IETF Logo Mail Archive

Re: [Endymail] spam versus cleartext

Viktor Dukhovni <ietf-dane@dukhovni.org> Mon, 08 September 2014 03:09 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: endymail@ietfa.amsl.com
Delivered-To: endymail@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D90F1A6ED8 for <endymail@ietfa.amsl.com>; Sun, 7 Sep 2014 20:09:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h5esrpl3eiyE for <endymail@ietfa.amsl.com>; Sun, 7 Sep 2014 20:09:44 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 64ED51A1F20 for <endymail@ietf.org>; Sun, 7 Sep 2014 20:09:44 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 592532AB2D0; Mon, 8 Sep 2014 03:09:41 +0000 (UTC)
Date: Mon, 8 Sep 2014 03:09:41 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: endymail@ietf.org
Message-ID: <20140908030941.GT26920@mournblade.imrryr.org>
References: <540AABF8.8000605@cisco.com> <CAMm+Lwh1JJQTOgRN_31b3+oTreeHzntBxx5sNeAFQAwnac9trw@mail.gmail.com> <540C5BE1.6010405@qti.qualcomm.com> <540CCA3E.8020505@qti.qualcomm.com> <alpine.BSF.2.11.1409071906310.16169@joyce.lan>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <alpine.BSF.2.11.1409071906310.16169@joyce.lan>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: http://mailarchive.ietf.org/arch/msg/endymail/dhf3OmhQAi0owI36ZYrsuZyHIls
Subject: Re: [Endymail] spam versus cleartext
X-BeenThere: endymail@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: endymail@ietf.org
List-Id: <endymail.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/endymail>, <mailto:endymail-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/endymail/>
List-Post: <mailto:endymail@ietf.org>
List-Help: <mailto:endymail-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/endymail>, <mailto:endymail-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Sep 2014 03:09:48 -0000

On Sun, Sep 07, 2014 at 07:06:54PM -0400, John R Levine wrote:

> Take current implementations of S/MIME and adjust them to allow
> self-signed certificates in addition to (or instead of) ones signed by
> a list of CAs configured into the MUA.

Apple's desktop Mail.app allows one (via Keychain) to bind a
particular (self-signed or not) key to a particular sender.  With
Outlook the only choice is to trust the issuing CA for all addresses.

As for what the IETF can do, maybe address sign-then-encrypt vs.
encrypt-then-sign in S/MIME unless I missed the memo and this is
no longer an issue.

The SMIMEA draft is not yet published, I don't recall seeing a
mechanism there to explicitly publish domain (gateway) keys, in
addition to or instead of keys for each user.  Perhaps wildcard
DNS entries can simulate gateway keys.

When SMIMEA records supply only the hash of a trust anchor, or of
a user certificate, rather than the key, then the relevant public
keys would have to be conveyed in band.  For example via a reply
from the user as suggested by Phillip Hallam-Baker.  Thus SMIMEA
is compatible with various more detailed models of key distribution.

SMIMEA might not directly expose the actual public keys of individual
users or even their hashes, rather it could simply publish a fixed
certification authority that issues X.509 email certificates to
the users of a domain.  This can make the initial contact leaf of
faith more secure.

It might be useful to define message headers that an MSA or border
outbound MTA should use to infer e2e encryption policy, for example
by sending mail only when a suitable encryption key is available
for a recipient.  Gateways could send signed, but unencrypted
contact requests to such users requesting a signed response (which
could be verified via SMIMEA).  Receiving user agents could respond
directly with a signed message, or insert similar headers to have
the recipient's gateway provide the requisite signature and public
key certs.

So mostly what's missing is new MUA code to support new key management
models.  Implementations may unearth the need for new headers or
other relevant standards that enable the new feature set, but my
guess is that for now what is missing is new code more than new
standards.  Perhaps this list will produce something unexpected
that will lead the way to new implementations, but my guess is 
that it will be other way around.

-- 
	Viktor.

v2.8.7 | Report a Bug | By Email