Re: potable e-mail, now Trying to do too much (was Re: the introduction problem, etc.)
Phillip Hallam-Baker <phill@hallambaker.com> Sun, 22 May 2022 20:52 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CCC5DC2B0009 for <ietf@ietfa.amsl.com>; Sun, 22 May 2022 13:52:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.403
X-Spam-Level:
X-Spam-Status: No, score=-1.403 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.248, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2nII0Ail1UtC for <ietf@ietfa.amsl.com>; Sun, 22 May 2022 13:52:13 -0700 (PDT)
Received: from mail-yw1-f177.google.com (mail-yw1-f177.google.com [209.85.128.177]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A8821C2B001F for <ietf@ietf.org>; Sun, 22 May 2022 13:52:13 -0700 (PDT)
Received: by mail-yw1-f177.google.com with SMTP id 00721157ae682-2ef5380669cso129198857b3.9 for <ietf@ietf.org>; Sun, 22 May 2022 13:52:13 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=g6LdcKam947ZWooBkilW374xMN67mbi2vKeDv7Lxtfk=; b=Y8KJ8EzGUV+S3LQCOhpOoTndl3LZn0qiT0gURuzlHmfZZJ6uaICtDQ6acWlX6aJ92J 3N/4znzEihjfiP4MnVpbaUr0d/vkFx581vNdir9y0PS2e5Y2hat/g5tcKnzyAoAIjarG //J5F/6+jUmuROQ0WlkBtuxB9gszqG7DU0lDW/dTObrI5n4Bw2sa/thuDNraA/fXZ74r uGjBVImrMA+2ovE8j/2UybASPN5JedOUAym+NzbLjNUrPlxOsAw54/U+5STsWhAoKsSl h3Fy9KH23p2LXwJR+Zc81C2MngQ2ghkqBL4incOKNEawLhb8yXdrP8Wa2OzFJ78hlVQ5 PRJg==
X-Gm-Message-State: AOAM531ottlluiI4TXtkb62XMww6aF6Q0wpD6fRwOUuLpo5IB/SLot2F MXzpMm9WIcdbjevMG3Dio5zxXQmCFwqFeXWWzHdxjB9vUZQ=
X-Google-Smtp-Source: ABdhPJwMr7uYyO+4nlUaDQMOIS/o6I/LUMe1Jobo6fCptqq9HI68W3rZe+Mp0jk+zm6nnIUQK9560C4ewlEZO/e3xp8=
X-Received: by 2002:a81:9a4f:0:b0:2ff:2eed:9d31 with SMTP id r76-20020a819a4f000000b002ff2eed9d31mr20112209ywg.374.1653252732721; Sun, 22 May 2022 13:52:12 -0700 (PDT)
MIME-Version: 1.0
References: <20220519164943.3DD824144C1C@ary.qy> <767453.1653002314@dooku>
In-Reply-To: <767453.1653002314@dooku>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Sun, 22 May 2022 16:52:02 -0400
Message-ID: <CAMm+LwgZGdZ0TOY_suU2htcAxN37-uyncBUn0ts+UXk8M+AyWw@mail.gmail.com>
Subject: Re: potable e-mail, now Trying to do too much (was Re: the introduction problem, etc.)
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: John Levine <johnl@taugh.com>, IETF Discussion Mailing List <ietf@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000db9d5605df9fe5e1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/1RnqQb_idWQzbkOKOBw9MdJV1Tc>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 May 2022 20:52:15 -0000
OK so how I plan to introduce portable email addresses: *Step 1: Alice creates a Mesh profile* [This does not have to be based on the Mesh but it isn't exactly a coincidence that the Mesh provides exactly the set of facilities required] A Mesh profile is a personal PKI with a hierarchy of keys that allow Alice to manage provisioning of cryptographic keys through a user experience that presents this as managing the connection of her devices to her personal Mesh. A Mesh profile has a fingerprint which is the UDF presentation of the SHA-2-512 hash of the root signing key: MDDK7-N6A72-7AJZN-OSTRX-XKS7D-JAFXI *Step 2: Alice creates one or more contact assertions* A Mesh contact assertion contains all the information in an iCard but with the important difference that it is signed under a key that provides a validation chain up to Alice's root signing key. The contact assertion contains entries for all Alice's information she wants to disclose to the people she shares the contact entry with. So: UDF: MDDK7-N6A72-7AJZN-OSTRX-XKS7D-JAFXI SMTP: alice@example.com MeshService: example.com OpenPGP: <PGP public key> S/MIME: <S/MIME certs> SSH: <SSH keypair> Signal: <identifier>/<public key> ContactUpdate: http://update.example.com/MDDK7-N6A72-7AJZN-OSTRX-XKS7D-JAFXI ContactUpdate: mcu:MDDK7-N6A72-7AJZN-OSTRX-XKS7D-JAFXI Leaving aside the passive aggressive threat to reverse engineer someone's open source walled garden, the important part is the last. The contact assertion can provide instructions on how to get updates. So when Alice sheares a Mesh contact with a person, it isn't just that a static business card she is sharing, it is a dynamic resource. So note that I have achieved email address portability without introducing callsigns. And those don't actually come for quite a while either. *Step 3: Alice shares contact information through various modalities* The strongest contact binding is arguably Alice and Bob meet together and bump phones. Currently I have a QR protocol for this. Except that the scanning side is not yet functional because it is blocked on that functionality becoming available in MAUI. We can also imagine modalities where Alice and Bob bump phones via Bluetooth. The code also provides a mechanism that allows Alice to exchange contact information through Mesh messaging. Contact exchange actually comprises two separate functions: 1) The recipient obtains the permission to contact Alice 2) Alice grants authorization to the recipient to make use of specific messaging modalities. Mesh Messaging modalities do not currently include what is thought of as 'mail messaging', the messages are limited to 32KB. But it does support contact exchange, group membership invites and 2 factor authentication. Right now I am adding invoicing, payment and chat messaging exchanges. Adding you to my contacts catalog does not mean I am giving you permission to invoice me. The big difference between Mesh Messaging an SMTP is that every inbound message is subject to access control. *OK, so why introduce callsigns at all?* Callsigns are simply a consequence of the need to allow Alice to switch her Mesh Service Provider in the case where they are not willing to cooperate by participating in forwarding. To make this work, Alice needs to register her contact with a service that provides the forwarding capability. So this initially publishes: UDF: MDDK7-N6A72-7AJZN-OSTRX-XKS7D-JAFXI MeshService: example.com Alice moves to example.net and pushes out a new assertion to the forwarding service: UDF: MDDK7-N6A72-7AJZN-OSTRX-XKS7D-JAFXI MeshService: example.net This is not just a forwarding service for her Mesh account though.* Alice can issue a new contact assertion updating her SMTP email address as well.* So the real value of Mesh Contact assertions is that they are dynamic and provide portability for all contact information by means of any protocol. There is only one small problem with the scheme so far and that is that the forwarder does not have a business model. I am currently putting a significant amount of funding into the Mesh but keeping a service running in perpetuity at six figures a year would require a significant endowment and if the system took off, the scheme will require more than six figures to run. So looking at what it takes to run the forwarding service right, I worked out that I could turn it into a naming/discovery system by allowing registrations of the form: UDF: MDDK7-N6A72-7AJZN-OSTRX-XKS7D-JAFXI MeshService: example.com Callsign: @Alice Besides providing a funding model for the Mesh Foundation, Callsigns also solve the problem of how Bob can give Alice's contact information to Carol over the telephone, how Alice can put her contact address on papers, etc. etc. Callsigns can be chosen for memorability but fingerprints of public keys really cannot. Now to be fair, only a small number of people can have callsigns as short as @Alice. So @Alice_Lastname is probably a more representative approach. And as people know, I plan to sell short names at a premium to fund the foundation. *Issues I glossed over* OK so I have glossed over a heck of a lot of issues here. What happens if Mallet puts Alice's SMTP email in his own contact assertion? What happens during a service transition where senders may be using a 'stale' contact address? I do have answers, some involve the word 'Bloom' and 'filter'. This is not my first rodeo, I have spent 30 years making other people's designs work a lot better, I am aware of these issues.
- Service outages planned for April 25 Robert Sparks
- Re: Service outages planned for April 25 Robert Sparks
- Re: Service outages planned for April 25 tom petch
- Re: Service outages planned for April 25 Jay Daley
- Re: Service outages planned for April 25 Keith Moore
- Re: Service outages planned for April 25 Carsten Bormann
- Re: Service outages planned for April 25 Keith Moore
- Re: Service outages planned for April 25 Carsten Bormann
- Re: Service outages planned for April 25 Keith Moore
- Email and reputation (was Re: Service outages pla… Vittorio Bertola
- Re: Email and reputation (was Re: Service outages… Keith Moore
- Re: Mail is worse than everything except all the … John Levine
- Re: the introduction problem, was Email and reput… John Levine
- Re: Mail is worse than everything except all the … Keith Moore
- Re: Mail is worse than everything except all the … Phillip Hallam-Baker
- Re: Mail is worse than everything except all the … Keith Moore
- Re: Mail is worse than everything except all the … John R Levine
- Re: Mail is worse than everything except all the … Keith Moore
- Re: Mail is worse than everything except all the … touch@strayalpha.com
- Re: Mail is worse than everything except all the … Keith Moore
- Re: Mail is worse than everything except all the … Viktor Dukhovni
- Re: Mail is worse than everything except all the … Keith Moore
- Re: Mail is worse than everything except all the … touch@strayalpha.com
- Re: Mail is worse than everything except all the … Keith Moore
- Re: the introduction problem, was Email and reput… Vittorio Bertola
- Re: the introduction problem, was Email and reput… John R Levine
- Re: the introduction problem, was Email and reput… Keith Moore
- Re: the introduction problem, was Email and reput… Viktor Dukhovni
- Re: the introduction problem, was Email and reput… Christian Huitema
- Re: the introduction problem, was Email and reput… Keith Moore
- Re: the introduction problem, was Email and reput… Keith Moore
- Re: the introduction problem, was Email and reput… Viktor Dukhovni
- Re: the introduction problem, was Email and reput… Masataka Ohta
- Re: the introduction problem, was Email and reput… Keith Moore
- Re: the introduction problem, was Email and reput… Masataka Ohta
- Re: the introduction problem, was Email and reput… Viktor Dukhovni
- Re: the introduction problem, was Email and reput… Keith Moore
- Re: the introduction problem, was Email and reput… Michael Richardson
- Re: the introduction problem, was Email and reput… Laurence Lundblade
- Re: the introduction problem, was Email and reput… Keith Moore
- Re: the introduction problem, was Email and reput… John Levine
- Re: the introduction problem, was Email and reput… Lyndon Nerenberg (VE7TFX/VE6BBM)
- Re: mail crypto, was the introduction problem, wa… John Levine
- Re: mail crypto, was the introduction problem, wa… Keith Moore
- Re: mail crypto, was the introduction problem, wa… Christopher Morrow
- Re: mail crypto, was the introduction problem, wa… Keith Moore
- Re: mail crypto, was the introduction problem, wa… John Levine
- Re: mail crypto, was the introduction problem, wa… Keith Moore
- Re: mail crypto, was the introduction problem, wa… Christopher Morrow
- Re: mail crypto, was the introduction problem, wa… Keith Moore
- Deployment strategy for email+ Was: Mail is worse… Phillip Hallam-Baker
- Re: mail crypto, was the introduction problem, wa… Phillip Hallam-Baker
- Re: the introduction problem, was Email and reput… Phillip Hallam-Baker
- Re: the introduction problem, was Email and reput… Phillip Hallam-Baker
- Re: the introduction problem, was Email and reput… John Levine
- Re: the introduction problem, was Email and reput… Keith Moore
- Re: the introduction problem, was Email and reput… Phillip Hallam-Baker
- Re: the introduction problem, was Email and reput… John R Levine
- Re: the introduction problem, was Email and reput… Phillip Hallam-Baker
- Re: the introduction problem, was Email and reput… Masataka Ohta
- Re: the introduction problem, was Email and reput… Masataka Ohta
- Trying to do too much (was Re: the introduction p… Jim Fenton
- Re: Trying to do too much (was Re: the introducti… lloyd.wood@yahoo.co.uk
- Re: Trying to do too much (was Re: the introducti… Phillip Hallam-Baker
- Re: Trying to do too much (was Re: the introducti… Keith Moore
- Re: Trying to do too much (was Re: the introducti… Keith Moore
- Re: Trying to do too much (was Re: the introducti… Michael Richardson
- Re: Trying to do too much (was Re: the introducti… Masataka Ohta
- Re: Trying to do too much (was Re: the introducti… Masataka Ohta
- Re: potable e-mail, now Trying to do too much (wa… John Levine
- Re: Trying to do too much (was Re: the introducti… Phillip Hallam-Baker
- Re: Trying to do too much (was Re: the introducti… Phillip Hallam-Baker
- Re: potable e-mail, now Trying to do too much (wa… Michael Richardson
- Re: Trying to do too much (was Re: the introducti… Keith Moore
- Re: portable e-mail, now Trying to do too much (w… John R Levine
- Re: potable e-mail, now Trying to do too much (wa… Keith Moore
- Re: Trying to do too much (was Re: the introducti… Masataka Ohta
- Re: potable e-mail, now Trying to do too much (wa… Masataka Ohta
- Re: portable e-mail, now Trying to do too much (w… Michael Richardson
- Re: portable e-mail, now Trying to do too much (w… John Levine
- Re: portable e-mail, now Trying to do too much (w… Michael Richardson
- We are not a mail forwarding service Carsten Bormann
- Re: We are not a mail forwarding service John R Levine
- ugly hacks (was: Re: We are not a mail forwarding… Keith Moore
- Re: ugly hacks (was: Re: We are not a mail forwar… John Levine
- Re: ugly hacks (was: Re: We are not a mail forwar… Keith Moore
- Re: We are not a mail forwarding service Robert Sparks
- Re: We are not a mail forwarding service Carsten Bormann
- Re: portable e-mail, now Trying to do too much (w… Phillip Hallam-Baker
- Re: potable e-mail, now Trying to do too much (wa… Phillip Hallam-Baker
- Re: portable e-mail, now Trying to do too much (w… Keith Moore
- Re: portable e-mail, now Trying to do too much (w… Phillip Hallam-Baker