Re: Proposed Proposed Statement on e-mail encryption at the IETF
Måns Nilsson <mansaxel@besserwisser.org> Tue, 02 June 2015 20:11 UTC
Return-Path: <mansaxel@besserwisser.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6F1D1B2CB5 for <ietf@ietfa.amsl.com>; Tue, 2 Jun 2015 13:11:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.511
X-Spam-Level:
X-Spam-Status: No, score=-2.511 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XywGblqKC_pn for <ietf@ietfa.amsl.com>; Tue, 2 Jun 2015 13:11:16 -0700 (PDT)
Received: from jaja.besserwisser.org (jaja.besserwisser.org [192.36.115.55]) by ietfa.amsl.com (Postfix) with ESMTP id F07461B2CA1 for <ietf@ietf.org>; Tue, 2 Jun 2015 13:11:15 -0700 (PDT)
Received: by jaja.besserwisser.org (Postfix, from userid 1004) id 717C59DEC; Tue, 2 Jun 2015 22:11:14 +0200 (CEST)
Date: Tue, 02 Jun 2015 22:11:14 +0200
From: Måns Nilsson <mansaxel@besserwisser.org>
To: Joe Abley <jabley@hopcount.ca>
Subject: Re: Proposed Proposed Statement on e-mail encryption at the IETF
Message-ID: <20150602200949.GF5551@besserwisser.org>
References: <DD88F4E4-6BBA-4610-BB49-3158A26DF55B@hopcount.ca> <2DA10E34-02DA-4245-9031-8C0F2749461D@vpnc.org> <9DCD66D2-A8AD-4810-A912-D2CFF2E387BC@hopcount.ca>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="7mxbaLlpDEyR1+x6"
Content-Disposition: inline
In-Reply-To: <9DCD66D2-A8AD-4810-A912-D2CFF2E387BC@hopcount.ca>
X-URL: http://vvv.besserwisser.org
X-Clacks-Overhead: "GNU Sir Terry Pratchett"
X-Purpose: More of everything NOW!
X-happyness: Life is good.
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/-QbO2YtPRllGtU6A2e1IYin35Aw>
Cc: Paul Hoffman <paul.hoffman@vpnc.org>, IETF Discussion Mailing List <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jun 2015 20:11:17 -0000
Subject: Re: Proposed Proposed Statement on e-mail encryption at the IETF Date: Tue, Jun 02, 2015 at 07:08:15PM +0100 Quoting Joe Abley (jabley@hopcount.ca): > But agreed, if the IETF was able to show that its work conducted by > e-mail could incorporate cryptography in such a way that it was a > benefit to all concerned rather than a headache, I think that would > be great. I think we have achieved this in one way; we now accept and deliver e-mail via SMTP using TLS. Everyone should do this, as long as they don't risk ending up in jail for doing it. (for those cases and for RFC 854 debugging, we keep the downgrade option. Reluctantly. Building an interceptor that strips the TLS offers from the SMTP dialogue and effects a downgrade attack is trivial. More often than not this device is "the firewall". QED.) Another way we've dogfooded in this area is by signing email. (And that might be done via any of the unuseable protocols. I pretend I don't care, to keep Joe on his chair.) There are operational, direct advantages from signing email today. Everyone who some day might want to send a sensitive e-mail over any network ought to think very hard about climbing on the mechanical bull known as "getting PGP to work in my email setup (and with some security at that)." Signed email is not "au contraire" to the open nature of IETF lists. It serves as verification and reassurement. I somewhat keep repeating myself. But we can do, and actually do, this, today. Now, getting DANE data for the IETF SMTP TLS certs going, and perhaps working on fetching that data into the validation process of some well-known MUAs, that would be a good step. -- Måns Nilsson primary/secondary/besserwisser/machina MN-1334-RIPE +46 705 989668 I am a traffic light, and Alan Ginzberg kidnapped my laundry in 1927!
- Proposed Proposed Statement on e-mail encryption … Joe Abley
- RE: Proposed Proposed Statement on e-mail encrypt… MH Michael Hammer (5304)
- Re: Proposed Proposed Statement on e-mail encrypt… Russ Housley
- Re: Proposed Proposed Statement on e-mail encrypt… Jari Arkko
- Re: Proposed Proposed Statement on e-mail encrypt… Stephen Farrell
- Re: Proposed Proposed Statement on e-mail encrypt… Xiaoyin Liu
- Re: Proposed Proposed Statement on e-mail encrypt… Xiaoyin Liu
- Re: Proposed Proposed Statement on e-mail encrypt… Joe Abley
- Re: Proposed Proposed Statement on e-mail encrypt… Hector Santos
- Re: Proposed Proposed Statement on e-mail encrypt… Phillip Hallam-Baker
- Re: Proposed Proposed Statement on e-mail encrypt… Joe Abley
- Re: Proposed Proposed Statement on e-mail encrypt… Måns Nilsson
- Re: Proposed Proposed Statement on e-mail encrypt… John Levine
- Re: Proposed Proposed Statement on e-mail encrypt… John Levine
- Re: Proposed Proposed Statement on e-mail encrypt… Paul Hoffman
- Re: Proposed Proposed Statement on e-mail encrypt… Nico Williams
- Re: Proposed Proposed Statement on e-mail encrypt… Nico Williams
- Re: Proposed Proposed Statement on e-mail encrypt… Phillip Hallam-Baker
- Re: Proposed Proposed Statement on e-mail encrypt… Joe Abley
- Re: Proposed Proposed Statement on e-mail encrypt… Joe Abley
- Re: Proposed Proposed Statement on e-mail encrypt… Paul Hoffman
- Re: Proposed Proposed Statement on e-mail encrypt… Joe Abley
- Re: Proposed Proposed Statement on e-mail encrypt… Paul Wouters
- Re: Proposed Proposed Statement on e-mail encrypt… Måns Nilsson
- Re: Proposed Proposed Statement on e-mail encrypt… Matt Mathis
- Re: Proposed Proposed Statement on e-mail encrypt… Brian E Carpenter
- Re: Proposed Proposed Statement on e-mail encrypt… Phillip Hallam-Baker
- Re: Proposed Proposed Statement on e-mail encrypt… Warren Kumari
- Re: Proposed Proposed Statement on e-mail encrypt… Hector Santos
- Re: Proposed Proposed Statement on e-mail encrypt… Måns Nilsson
- Re: Proposed Proposed Statement on e-mail encrypt… John C Klensin
- Re: Proposed Proposed Statement on e-mail encrypt… Joe Abley
- Re: Proposed Proposed Statement on e-mail encrypt… Glen