Re: the introduction problem, was Email and reputation (was Re: Service outages planned for April 25)
Christian Huitema <huitema@huitema.net> Tue, 03 May 2022 05:59 UTC
Return-Path: <huitema@huitema.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 80FD9C157B4B for <ietf@ietfa.amsl.com>; Mon, 2 May 2022 22:59:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.744
X-Spam-Level:
X-Spam-Status: No, score=-3.744 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-1.857, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2qoH9q8wXfUx for <ietf@ietfa.amsl.com>; Mon, 2 May 2022 22:59:37 -0700 (PDT)
Received: from mx36-out21.antispamcloud.com (mx36-out21.antispamcloud.com [209.126.121.69]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A7563C157B3E for <ietf@ietf.org>; Mon, 2 May 2022 22:59:37 -0700 (PDT)
Received: from xse467.mail2web.com ([66.113.197.213] helo=xse.mail2web.com) by mx258.antispamcloud.com with esmtp (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1nllZM-000D7E-58 for ietf@ietf.org; Tue, 03 May 2022 07:59:36 +0200
Received: from xsmtp22.mail2web.com (unknown [10.100.68.61]) by xse.mail2web.com (Postfix) with ESMTPS id 4Ksq6V6Fs6z9mP for <ietf@ietf.org>; Mon, 2 May 2022 22:59:30 -0700 (PDT)
Received: from [10.5.2.15] (helo=xmail05.myhosting.com) by xsmtp22.mail2web.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1nllZK-0004lI-Nx for ietf@ietf.org; Mon, 02 May 2022 22:59:30 -0700
Received: (qmail 18766 invoked from network); 3 May 2022 05:59:30 -0000
Received: from unknown (HELO [192.168.1.107]) (Authenticated-user:_huitema@huitema.net@[172.58.43.164]) (envelope-sender <huitema@huitema.net>) by xmail05.myhosting.com (qmail-ldap-1.03) with ESMTPA for <moore@network-heretics.com>; 3 May 2022 05:59:30 -0000
Message-ID: <0abc737b-839a-ba8e-88c2-64b7f069a9c7@huitema.net>
Date: Mon, 02 May 2022 22:59:28 -0700
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.8.1
Content-Language: en-US
To: Keith Moore <moore@network-heretics.com>, ietf@ietf.org
References: <dcc27c29-51f8-c2a4-8ce4-ee1a3c6cb017@nostrum.com> <AAE3C51B-0150-483C-8244-3D60BC31B19A@tzi.org> <2c5df733-0f86-d319-b886-81882328caa9@network-heretics.com> <1870005490.14504.1651151102962@appsuite-gw1.open-xchange.com> <t4f3j1$1mpc$1@gal.iecc.com> <626060406.28268.1651487745123@appsuite-gw1.open-xchange.com> <2480fd36-c16a-6d98-ddac-15d02259ffbe@taugh.com> <837df6ce-a771-ff2f-515b-1021cc242c23@network-heretics.com>
From: Christian Huitema <huitema@huitema.net>
Subject: Re: the introduction problem, was Email and reputation (was Re: Service outages planned for April 25)
In-Reply-To: <837df6ce-a771-ff2f-515b-1021cc242c23@network-heretics.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Originating-IP: 66.113.197.213
X-Spampanel-Domain: xsmtpout.mail2web.com
X-Spampanel-Username: 66.113.197.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=66.113.197.0/24@xsmtpout.mail2web.com
X-Spampanel-Outgoing-Class: unsure
X-Spampanel-Outgoing-Evidence: Combined (0.15)
X-Recommended-Action: accept
X-Filter-ID: Pt3MvcO5N4iKaDQ5O6lkdGlMVN6RH8bjRMzItlySaT9WLQux0N3HQm8ltz8rnu+BPUtbdvnXkggZ 3YnVId/Y5jcf0yeVQAvfjHznO7+bT5x9j7219Tb9QoiGKb6esGsuKj/EwzSHE5FGYwwjsNRPCDxa 61rHcR9kFFblXSb3CFLmD6wdmZPcItWbGe10hXJtXL4FsauCVkDjmcYJdU3yWp7KuHNaaKdg7iBE ZefdsNUFWKwa/wzJUjmazeC7ImcaNOiP8tKCLoTs73rCt+paKRQ6V51u76v35b1wNe/MvdJPWWqi c9eoDWW+hxVOsiYx2+J9PgaoF8SQHto3le4zsHTaeQtlKubP6iUTjj6yPARK6buALVaA782LKxg6 vRmng8N1aLhXqdc+jC1RcnVud53D5caUhbVtvqItBqoizkEt9O20UjkwI0v+LOlw05G4BS+iyyNq bT8dUMXMJ4tUCMj6G37ZfAMLceP5aNHPt26RBupu5v1nytoNnc138GfEJRQ2qC7jjynPIHPNqSn4 QTXUjLjYWQt1/5xnQymMoPsgr/U0flMcy2Vi/IcBgY4arPaiJ1W6hAyiRC61jekdwIcXNugoOEbH RyFULpSjm7hMIABpqqRGKyDs8xujM3cq7Rvkiy9CGpqIMbF0Ys3gbbTM+8h0ZeLzUTnYykE8gpXd yaXQU+NO58SmSZE835gDEnFzsC48bTEFY06/YbB87Ww8G0LoS8V3Mt1pta8qAcLtCB3G1CwpaI3Z 4ESkMWDVJEenxBoIht3V0nekAoxXArQeD1yGzZ4RZLSqs8Sx5+CyuLfHqAnAj7rgKH7+eCmmvuLi bjSYlgG11Ob4a0767VShcA6Xvva2QAVEjpqzANbJ1UfXmet2cbFKoyT/OdZLBDRiDDABEmRAhZEy usx3bG0AuXq0T17woJo3avKeADIsy647Mn0zwmGzAi3Zn+YdthRNgs7Ig4l/XErpYn3glZTKFuaT l19W3ISq9+1KiLsESGU+y+fjdgjudZxiTPi+MG1QP35nsYfP84c+RFK3KiZuZ5OAUoGBziSYFLZu u6zX3xxsmqT8l9ARlsTalAaf
X-Report-Abuse-To: spam@quarantine11.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/6V832HzuSrugXSNhejQ0T-6Q6Yo>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 May 2022 05:59:40 -0000
On 5/2/2022 9:24 PM, Keith Moore wrote: > On 5/2/22 09:20, John R Levine wrote: > >> We have several decades of S/MIME and PGP failing because nobody >> knows how to do key distribution at scale. > > ... > > User interface issues seem like some of the more significant problems > because (for example) it really does make sense for the President's > secretary to sign an email from the President. How do you communicate > to users who has the authority to sign something for purpose A but not > purpose B? And yet, humans have been doing similar things with > signatures on paper for many centuries. I don't think it's an > unsolvable problem unless perhaps you want to cram all of that > information on a watch face. ... > So I see a lot of careful engineering that's needed, and a lot of user > interface work (which is admittedly problematic for IETF), and > probably some hard political work by honest people to overcome the > efforts of dishonest people who will try to subvert it (whether or not > they believe they're doing good). > > But I don't think there are fundamentally unsolvable technical > problems, so much as problems that make people uncomfortable - because > there's no simple system that spans a wide enough range of compromises > to suit everyone. But that doesn't mean that there's no system that > doesn't solve most people's problems. There are many technical problems, but there also some pretty fundamental User Interaction issues. The way I think of this problem is "I want to find the electronic address of the person whom I call Alice Example". That kind of name is not unique in general, but it is unique enough for me -- cryptographers often refer to this as a "pet name". Doing that in a centralized service is hard. You have to assume that a variety of phishers are going to try insert their own set of metadata in the service database. I might have better chances asking my friends, who may well understand who I refer to as "Alice Example". And maybe we could develop some kind of friend-to-friend service overlaid over a social network. But if we are not careful, it will be easy to leave enough holes to let a whole raft of phishermen through... -- Christian Huitema
- Service outages planned for April 25 Robert Sparks
- Re: Service outages planned for April 25 Robert Sparks
- Re: Service outages planned for April 25 tom petch
- Re: Service outages planned for April 25 Jay Daley
- Re: Service outages planned for April 25 Keith Moore
- Re: Service outages planned for April 25 Carsten Bormann
- Re: Service outages planned for April 25 Keith Moore
- Re: Service outages planned for April 25 Carsten Bormann
- Re: Service outages planned for April 25 Keith Moore
- Email and reputation (was Re: Service outages pla… Vittorio Bertola
- Re: Email and reputation (was Re: Service outages… Keith Moore
- Re: Mail is worse than everything except all the … John Levine
- Re: the introduction problem, was Email and reput… John Levine
- Re: Mail is worse than everything except all the … Keith Moore
- Re: Mail is worse than everything except all the … Phillip Hallam-Baker
- Re: Mail is worse than everything except all the … Keith Moore
- Re: Mail is worse than everything except all the … John R Levine
- Re: Mail is worse than everything except all the … Keith Moore
- Re: Mail is worse than everything except all the … touch@strayalpha.com
- Re: Mail is worse than everything except all the … Keith Moore
- Re: Mail is worse than everything except all the … Viktor Dukhovni
- Re: Mail is worse than everything except all the … Keith Moore
- Re: Mail is worse than everything except all the … touch@strayalpha.com
- Re: Mail is worse than everything except all the … Keith Moore
- Re: the introduction problem, was Email and reput… Vittorio Bertola
- Re: the introduction problem, was Email and reput… John R Levine
- Re: the introduction problem, was Email and reput… Keith Moore
- Re: the introduction problem, was Email and reput… Viktor Dukhovni
- Re: the introduction problem, was Email and reput… Christian Huitema
- Re: the introduction problem, was Email and reput… Keith Moore
- Re: the introduction problem, was Email and reput… Keith Moore
- Re: the introduction problem, was Email and reput… Viktor Dukhovni
- Re: the introduction problem, was Email and reput… Masataka Ohta
- Re: the introduction problem, was Email and reput… Keith Moore
- Re: the introduction problem, was Email and reput… Masataka Ohta
- Re: the introduction problem, was Email and reput… Viktor Dukhovni
- Re: the introduction problem, was Email and reput… Keith Moore
- Re: the introduction problem, was Email and reput… Michael Richardson
- Re: the introduction problem, was Email and reput… Laurence Lundblade
- Re: the introduction problem, was Email and reput… Keith Moore
- Re: the introduction problem, was Email and reput… John Levine
- Re: the introduction problem, was Email and reput… Lyndon Nerenberg (VE7TFX/VE6BBM)
- Re: mail crypto, was the introduction problem, wa… John Levine
- Re: mail crypto, was the introduction problem, wa… Keith Moore
- Re: mail crypto, was the introduction problem, wa… Christopher Morrow
- Re: mail crypto, was the introduction problem, wa… Keith Moore
- Re: mail crypto, was the introduction problem, wa… John Levine
- Re: mail crypto, was the introduction problem, wa… Keith Moore
- Re: mail crypto, was the introduction problem, wa… Christopher Morrow
- Re: mail crypto, was the introduction problem, wa… Keith Moore
- Deployment strategy for email+ Was: Mail is worse… Phillip Hallam-Baker
- Re: mail crypto, was the introduction problem, wa… Phillip Hallam-Baker
- Re: the introduction problem, was Email and reput… Phillip Hallam-Baker
- Re: the introduction problem, was Email and reput… Phillip Hallam-Baker
- Re: the introduction problem, was Email and reput… John Levine
- Re: the introduction problem, was Email and reput… Keith Moore
- Re: the introduction problem, was Email and reput… Phillip Hallam-Baker
- Re: the introduction problem, was Email and reput… John R Levine
- Re: the introduction problem, was Email and reput… Phillip Hallam-Baker
- Re: the introduction problem, was Email and reput… Masataka Ohta
- Re: the introduction problem, was Email and reput… Masataka Ohta
- Trying to do too much (was Re: the introduction p… Jim Fenton
- Re: Trying to do too much (was Re: the introducti… lloyd.wood@yahoo.co.uk
- Re: Trying to do too much (was Re: the introducti… Phillip Hallam-Baker
- Re: Trying to do too much (was Re: the introducti… Keith Moore
- Re: Trying to do too much (was Re: the introducti… Keith Moore
- Re: Trying to do too much (was Re: the introducti… Michael Richardson
- Re: Trying to do too much (was Re: the introducti… Masataka Ohta
- Re: Trying to do too much (was Re: the introducti… Masataka Ohta
- Re: potable e-mail, now Trying to do too much (wa… John Levine
- Re: Trying to do too much (was Re: the introducti… Phillip Hallam-Baker
- Re: Trying to do too much (was Re: the introducti… Phillip Hallam-Baker
- Re: potable e-mail, now Trying to do too much (wa… Michael Richardson
- Re: Trying to do too much (was Re: the introducti… Keith Moore
- Re: portable e-mail, now Trying to do too much (w… John R Levine
- Re: potable e-mail, now Trying to do too much (wa… Keith Moore
- Re: Trying to do too much (was Re: the introducti… Masataka Ohta
- Re: potable e-mail, now Trying to do too much (wa… Masataka Ohta
- Re: portable e-mail, now Trying to do too much (w… Michael Richardson
- Re: portable e-mail, now Trying to do too much (w… John Levine
- Re: portable e-mail, now Trying to do too much (w… Michael Richardson
- We are not a mail forwarding service Carsten Bormann
- Re: We are not a mail forwarding service John R Levine
- ugly hacks (was: Re: We are not a mail forwarding… Keith Moore
- Re: ugly hacks (was: Re: We are not a mail forwar… John Levine
- Re: ugly hacks (was: Re: We are not a mail forwar… Keith Moore
- Re: We are not a mail forwarding service Robert Sparks
- Re: We are not a mail forwarding service Carsten Bormann
- Re: portable e-mail, now Trying to do too much (w… Phillip Hallam-Baker
- Re: potable e-mail, now Trying to do too much (wa… Phillip Hallam-Baker
- Re: portable e-mail, now Trying to do too much (w… Keith Moore
- Re: portable e-mail, now Trying to do too much (w… Phillip Hallam-Baker