IETF Logo Mail Archive

Re: the introduction problem, was Email and reputation (was Re: Service outages planned for April 25)

Christian Huitema <huitema@huitema.net> Tue, 03 May 2022 05:59 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 80FD9C157B4B for <ietf@ietfa.amsl.com>; Mon, 2 May 2022 22:59:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.744
X-Spam-Level:
X-Spam-Status: No, score=-3.744 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-1.857, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2qoH9q8wXfUx for <ietf@ietfa.amsl.com>; Mon, 2 May 2022 22:59:37 -0700 (PDT)
Received: from mx36-out21.antispamcloud.com (mx36-out21.antispamcloud.com [209.126.121.69]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A7563C157B3E for <ietf@ietf.org>; Mon, 2 May 2022 22:59:37 -0700 (PDT)
Received: from xse467.mail2web.com ([66.113.197.213] helo=xse.mail2web.com) by mx258.antispamcloud.com with esmtp (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1nllZM-000D7E-58 for ietf@ietf.org; Tue, 03 May 2022 07:59:36 +0200
Received: from xsmtp22.mail2web.com (unknown [10.100.68.61]) by xse.mail2web.com (Postfix) with ESMTPS id 4Ksq6V6Fs6z9mP for <ietf@ietf.org>; Mon, 2 May 2022 22:59:30 -0700 (PDT)
Received: from [10.5.2.15] (helo=xmail05.myhosting.com) by xsmtp22.mail2web.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1nllZK-0004lI-Nx for ietf@ietf.org; Mon, 02 May 2022 22:59:30 -0700
Received: (qmail 18766 invoked from network); 3 May 2022 05:59:30 -0000
Received: from unknown (HELO [192.168.1.107]) (Authenticated-user:_huitema@huitema.net@[172.58.43.164]) (envelope-sender <huitema@huitema.net>) by xmail05.myhosting.com (qmail-ldap-1.03) with ESMTPA for <moore@network-heretics.com>; 3 May 2022 05:59:30 -0000
Message-ID: <0abc737b-839a-ba8e-88c2-64b7f069a9c7@huitema.net>
Date: Mon, 02 May 2022 22:59:28 -0700
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.8.1
Content-Language: en-US
To: Keith Moore <moore@network-heretics.com>, ietf@ietf.org
References: <dcc27c29-51f8-c2a4-8ce4-ee1a3c6cb017@nostrum.com> <AAE3C51B-0150-483C-8244-3D60BC31B19A@tzi.org> <2c5df733-0f86-d319-b886-81882328caa9@network-heretics.com> <1870005490.14504.1651151102962@appsuite-gw1.open-xchange.com> <t4f3j1$1mpc$1@gal.iecc.com> <626060406.28268.1651487745123@appsuite-gw1.open-xchange.com> <2480fd36-c16a-6d98-ddac-15d02259ffbe@taugh.com> <837df6ce-a771-ff2f-515b-1021cc242c23@network-heretics.com>
From: Christian Huitema <huitema@huitema.net>
Subject: Re: the introduction problem, was Email and reputation (was Re: Service outages planned for April 25)
In-Reply-To: <837df6ce-a771-ff2f-515b-1021cc242c23@network-heretics.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Originating-IP: 66.113.197.213
X-Spampanel-Domain: xsmtpout.mail2web.com
X-Spampanel-Username: 66.113.197.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=66.113.197.0/24@xsmtpout.mail2web.com
X-Spampanel-Outgoing-Class: unsure
X-Spampanel-Outgoing-Evidence: Combined (0.15)
X-Recommended-Action: accept
X-Filter-ID: Pt3MvcO5N4iKaDQ5O6lkdGlMVN6RH8bjRMzItlySaT9WLQux0N3HQm8ltz8rnu+BPUtbdvnXkggZ 3YnVId/Y5jcf0yeVQAvfjHznO7+bT5x9j7219Tb9QoiGKb6esGsuKj/EwzSHE5FGYwwjsNRPCDxa 61rHcR9kFFblXSb3CFLmD6wdmZPcItWbGe10hXJtXL4FsauCVkDjmcYJdU3yWp7KuHNaaKdg7iBE ZefdsNUFWKwa/wzJUjmazeC7ImcaNOiP8tKCLoTs73rCt+paKRQ6V51u76v35b1wNe/MvdJPWWqi c9eoDWW+hxVOsiYx2+J9PgaoF8SQHto3le4zsHTaeQtlKubP6iUTjj6yPARK6buALVaA782LKxg6 vRmng8N1aLhXqdc+jC1RcnVud53D5caUhbVtvqItBqoizkEt9O20UjkwI0v+LOlw05G4BS+iyyNq bT8dUMXMJ4tUCMj6G37ZfAMLceP5aNHPt26RBupu5v1nytoNnc138GfEJRQ2qC7jjynPIHPNqSn4 QTXUjLjYWQt1/5xnQymMoPsgr/U0flMcy2Vi/IcBgY4arPaiJ1W6hAyiRC61jekdwIcXNugoOEbH RyFULpSjm7hMIABpqqRGKyDs8xujM3cq7Rvkiy9CGpqIMbF0Ys3gbbTM+8h0ZeLzUTnYykE8gpXd yaXQU+NO58SmSZE835gDEnFzsC48bTEFY06/YbB87Ww8G0LoS8V3Mt1pta8qAcLtCB3G1CwpaI3Z 4ESkMWDVJEenxBoIht3V0nekAoxXArQeD1yGzZ4RZLSqs8Sx5+CyuLfHqAnAj7rgKH7+eCmmvuLi bjSYlgG11Ob4a0767VShcA6Xvva2QAVEjpqzANbJ1UfXmet2cbFKoyT/OdZLBDRiDDABEmRAhZEy usx3bG0AuXq0T17woJo3avKeADIsy647Mn0zwmGzAi3Zn+YdthRNgs7Ig4l/XErpYn3glZTKFuaT l19W3ISq9+1KiLsESGU+y+fjdgjudZxiTPi+MG1QP35nsYfP84c+RFK3KiZuZ5OAUoGBziSYFLZu u6zX3xxsmqT8l9ARlsTalAaf
X-Report-Abuse-To: spam@quarantine11.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/6V832HzuSrugXSNhejQ0T-6Q6Yo>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 May 2022 05:59:40 -0000

On 5/2/2022 9:24 PM, Keith Moore wrote:
> On 5/2/22 09:20, John R Levine wrote:
>
>> We have several decades of S/MIME and PGP failing because nobody 
>> knows how to do key distribution at scale.
>
> ...
>
> User interface issues seem like some of the more significant problems 
> because (for example) it really does make sense for the President's 
> secretary to sign an email from the President.  How do you communicate 
> to users who has the authority to sign something for purpose A but not 
> purpose B?  And yet, humans have been doing similar things with 
> signatures on paper for many centuries.   I don't think it's an 
> unsolvable problem unless perhaps you want to cram all of that 
> information on a watch face.
...
> So I see a lot of careful engineering that's needed, and a lot of user 
> interface work (which is admittedly problematic for IETF), and 
> probably some hard political work by honest people to overcome the 
> efforts of dishonest people who will try to subvert it (whether or not 
> they believe they're doing good).
>
> But I don't think there are fundamentally unsolvable technical 
> problems, so much as problems that make people uncomfortable - because 
> there's no simple system that spans a wide enough range of compromises 
> to suit everyone.   But that doesn't mean that there's no system that 
> doesn't solve most people's problems.


There are many technical problems, but there also some pretty 
fundamental User Interaction issues. The way I think of this problem is 
"I want to find the electronic address of the person whom I call Alice 
Example". That kind of name is not unique in general, but it is unique 
enough for me -- cryptographers often refer to this as a "pet name". 
Doing that in a centralized service is hard. You have to assume that a 
variety of phishers are going to try insert their own set of metadata in 
the service database. I might have better chances asking my friends, who 
may well understand who I refer to as "Alice Example". And maybe we 
could develop some kind of friend-to-friend service overlaid over a 
social network. But if we are not careful, it will be easy to leave 
enough holes to let a whole raft of phishermen through...

-- Christian Huitema

v2.23.0 | Report a Bug | By Email