IETF Logo Mail Archive

Re: [Endymail] spam versus cleartext

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Sun, 07 September 2014 15:10 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: endymail@ietfa.amsl.com
Delivered-To: endymail@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A65C1A00D2 for <endymail@ietfa.amsl.com>; Sun, 7 Sep 2014 08:10:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.7
X-Spam-Level:
X-Spam-Status: No, score=0.7 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Yi9ptlYpT2p0 for <endymail@ietfa.amsl.com>; Sun, 7 Sep 2014 08:10:27 -0700 (PDT)
Received: from mail-qa0-x233.google.com (mail-qa0-x233.google.com [IPv6:2607:f8b0:400d:c00::233]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D41561A0412 for <endymail@ietf.org>; Sun, 7 Sep 2014 08:10:26 -0700 (PDT)
Received: by mail-qa0-f51.google.com with SMTP id j7so12813480qaq.24 for <endymail@ietf.org>; Sun, 07 Sep 2014 08:10:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-type:mime-version:subject:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=W0XbkCp9DF6U2lW3OCudRaDUoAtcf8gggaqNnQhoXzI=; b=a7TpirQNLqWeuoPd+zcPVZ2gbqa9Q7LsBFgovs9I9diHcVmzOARkXVtE/W0CVxvEia R/mXPovPtmOBKgPF6ap3wKEMYxn+5p11qH7O3H2IP77pUEM3JvM38TnhyxA394SmHtQI 1PzgY4TBkeVuV51KCp9IrUWLokifo7smWJ45CDjrcMGR1GJH9XYgeHpDDLlU4BCokwsA Z+4vz0ggZxCaTiBugRuNn6D2rmuRgur0Hvd4Yv3wz/9ydZQofjG04FTXdmvF8XnpqDY1 KP0CXOZfKYVvLTlqofrpsbc6mg2OF2+UbX9tg4ClYR0STd2fn5Ca7x3vRMJP+2Hj0I+W dMBg==
X-Received: by 10.229.57.138 with SMTP id c10mr1856414qch.30.1410102625960; Sun, 07 Sep 2014 08:10:25 -0700 (PDT)
Received: from [192.168.1.3] (209-6-114-252.c3-0.arl-ubr1.sbo-arl.ma.cable.rcn.com. [209.6.114.252]) by mx.google.com with ESMTPSA id y7sm5242086qgd.49.2014.09.07.08.10.24 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 07 Sep 2014 08:10:24 -0700 (PDT)
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
X-Google-Original-From: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (1.0)
X-Mailer: iPhone Mail (11D257)
In-Reply-To: <CAMm+Lwh1JJQTOgRN_31b3+oTreeHzntBxx5sNeAFQAwnac9trw@mail.gmail.com>
Date: Sun, 7 Sep 2014 11:10:25 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <29088157-04F4-4E22-A604-A35C3B217C98@gmail.com>
References: <540AABF8.8000605@cisco.com> <540C5BE1.6010405@qti.qualcomm.com> <CAMm+Lwh1JJQTOgRN_31b3+oTreeHzntBxx5sNeAFQAwnac9trw@mail.gmail.com>
To: Phillip Hallam-Baker <phill@hallambaker.com>
Archived-At: http://mailarchive.ietf.org/arch/msg/endymail/aNcexsDrQ9AXxUlq5rFV59oWMBo
Cc: Pete Resnick <presnick@qti.qualcomm.com>, Eliot Lear <lear@cisco.com>, endymail <endymail@ietf.org>
Subject: Re: [Endymail] spam versus cleartext
X-BeenThere: endymail@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <endymail.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/endymail>, <mailto:endymail-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/endymail/>
List-Post: <mailto:endymail@ietf.org>
List-Help: <mailto:endymail-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/endymail>, <mailto:endymail-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Sep 2014 15:10:33 -0000


Sent from my iPhone

> On Sep 7, 2014, at 10:09 AM, Phillip Hallam-Baker <phill@hallambaker.com> wrote:
> 
>> On Sun, Sep 7, 2014 at 9:21 AM, Pete Resnick <presnick@qti.qualcomm.com> wrote:
>>> On 9/6/14 3:38 AM, Eliot Lear wrote:
>>> 
>>> In the early days fo perpass we had lengthy discussions about the
>>> tension between privacy and ability of security systems to reduce spam.
>>> Below is an article from a gentleman who used to work at Google, which I
>>> thought this group might find interesting.
>>> 
>>> https://moderncrypto.org/mail-archive/messaging/2014/000780.html
>> 
>> 
>> Along similar lines to what John Levine said,: Obviously doing e2e crypto
>> gets you signatures. Since we are blue-skying here, I think it is perfectly
>> plausible to say, "If you want to send me e2e encrypted messages, you also
>> have to send me signed messages, and you don't or your signature is not in
>> my contacts list already, your encrypted mail is going to bounce." I think
>> it's possible that in the fullness of time, many users go to a contact-list
>> model of email (a la IM) where the mail simply bounces unless it has a
>> signature that is already in the contacts list.
> 
> 
> I think that is right, but not the whole picture.
> 
> I see endymail as a subset of mail. All mail should be encrypted at
> the message layer but only whitelisted mail would be e2e encrypted.
It seems the point of the original posting may have been lost.  Folks are jumping right back to solution design instead of thinking through operational costs of various approaches.  How does handing not only spam, but other attack like phishing and spear phishing evolve when e2e messaging is the norm?  We may have increased privacy, but have we helped the attacker?  End points/users can't address these and other attacks on their own.  We need to think through operational practices and try to understand how changes will effect these practices to then influence what design choices make sense.

> 
> This can be done automatically as follows:
> 
> 
> A) Some sort of discovery infrastructure maps email addresses to key hashes.
> B) Some sort of discovery infrastructure maps key hashes to keys.
> C) Inbound mail server has an encryption key
> D) User has an endymail encryption key.
> 
> 
> 1) Alice sends a message to Bob <bob@example.com>om>, she doesn't know him yet.
> 
> Alice's email client uses infrastructure A and B to pull the best
> public data for bob. This turns out to be a domain level record with
> the mail server key (C).
> 

If anyone can search for a key, spammers and spear phishing attackers have this capability too.

> Mail is opportunistically encrypted under the mail server key (C).
> Mail server decrypts then (optional) re-encrypts message for delivery
> to Bob.
> 
> The sent mail includes a header with Alice's encryption key
> fingerprint. It is signed using either DKIM or S/MIME depending on the
> settings specified in the key record.
> 

What happens when Alice's email is compromised?  This is a common tactic today and may only increase with e2e.

I'm not arguing against e2e, but rather that we think through the effect changes will have understanding today's operational and security/incident response practices.

Best regards,
Kathleen 

> 
> 2) Bob receives message
> 
> 2a) Bob reads message hits the 'spam' key
> 2b) Bob reads message, does nothing
> 2c) Bob replies to message
> 
> Only 2c is going to result in Bob's client whitelisting Alice. His
> response contains the key fingerprint that Bob needs to perform
> retrieval of the key using infrastructure B.
> 
> 
> 3) Alice sends another message to Bob after his reply
> 
> Client notes that it is whitelisted and pulls the key from infrastructure B.
> 
> 
> Note:
> 
> 1) This whole process is completely frictionless. Neither Alice nor
> Bob has to do anything differently.
> 
> 2) This is only one point on the security spectrum. In other
> applications we might allow easier access to the endy key or might not
> allow access at all.
> 
> 3) The reason for decoupling the key from the system via a key hash is
> that it enables key rollover.
> 
> 
> One question left open in the above is how we prevent the use of
> infrastructure A as a means to obtain email addresses.
> 
> I am currently working on efficient ways to do that.
> 
> _______________________________________________
> Endymail mailing list
> Endymail@ietf.org
> https://www.ietf.org/mailman/listinfo/endymail

v2.8.7 | Report a Bug | By Email