IETF Logo Mail Archive

Re: [Endymail] Another view of the problem and what the IETF could do

Phillip Hallam-Baker <phill@hallambaker.com> Mon, 01 September 2014 16:32 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: endymail@ietfa.amsl.com
Delivered-To: endymail@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 711821A035E for <endymail@ietfa.amsl.com>; Mon, 1 Sep 2014 09:32:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.422
X-Spam-Level: *
X-Spam-Status: No, score=1.422 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n6p2ImTn0Jrn for <endymail@ietfa.amsl.com>; Mon, 1 Sep 2014 09:32:45 -0700 (PDT)
Received: from mail-la0-x234.google.com (mail-la0-x234.google.com [IPv6:2a00:1450:4010:c03::234]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA7DF1A0326 for <endymail@ietf.org>; Mon, 1 Sep 2014 09:32:44 -0700 (PDT)
Received: by mail-la0-f52.google.com with SMTP id ty20so6330614lab.39 for <endymail@ietf.org>; Mon, 01 Sep 2014 09:32:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=2cZ6KbQGR0sfOxxvFHpkFWRPlUv3p+obdmsfWI2nDhs=; b=Q4gQXM2kMUA156Zi7cD8oxgNQw8rINHyXFzpjUWfY8/k69MI4VjF+Y/AMW5sW4aEHB uteNJWPglPCGCqN+vAYl+7Zk6R27EtVQSDfWDVQAn8nZTUw5UAjNDuxeDKpb9yUhCeI4 KItcgUqAf4NzBhi3iV+FCC83DIL0V+3nVpwe2t+zhcK5pztlSzNpjHWYXnCZy/H8cqV3 estrmCyVzMd3KZiznOGRWE9JKgam9W70z+qwLsRzxdUGGBVk/tYpYgxyDIKjQ2c1Z8zd xwOwQo4mReRQ16HTtr+nsHpcghpOHZf9/ala7lg5htBuo+we8YthWlVTXN8oVcP5tgAq rsCA==
MIME-Version: 1.0
X-Received: by 10.153.4.39 with SMTP id cb7mr29603920lad.19.1409589163206; Mon, 01 Sep 2014 09:32:43 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.122.50 with HTTP; Mon, 1 Sep 2014 09:32:43 -0700 (PDT)
In-Reply-To: <cddbc815-a98a-48e5-8dea-c3d8a68ca4d9@gulbrandsen.priv.no>
References: <CAHBU6iuxfqs9RszSaJLaTV_obKBCJ9Pzii+t9XANN3q+bJm-3Q@mail.gmail.com> <878um3prio.fsf@vigenere.g10code.de> <cddbc815-a98a-48e5-8dea-c3d8a68ca4d9@gulbrandsen.priv.no>
Date: Mon, 1 Sep 2014 12:32:43 -0400
X-Google-Sender-Auth: ndeEIrmGw-6_fXhS2Q9bEoVOOIo
Message-ID: <CAMm+LwhN5-WgZ-zwMYmZKCcEpR2YWDBm2qHTkuUr3txUFZg97Q@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Arnt Gulbrandsen <arnt@gulbrandsen.priv.no>
Content-Type: text/plain; charset=UTF-8
Archived-At: http://mailarchive.ietf.org/arch/msg/endymail/otOExOs9R1c2VqcglhaaFGM8rP4
Cc: endymail <endymail@ietf.org>
Subject: Re: [Endymail] Another view of the problem and what the IETF could do
X-BeenThere: endymail@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <endymail.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/endymail>, <mailto:endymail-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/endymail/>
List-Post: <mailto:endymail@ietf.org>
List-Help: <mailto:endymail-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/endymail>, <mailto:endymail-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Sep 2014 16:32:50 -0000

On Mon, Sep 1, 2014 at 6:48 AM, Arnt Gulbrandsen
<arnt@gulbrandsen.priv.no> wrote:
> The web of trust hasn't failed?
>
> The number of people with email addresses has grown to perhaps a quarter of
> humanity. Meanwhile, the number of people who use PGP seems to have been
> more or less stable for the past 15 years (I'd love to see better numbers on
> that, but who might be in a position to collect that?). What's the threshold
> for success then?

One of the main reasons PGP failed is that people wanted it to succeed
so desperately. So nobody would speak up about the problems. As if
wishful thinking alone would solve everything.

Robert Owen, the father of the factory system set up a socialist
utopian commune in the US which was the first of its kind. It failed
in the exact same ways that numerous later attempts also failed.
Because people didn't want to question the ideology and acknowledge
the problems which is the first step to solving them. Other communes
did look at the problems and did not fail in the same ways.


No one trust model is going to fit every need. Which is why the trust
model mechanics should be separated out from the client for the time
being.


One very powerful tool for addressing the problem is that we
distinguish the first contact use case from the continued contact use
case.

Alice is sending a message to Bob, she has never met Bob in person,
she has only got his email address from a Web site. But it is Bob she
wants to talk to and this might not be bob@example.com.

So in this situation I don't think she is going to be immediately
sending Bob really confidential secrets. I think it is going to be
perfectly adequate to use key distribution mechanisms such as key
servers and the like for establishing this connection.


Securing further conversation is quite a bit easier. We can exchange a
fingerprint in band and make Alice enter it manually or we can use
strong email addresses which are just a bit of syntactic sugar (aka
usability) thrown on top.

We can even send the contact information inband in email headers:

To: <bob@example.com>
From: <alice@example.com>
Reply-To: <alice@example.com>
Encrypt-To: <ACAIEA-FONPAC-5AC6LFA-K4ACHC-EAJWAHN-VPAM4A-COYPAO-VAA?alice@example.com>

Hi Bob, wanna talk to me?



Unlike PEM headers, we are not sending several Kb of extra data per
message. We are only sending the information required to locate the
cert chain and validate it. We are not sending unnecessary data.

v2.8.7 | Report a Bug | By Email