IETF Logo Mail Archive

Re: [Endymail] FW: Group/Enterprise encrypted email

"Nordgren, Bryce L -FS" <bnordgren@fs.fed.us> Wed, 03 June 2015 20:46 UTC

Return-Path: <bnordgren@fs.fed.us>
X-Original-To: endymail@ietfa.amsl.com
Delivered-To: endymail@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B9371A9128 for <endymail@ietfa.amsl.com>; Wed, 3 Jun 2015 13:46:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R9BDVFG4A0aM for <endymail@ietfa.amsl.com>; Wed, 3 Jun 2015 13:46:09 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0065.outbound.protection.outlook.com [207.46.100.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 066FE1A910F for <endymail@ietf.org>; Wed, 3 Jun 2015 13:46:08 -0700 (PDT)
Received: from BY2PR06MB1831.namprd06.prod.outlook.com (25.163.33.145) by BY2PR06MB172.namprd06.prod.outlook.com (10.242.47.153) with Microsoft SMTP Server (TLS) id 15.1.172.22; Wed, 3 Jun 2015 20:46:08 +0000
Received: from BY2PR06CA033.namprd06.prod.outlook.com (10.141.250.151) by BY2PR06MB1831.namprd06.prod.outlook.com (25.163.33.145) with Microsoft SMTP Server (TLS) id 15.1.172.22; Wed, 3 Jun 2015 20:46:06 +0000
Received: from BY2FFO11FD014.protection.gbl (2a01:111:f400:7c0c::158) by BY2PR06CA033.outlook.office365.com (2a01:111:e400:2c60::23) with Microsoft SMTP Server (TLS) id 15.1.184.17 via Frontend Transport; Wed, 3 Jun 2015 20:46:06 +0000
Authentication-Results: spf=pass (sender IP is 199.135.140.15) smtp.mailfrom=fs.fed.us; hallambaker.com; dkim=none (message not signed) header.d=none;
Received-SPF: Pass (protection.outlook.com: domain of fs.fed.us designates 199.135.140.15 as permitted sender) receiver=protection.outlook.com; client-ip=199.135.140.15; helo=mail.usda.gov;
Received: from mail.usda.gov (199.135.140.15) by BY2FFO11FD014.mail.protection.outlook.com (10.1.14.76) with Microsoft SMTP Server (TLS) id 15.1.184.11 via Frontend Transport; Wed, 3 Jun 2015 20:46:05 +0000
Received: from 001FSN2MPN1-046.001f.mgd2.msft.net ([169.254.6.131]) by 001FSN2MMR1-005.001f.mgd2.msft.net ([199.135.140.15]) with mapi id 14.03.0224.003; Wed, 3 Jun 2015 20:45:29 +0000
From: "Nordgren, Bryce L -FS" <bnordgren@fs.fed.us>
To: Phillip Hallam-Baker <phill@hallambaker.com>
Thread-Topic: [Endymail] FW: Group/Enterprise encrypted email
Thread-Index: AdCaU4EBKI9vXfbmSrKplnpcKmT5cgCPeK3wABeENQAAG8dZUAAyKjMAAADg6CAAA4+bgAAAQ2EA
Date: Wed, 03 Jun 2015 20:45:27 +0000
Message-ID: <82E7C9A01FD0764CACDD35D10F5DFB6E7E159E@001FSN2MPN1-046.001f.mgd2.msft.net>
References: <82E7C9A01FD0764CACDD35D10F5DFB6E7DFBBD@001FSN2MPN1-046.001f.mgd2.msft.net> <000d01d09cef$76039f10$620add30$@icloud.com> <82E7C9A01FD0764CACDD35D10F5DFB6E7E1094@001FSN2MPN1-046.001f.mgd2.msft.net> <007001d09e27$3c3083f0$b4918bd0$@icloud.com> <82E7C9A01FD0764CACDD35D10F5DFB6E7E154A@001FSN2MPN1-046.001f.mgd2.msft.net> <CAMm+Lwgk9pMdURgNg=vvSbwNkQw_Q9Qmn=bgExU7Mqdvsun_DA@mail.gmail.com>
In-Reply-To: <CAMm+Lwgk9pMdURgNg=vvSbwNkQw_Q9Qmn=bgExU7Mqdvsun_DA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [166.7.27.143]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Microsoft-Exchange-Diagnostics: 1; BY2FFO11FD014; 1:1X8wbwV8A80l8ewnXrdYur2kg40Pgt9ybaKjxaDcZEw+iXJxVRA10oPNxLtMymQhO5hDxJ1Dnai33QFkaj7XejyFbKdSeuLAnB6eUEUe7YKg1X6UIaYGDLUdYlr/qsMDpI1t8/s6J7eASdWhJmt/T3BlaZdPOncI2OQMACbAEeDrvsgq4Xo7F7/j4qcWMBcFdmY0/K65xKgY5B/u9MBKgUA718TVtf5uHBk6o1e8btwcuoQ5bnZtNUyR/IKJTlA2FAbXmv6hIfX0TUm8uqvOhrd04HxY7eM8qDK4fapjFCg=
X-Forefront-Antispam-Report: CIP:199.135.140.15; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10009020)(6009001)(438002)(189002)(199003)(2920100001)(66066001)(2900100001)(106466001)(86146001)(92566002)(47776003)(64706001)(22756005)(69596002)(102836002)(46102003)(2950100001)(68736005)(104016003)(5890100001)(22746005)(93886004)(74482002)(81156007)(50986999)(26826002)(86362001)(23676002)(76176999)(54356999)(33656002)(110136002)(189998001)(5001860100001)(2656002)(5001830100001)(62966003)(55846006)(5001960100002)(97736004)(6806004)(4001540100001)(87936001)(77156002)(50466002)(7059030)(80862005)(79686002); DIR:OUT; SFP:1101; SCL:1; SRVR:BY2PR06MB1831; H:mail.usda.gov; FPR:; SPF:Pass; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en;
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:; SRVR:BY2PR06MB1831; UriScan:; BCL:0; PCL:0; RULEID:; SRVR:BY2PR06MB172;
X-Microsoft-Antispam-PRVS: <BY2PR06MB1831540958BF6BE2CCF66D70E5B40@BY2PR06MB1831.namprd06.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(520003)(5005006)(3002001); SRVR:BY2PR06MB1831; BCL:0; PCL:0; RULEID:; SRVR:BY2PR06MB1831;
X-Forefront-PRVS: 05961EBAFC
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Jun 2015 20:46:05.8433 (UTC)
X-MS-Exchange-CrossTenant-Id: 49808c08-7df8-4c41-af62-7a0827de9408
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=49808c08-7df8-4c41-af62-7a0827de9408; Ip=[199.135.140.15]; Helo=[mail.usda.gov]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR06MB1831
X-OriginatorOrg: fs.fed.us
Archived-At: <http://mailarchive.ietf.org/arch/msg/endymail/vblnhPwazKTEjVZeoFihpbTb8kU>
Cc: Trevor Freeman <trevor.freeman99@icloud.com>, "endymail@ietf.org" <endymail@ietf.org>
Subject: Re: [Endymail] FW: Group/Enterprise encrypted email
X-BeenThere: endymail@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <endymail.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/endymail>, <mailto:endymail-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/endymail/>
List-Post: <mailto:endymail@ietf.org>
List-Help: <mailto:endymail-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/endymail>, <mailto:endymail-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jun 2015 20:46:10 -0000

> In a corporate context, this makes perfect sense. If I am downloading company confidential 
> material to my laptop, I want to be able to read it on the laptop but I don't want to accidentally 
> send a copy to someone else by doing an unfortunate 'reply all'.

So another thing to note in security considerations is that this is a scheme intended to protect well behaved actors who have good habits and an honest software ecosystem from causing damage due to specific single honest mistakes. It is not intended to protect against adversaries, well behaved actors who have sloppy habits, well behaved actors who make more than one mistake on the same message (reply all + attachment with no tag/inappropriate tag), or well behaved actors who make a single mistake from which multiple correlated incorrect actions are derived (misclassify content -> incorrect content tag/incorrect mailing list). 

In light of these things, I think any language about "ensuring that policy is followed" or the like should just be expunged. If the target is to encourage well-meaning partners to do the accepted thing, that's how it should be presented.

Bryce

v2.23.0 | Report a Bug | By Email