IETF Logo Mail Archive

Re: Scope for self-destructing email?

Christian Huitema <huitema@huitema.net> Thu, 17 August 2017 06:28 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 54B6D13219E for <ietf@ietfa.amsl.com>; Wed, 16 Aug 2017 23:28:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H0D2xaFEBu_x for <ietf@ietfa.amsl.com>; Wed, 16 Aug 2017 23:28:42 -0700 (PDT)
Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com [138.201.61.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9A8CF126C2F for <ietf@ietf.org>; Wed, 16 Aug 2017 23:28:42 -0700 (PDT)
Received: from xsmtp31.mail2web.com ([168.144.250.234] helo=xsmtp11.mail2web.com) by mx19.antispamcloud.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.89) (envelope-from <huitema@huitema.net>) id 1diEIE-0003hQ-80 for ietf@ietf.org; Thu, 17 Aug 2017 08:28:40 +0200
Received: from [10.5.2.18] (helo=xmail08.myhosting.com) by xsmtp11.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1diEI9-0005Z7-Aw for ietf@ietf.org; Thu, 17 Aug 2017 02:28:33 -0400
Received: (qmail 14162 invoked from network); 17 Aug 2017 06:28:26 -0000
Received: from unknown (HELO [192.168.1.103]) (Authenticated-user:_huitema@huitema.net@[172.56.42.132]) (envelope-sender <huitema@huitema.net>) by xmail08.myhosting.com (qmail-ldap-1.03) with ESMTPA for <ietf@ietf.org>; 17 Aug 2017 06:28:26 -0000
To: ietf@ietf.org
References: <20170816225637.4431.qmail@ary.lan> <7352544b-8626-fb30-b74f-48b62110b7cf@gmail.com> <39610B4F-8DE6-4E19-A6C8-5FAB882DD524@orthanc.ca> <CAMm+LwgqnPx2VBaoaWuU_YW547oRhQDTo48t4BokcwKqRSO+bw@mail.gmail.com> <F0EECBF6-F48E-425B-A6E8-65E5183FD36E@nbcuni.com> <CAMm+LwiT8+oiLwSX_9bekiDY6_3njbW9W_jKnP9FJkRYqwqRcQ@mail.gmail.com>
From: Christian Huitema <huitema@huitema.net>
Message-ID: <a6492c82-2b16-b087-c554-8ca38c8f5e84@huitema.net>
Date: Wed, 16 Aug 2017 23:28:25 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <CAMm+LwiT8+oiLwSX_9bekiDY6_3njbW9W_jKnP9FJkRYqwqRcQ@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------4CFB2EBEC99B2B438352FD8F"
Subject: Re: Scope for self-destructing email?
X-Originating-IP: 168.144.250.234
X-SpamExperts-Domain: xsmtpout.mail2web.com
X-SpamExperts-Username: 168.144.250.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=168.144.250.0/24@xsmtpout.mail2web.com
X-SpamExperts-Outgoing-Class: unsure
X-SpamExperts-Outgoing-Evidence: Combined (0.21)
X-Recommended-Action: accept
X-Filter-ID: PqwsvolAWURa0gwxuN3S5YEa3T7JuZT23fGO2rGt3ZgTCGhDnudOJ80D1c8rffxrus7BTv7Ss8cH d2IQQuvdbtM+m4WpRRDP6YzwkAPgQJY8hyefn/FOeAH6Zsqubs62ND46yZLY9QyX+cRXmooQ3hum JwiT+2brWmQlzkLIcXivpIH4ag6BM/+u9ym+BA23zTdcqT02f+vocg6pOUeZvjRN6JmsfZVbaHnz h7m8mZTu1/LFrfSKlBcXEO+Bnz6OYOEkjsX7F8KmpUaZQHV+SWsC1ltxhvDAAiytf1zpGXO2G5Pj 7iQJEmtNUzH3idZ6uMF2OhyCCCV83x+RZrKIj0QqMGQOSwmEPwP4wBzM77N8GvkYGGDFjg9NrmGY yNnXsSjdYwfRhjHqxQXDsBKLpKOHi0RYvlOYvJoUtCbvS/b6lO4FGen962xgCFRckncKfg1XSK9P 1z/R6plfrFWGydPOISCknCUaMSIT6AczNEveNHk15VolAGHS5rCXQKDym+Gab6cuAPzLi/SdAxlO dgkraHgbbAuZgv0Q6mJ3vUcipz1IT62ZEk6+MmovaufbiR3bHfnMCIEU+nrglojKwMr3vOY18GvB wSXAfWcj237lbbxdoi07KbLoeZB/AeCPNdSMuNhZC3X/nGdDKYyg+1Fotn1TGspRGWfHjmaruO0b XpkevaElTi+sCWwmqxHi+BUHXGjp0J8FpT+J6AFTxuD+VwmBZ+w9Rx50ybtFDGs078I0y+3uS4dN KiUgYTBU2GOrYDdWXqXFPJChI1ipI4AbiteDwjw8P7mx/NBHSRWxZaHLvUGmD7PXY2RS8idsz7fr MHsNPRylYAkPvY1HttQOF909qtkcRbvucYBIc/TSiGRBfhCjzofKjrwJNQRY0i13zjCiwPgdt77s k1WBMw==
X-Report-Abuse-To: spam@quarantine5.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/6l-UV6bU5x1qsK1Te5HC0yvZuII>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Aug 2017 06:28:45 -0000

On 8/16/2017 9:43 PM, Phillip Hallam-Baker wrote:

> On Wed, Aug 16, 2017 at 11:47 PM, Deen, Glenn (NBCUniversal)
> <Glenn.Deen@nbcuni.com <mailto:Glenn.Deen@nbcuni.com>> wrote:
>
>     The key issue is that no method currently in existence can defeat
>     a camera taking a picture of the screen.  That will always let an
>     authorized receiver make a permanent copy of the email and do what
>     they want with it.  Yes, you may be throwing away repudiation and
>     signature information, but they will have the contents of the mail.
>
>
> ​ Absolutely true. And really serious for some applications. But
> consider the Game of Thrones hack, a screen capture would be serious,
> yes. But nowhere near as serious as having the final cut leak in HD.
>
> ​ The kids are using snapchat because their principle security concern
> is that the receiver will forget to delete the pics they send and they
> will end up with the parents. They understand full well that they can
> photograph the screen of one phone with another.
>
> The perfect is the enemy of the good. 
>  
Yes. The threat model here is not that the recipient will somehow
divulge the message. Of course they can. The problem is that copies of
the message are kept in multiple places.

If the recipient is cooperating, that is not an unsolvable problem.
Suppose that the recipient's copy is encrypted with a short lived public
key, and that the recipient voluntarily discards the corresponding
private key after some time. There may well be copies of the bits around
in many places, but nobody would be able to decrypt them. Of course,
this requires that the sender acquires an ephemeral key from the
recipient before sending the message. That may be hard to do in
practice. But it is certainly doable.

-- 
Christian Huitema

v2.23.0 | Report a Bug | By Email