Re: On email and web security

<l.wood@surrey.ac.uk> Sat, 02 January 2016 07:25 UTC

Return-Path: <l.wood@surrey.ac.uk>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F5D21B2B42 for <ietf@ietfa.amsl.com>; Fri, 1 Jan 2016 23:25:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 73Qj80_jZwA9 for <ietf@ietfa.amsl.com>; Fri, 1 Jan 2016 23:25:48 -0800 (PST)
Received: from mail1.bemta5.messagelabs.com (mail1.bemta5.messagelabs.com [195.245.231.146]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B87641B2B41 for <ietf@ietf.org>; Fri, 1 Jan 2016 23:25:47 -0800 (PST)
Received: from [195.245.231.67] by server-10.bemta-5.messagelabs.com id 37/94-17090-97B77865; Sat, 02 Jan 2016 07:25:45 +0000
X-Env-Sender: l.wood@surrey.ac.uk
X-Msg-Ref: server-4.tower-82.messagelabs.com!1451719544!6686149!1
X-Originating-IP: [131.227.200.35]
X-StarScan-Received:
X-StarScan-Version: 7.35.1; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 28966 invoked from network); 2 Jan 2016 07:25:44 -0000
Received: from exht021p.surrey.ac.uk (HELO EXHT021P.surrey.ac.uk) (131.227.200.35) by server-4.tower-82.messagelabs.com with AES128-SHA encrypted SMTP; 2 Jan 2016 07:25:44 -0000
Received: from EXHY012V.surrey.ac.uk (131.227.201.103) by EXHT021P.surrey.ac.uk (131.227.200.35) with Microsoft SMTP Server (TLS) id 8.3.348.2; Sat, 2 Jan 2016 07:25:44 +0000
Received: from emea01-am1-obe.outbound.protection.outlook.com (131.227.201.241) by EXHY012v.surrey.ac.uk (131.227.201.103) with Microsoft SMTP Server (TLS) id 14.3.224.2; Sat, 2 Jan 2016 07:25:43 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=surreyac.onmicrosoft.com; s=selector1-surrey-ac-uk; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=wbMxJDM8K/yCWT4XkgOLXa2Fi3Ms7R+c3yLLIozV1/M=; b=YOVVJrt9C1NP393SdA1lJOFO39FRIpesz1wD4V8G6C2VuHzqYzNr5EvXvcmTltPVqmUk+9smiQtqB22xCWncIr75frhroAg02sLC90Co5lxbfnXKWtLEdU4oScSOEylqXiI+unq3TXEzNTkpymnWru6Wk5QyvGZQqBPbHWBhY+Q=
Received: from DB4PR06MB457.eurprd06.prod.outlook.com (10.141.238.15) by DB4PR06MB460.eurprd06.prod.outlook.com (10.141.238.24) with Microsoft SMTP Server (TLS) id 15.1.361.13; Sat, 2 Jan 2016 07:25:43 +0000
Received: from DB4PR06MB457.eurprd06.prod.outlook.com ([10.141.238.15]) by DB4PR06MB457.eurprd06.prod.outlook.com ([10.141.238.15]) with mapi id 15.01.0361.006; Sat, 2 Jan 2016 07:25:43 +0000
From: l.wood@surrey.ac.uk
To: phill@hallambaker.com, douglasroyer@gmail.com
Subject: Re: On email and web security
Thread-Topic: On email and web security
Thread-Index: AQHRQz8Yhwpsk1i0P061C0xMiWpUkp7nIfQAgAAPf4CAAKUWaA==
Date: Sat, 02 Jan 2016 07:25:42 +0000
Message-ID: <DB4PR06MB4571A77D35C4B525CE73398ADF00@DB4PR06MB457.eurprd06.prod.outlook.com>
References: <304F200F-CF0B-4C23-91F9-BFC06C41BDA8@cisco.com> <5686E386.70008@gmail.com>, <CAMm+LwhExTXC6xWDbR0Q5owi45UfBAgR+Z96p4BJWi-_5Q5tXA@mail.gmail.com>
In-Reply-To: <CAMm+LwhExTXC6xWDbR0Q5owi45UfBAgR+Z96p4BJWi-_5Q5tXA@mail.gmail.com>
Accept-Language: en-AU, en-US
Content-Language: en-AU
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [203.214.159.116]
x-microsoft-exchange-diagnostics: 1; DB4PR06MB460; 5:6duBqaCj2+PC2xkUUy6jqx/tsGnWpsFKky65r4ORGuZd9QTuBrNUbuYTluAPup8RbM7ASN5gvisN916ZYdehjiqM6EEkGbrs3hnX52N273sBZtzn3bLlyZanTqgQZa2HPhkfkpUQhi42YQ8clRxZ+g==; 24:mzjVY57TSFbl8PkeMBIkNWS+l4kyHWwlz09VFOluhmzAOM2Y0fPbv6n6LM6zaTikgn25PrITpz0w5N7XyF3Nfndz+RwKUGTg4WzcKWGwycI=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DB4PR06MB460;
x-microsoft-antispam-prvs: <DB4PR06MB460D57B8C90F3EBECD2376DADF00@DB4PR06MB460.eurprd06.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(95692535739014);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(520078)(5005006)(8121501046)(10201501046)(3002001); SRVR:DB4PR06MB460; BCL:0; PCL:0; RULEID:; SRVR:DB4PR06MB460;
x-forefront-prvs: 0809C12563
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(479174004)(199003)(377454003)(24454002)(189002)(54356999)(106356001)(2900100001)(5008740100001)(6116002)(74482002)(19580405001)(76176999)(97736004)(5001770100001)(50986999)(40100003)(5002640100001)(189998001)(86362001)(76576001)(5004730100002)(87936001)(2950100001)(81156007)(106116001)(77096005)(66066001)(3846002)(122556002)(586003)(10400500002)(92566002)(74316001)(105586002)(1220700001)(5003600100002)(19580395003)(102836003)(11100500001)(1096002)(4326007)(5001960100002)(101416001)(33656002); DIR:OUT; SFP:1102; SCL:1; SRVR:DB4PR06MB460; H:DB4PR06MB457.eurprd06.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: surrey.ac.uk does not designate permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Jan 2016 07:25:42.7747 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 6b902693-1074-40aa-9e21-d89446a2ebb5
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB4PR06MB460
X-OrganizationHeadersPreserved: DB4PR06MB460.eurprd06.prod.outlook.com
X-CrossPremisesHeadersFiltered: EXHY012v.surrey.ac.uk
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/-4VN0kCpPK0sKfRFXzvXXuqF8zc>
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Jan 2016 07:25:50 -0000

"If Alice wants to encrypt the message for a group of people, she has to encrypt the message for every member of the group."

really? not encrypt the message to a random key, then encrypt that key separately to each member? much less processing...
________________________________________
From: ietf <ietf-bounces@ietf.org> on behalf of Phillip Hallam-Baker <phill@hallambaker.com>
Sent: Saturday, 2 January 2016 8:32:53 AM
To: Doug Royer
Cc: IETF Discussion Mailing List
Subject: Re: On email and web security

On Fri, Jan 1, 2016 at 3:37 PM, Doug Royer <douglasroyer@gmail.com> wrote:
> On 12/30/2015 01:17 PM, Fred Baker (fred) wrote:
>> ...
>>
>> First, I note that this email is going out unencrypted. Why?
>
> Confused - for private lists -I see your point. For public lists, what
> would you want still private after the email is publicly listed on the
> IETF email-list web servers?

The IETF list archives are a public document. But that is not the
general case for mailing lists. And right now we don't have a good
protocol for mailing list security, nor does SMTP handle mailing lists
very well at all.

This is one of the areas where the gap between where we are today and
where we want to be is simply too great to make working on top of the
legacy infrastructure of SMTP, SMIME & PGP viable. All three need
major modification to work. All three will need new code.

Right now I am building tools that apply the Mesh to the IETF
protocols as they are. One necessary component in that infrastructure
is a public email profile that contains information such as :

SignedData {
    "ProfileMailPublic" : {
        "address" : "fred@cisco.com",
        "name": "Fred Baker",
        "udf": "MB2GK-6DUF5-YGYYL-JNY5E-RWSHZ-SV75J"
        "connection": [{
             "protocol": "SMTP",
             "encrypt": "OpenPGP",
             "prefer": "encrypt",
             "require": "sign",
             "key": { ... key data here ... }
             }]
        }
    }

What this is saying is that Fred prefers to have all his mail sent via
SMTP encrypted using OpenPGP format using the specified key. Without
that piece of information, it is not possible to have a tool that
automatically encrypts mail sent to Fred. Right now I read my mail on
3 desktops, 2 laptops, 1 phone, 2 iPads and a watch. If people send me
encrypted mail I can only read it on the one laptop with the private
key.

Don't worry about the privacy implications at this stage. They are
important but the way to address them is through a kimono protocol.
This is Fred's public profile that is world readable. He might also
have an encrypted profile that is only visible to people once they
connect. It is also possible to obfusticate this profile by encrypting
it under Fred's email address.

One of the reasons I realized something like the Mesh was needed is
that before mail can be sent encrypted by default, there has to be a
way to provision the decryption key out to every device the user might
want to read their mail on. And that process has to be completely
automated and completely under the user's control. I am really fed up
with all these cloud services where I invest my time and effort
managing data that I don't control and gets deleted at the whim of the
developer. Yes, I am talking to you Apple who resets all my settings
with every iOS or OSX upgrade. No I do not want to go through the new
features tour, it might be interesting to you but it is junk mail to
me.


We can also use the same profile mechanism to advertise support for a
new messaging protocol. So people with legacy SMTP clients can still
send mail to Fred but people with clients that support the new
protocol can make use of the new security capabilities.

OK, so what are those capabilities? Well, 20 years ago Matt Blaze and
some other folk invented a concept called Proxy Re-Encryption and now
that we are moving to ECC based encryption, it is a technique that
solves a lot of our current security problems.

Traditional public key exchange is a 2 party protocol, Alice encrypts
the message for Bob. If Alice wants to encrypt the message for a group
of people, she has to encrypt the message for every member of the
group.

Proxy re-encryption or Recryption for short is a technique that allows
Alice to encrypt a message to send to a group and then an untrusted
third party proxy can then recrypt the messages so that each member of
the group can read them but the proxy cannot decrypt the message
itself. This means that the proxy can be a service in the cloud
without introducing a new point of vulnerability which would be the
case if we did this sort of thing with traditional RSA encryption.

One area where this type of capability is valuable is in the mailing
list problem. Another is in an IMAP style mail server where the user
has 8 devices and wants each to have a different decryption key so
that they can re-establish their security is a device is lost,
compromised, whatever. Another place where it is very useful is for
sharing documents in an enterprise. The last is the subject of a
patent claim but fortunately the claim expires in a couple of years.


Recryption is powerful. We could cobble together extensions to SMTP,
IMAP, POP3, XMPP, etc. to make it work, but it is actually rather
simpler to design a new general purpose messaging service that allows
users to upload 'blobs' of content and make them visible to groups of
users through control of their recryption groups (which can be thought
of as a security label).

At root, there isn't any difference between Mail, Mailing Lists, News,
Blogs, Messaging, Chat, VOIP, Dropbox. In every case we have a
protocol in which a user uploads 'chunks' of data that are made
visible to a set of recipients. The only difference is in the way that
the notification takes place and the path the chunks follow.

It is a powerful technique but as I say, encumbered for a couple of
years. So if we build out the user-centric key infrastructure in those
two years, we will be ready to start deploying the schemes when the
patents expire.