Re: Proposed Proposed Statement on e-mail encryption at the IETF

[Måns Nilsson <mansaxel@besserwisser.org>]

Subject: Re: Proposed Proposed Statement on e-mail encryption at the IETF Date: Tue, Jun 02, 2015 at 07:08:15PM +0100 Quoting Joe Abley (jabley@hopcount.ca):
 
> But agreed, if the IETF was able to show that its work conducted by
> e-mail could incorporate cryptography in such a way that it was a
> benefit to all concerned rather than a headache, I think that would
> be great.

I think we have achieved this in one way; we now accept and deliver
e-mail via SMTP using TLS. Everyone should do this, as long as they
don't risk ending up in jail for doing it. (for those cases and for
RFC 854 debugging, we keep the downgrade option. Reluctantly. Building
an interceptor that strips the TLS offers from the SMTP dialogue and
effects a downgrade attack is trivial. More often than not this device is
"the firewall". QED.)

Another way we've dogfooded in this area is by signing email. (And that
might be done via any of the unuseable protocols. I pretend I don't care,
to keep Joe on his chair.)  There are operational, direct advantages
from signing email today.  Everyone who some day might want to send a
sensitive e-mail over any network ought to think very hard about climbing
on the mechanical bull known as "getting PGP to work in my email setup
(and with some security at that)." Signed email is not "au contraire" to
the open nature of IETF lists. It serves as verification and reassurement.

I somewhat keep repeating myself.  But we can do, and actually do,
this, today. Now, getting DANE data for the IETF SMTP TLS certs going,
and perhaps working on fetching that data into the validation process
of some well-known MUAs, that would be a good step.

-- 
Måns Nilsson     primary/secondary/besserwisser/machina
MN-1334-RIPE                             +46 705 989668
I am a traffic light, and Alan Ginzberg kidnapped my laundry in 1927!