my mail on every device I use and that
isn't practical till I can install decryption keys easily and (2) to
enable abuse filtering.

* The only normal user interaction here would be identifying mail as spam.

* Users with really extreme privacy concerns like Greenwald/Snowden
might exchange per user endykeys but this would be the exception, not
the rule.

v2.8.7 | Report a Bug | By Email