Re: [Endymail] Another view of the problem and what the IETF could do
Phillip Hallam-Baker <phill@hallambaker.com> Wed, 03 September 2014 18:54 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: endymail@ietfa.amsl.com
Delivered-To: endymail@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 7277B1A070C
for <endymail@ietfa.amsl.com>; Wed, 3 Sep 2014 11:54:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.678
X-Spam-Level:
X-Spam-Status: No, score=-0.678 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, J_CHICKENPOX_14=0.6,
SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id BOpbWvVCfNgW for <endymail@ietfa.amsl.com>;
Wed, 3 Sep 2014 11:54:45 -0700 (PDT)
Received: from mail-lb0-x232.google.com (mail-lb0-x232.google.com
[IPv6:2a00:1450:4010:c04::232])
(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id C08CC1A068F
for <endymail@ietf.org>; Wed, 3 Sep 2014 11:54:44 -0700 (PDT)
Received: by mail-lb0-f178.google.com with SMTP id v6so10089715lbi.37
for <endymail@ietf.org>; Wed, 03 Sep 2014 11:54:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=mime-version:sender:in-reply-to:references:date:message-id:subject
:from:to:cc:content-type;
bh=0lPpZ/IJwQdnnsic8STVDy8KyjaTxDmPwYwbt8BeyYQ=;
b=ZfiK1LbuKqSJ5aABWikyvyO0P/yg/6MZ+MO+3BoeCmH29yCRN0Yt0qltqnBlXtr8HD
AMzdjOU9EkbHKA4g06SXpwaaXcMAnG+nvPq12b2r2acNgot7gKGZ84KyQXjf0sC8tNwE
Kb3YQJtxKxJRP/u37NOHo+dlFKfEqG3QATXr6CqkxX/H+RJYhc2I/VmSuXcAZIS40M+M
SH0Wv7fONuJdeYdUbss8r9hT8k7lL3wB8/wrmuHhVs/BaN49I5s7aKL9enPMgD8M17+/
jWTJLDMvnJxDgY8UTgVd1AhHfOPkkEqiu0hFPZcqSig1zczL/xQdAQahV3OL7LKCAwNv
xWAg==
MIME-Version: 1.0
X-Received: by 10.152.45.1 with SMTP id i1mr4445469lam.97.1409770482968; Wed,
03 Sep 2014 11:54:42 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.122.50 with HTTP; Wed, 3 Sep 2014 11:54:42 -0700 (PDT)
In-Reply-To: <CAHbuEH5q4MBno379mwZzRZibH5o3=gi-YY4e-JDV4dhxoFUjYA@mail.gmail.com>
References: <CAHBU6iuxfqs9RszSaJLaTV_obKBCJ9Pzii+t9XANN3q+bJm-3Q@mail.gmail.com>
<878um3prio.fsf@vigenere.g10code.de>
<cddbc815-a98a-48e5-8dea-c3d8a68ca4d9@gulbrandsen.priv.no>
<87y4u2laqh.fsf@vigenere.g10code.de>
<20140902114217.lp_a_yD8%sdaoden@yandex.com>
<20140902160206.GA7900@vegoda.org> <5405EEB8.1060107@cs.tcd.ie>
<87egvtjhhe.fsf@vigenere.g10code.de>
<CAHbuEH5q4MBno379mwZzRZibH5o3=gi-YY4e-JDV4dhxoFUjYA@mail.gmail.com>
Date: Wed, 3 Sep 2014 14:54:42 -0400
X-Google-Sender-Auth: 2HliLzusyeWN1I25PijW9rpU3cY
Message-ID: <CAMm+LwgyOLaiDVi6mMg3UWjzTVdvewv-XJ1nbpz0Xmbiw9B0ng@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: http://mailarchive.ietf.org/arch/msg/endymail/mJyBRpe2xs4ygW9bF3gEzI4VhKo
Cc: Werner Koch <wk@gnupg.org>, Arnt Gulbrandsen <arnt@gulbrandsen.priv.no>,
endymail <endymail@ietf.org>, Leo Vegoda <leo@vegoda.org>,
Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [Endymail] Another view of the problem and what the IETF could do
X-BeenThere: endymail@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <endymail.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/endymail>,
<mailto:endymail-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/endymail/>
List-Post: <mailto:endymail@ietf.org>
List-Help: <mailto:endymail-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/endymail>,
<mailto:endymail-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Sep 2014 18:54:46 -0000
On Wed, Sep 3, 2014 at 10:55 AM, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> wrote: > > > > On Wed, Sep 3, 2014 at 3:22 AM, Werner Koch <wk@gnupg.org> wrote: >> >> On Tue, 2 Sep 2014 18:22, stephen.farrell@cs.tcd.ie said: >> >> > Similarly, if the list concludes that users have to understand >> > keys then that's also easy - we know that will never happen >> > and so could also call it a day. >> >> Users do understand mail addresses and thus a key should be identified >> by the mail address and not by any other property. >> >> > reinvent X.400 email security here please? (Or PEM, or MOSS, >> >> What problem do you see with MOSS? Except for the commonly ignored >> micalg parameter it is a well working part of MIME and not a problem at >> all. This is true for S?MIME as well as for PGP/MIME. We are still >> talking about mail, tight? Or is the goal of the list to replace the >> rfc822 mail format - that will never happen in the foreseeable future. > > > I think we should be open to a possible change for messaging in general and > not limit ourselves to mail. Totally and I think changing messaging in general is likely to be the area where we eventually end up changing application protocols. If we are just fixing email security then obviously we play SMTP. If we are doing messaging then we just layer security onto Jabber. But if we decide that we are doing security for messaging in general, both synchronous and asynchronous, bilateral and multilateral then cutting out the cruft and going to a consistent JSON based messaging infrastructure with security built in from the start and a key service that doubles as a presence service starts to look a lot simpler than ad hoc backfixes to each protocol in turn. But. The reason I am sticking with email right now is that it is the single hardest problem and if we can solve that one, we can leverage the solution for every other area as well. What makes email hard is that it is asynchronous and the store and forward protocols don't separate content and data channels. So all control signaling takes place in the content space or not at all. These days increasingly not at all, I don't see bounce messages very often any more.
- [Endymail] Another view of the problem and what t… Tim Bray
- Re: [Endymail] Another view of the problem and wh… Werner Koch
- Re: [Endymail] Another view of the problem and wh… Arnt Gulbrandsen
- Re: [Endymail] Another view of the problem and wh… Phillip Hallam-Baker
- Re: [Endymail] Another view of the problem and wh… Eliot Lear
- Re: [Endymail] Another view of the problem and wh… Tim Bray
- Re: [Endymail] Another view of the problem and wh… Werner Koch
- Re: [Endymail] Another view of the problem and wh… Werner Koch
- Re: [Endymail] Another view of the problem and wh… Steffen Nurpmeso
- Re: [Endymail] Another view of the problem and wh… Leo Vegoda
- Re: [Endymail] Another view of the problem and wh… Stephen Farrell
- Re: [Endymail] Another view of the problem and wh… Leo Vegoda
- Re: [Endymail] Another view of the problem and wh… Adam Caudill
- Re: [Endymail] Another view of the problem and wh… Phillip Hallam-Baker
- Re: [Endymail] Another view of the problem and wh… Tim Bray
- Re: [Endymail] Another view of the problem and wh… Werner Koch
- Re: [Endymail] Another view of the problem and wh… Stephen Farrell
- Re: [Endymail] Another view of the problem and wh… Werner Koch
- Re: [Endymail] Another view of the problem and wh… Kathleen Moriarty
- Re: [Endymail] Another view of the problem and wh… Phillip Hallam-Baker
- Re: [Endymail] Another view of the problem and wh… Michael Kjörling
- Re: [Endymail] Another view of the problem and wh… Leo Vegoda