Re: Proposed Proposed Statement on e-mail encryption at the IETF

John C Klensin <john-ietf@jck.com> Thu, 04 June 2015 07:45 UTC

Return-Path: <john-ietf@jck.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E4511ACF1D for <ietf@ietfa.amsl.com>; Thu, 4 Jun 2015 00:45:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.31
X-Spam-Level:
X-Spam-Status: No, score=-2.31 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-0.7, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8dRXrYP_TWEN for <ietf@ietfa.amsl.com>; Thu, 4 Jun 2015 00:45:20 -0700 (PDT)
Received: from bsa2.jck.com (ns.jck.com [70.88.254.51]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D3DFE1ACED5 for <ietf@ietf.org>; Thu, 4 Jun 2015 00:45:19 -0700 (PDT)
Received: from [198.252.137.35] (helo=JcK-HP8200.jck.com) by bsa2.jck.com with esmtp (Exim 4.82 (FreeBSD)) (envelope-from <john-ietf@jck.com>) id 1Z0Ppx-000C9g-Tf; Thu, 04 Jun 2015 03:45:13 -0400
Date: Thu, 04 Jun 2015 03:45:08 -0400
From: John C Klensin <john-ietf@jck.com>
To: Hector Santos <hector.santos45@yahoo.com>, Måns Nilsson <mansaxel@besserwisser.org>, Joe Abley <jabley@hopcount.ca>
Subject: Re: Proposed Proposed Statement on e-mail encryption at the IETF
Message-ID: <2CA50C9A80A6D72C8D57630D@JcK-HP8200.jck.com>
In-Reply-To: <556F5206.5090006@yahoo.com>
References: <DD88F4E4-6BBA-4610-BB49-3158A26DF55B@hopcount.ca> <20150602152432.GE5551@besserwisser.org> <556F5206.5090006@yahoo.com>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
X-SA-Exim-Connect-IP: 198.252.137.35
X-SA-Exim-Mail-From: john-ietf@jck.com
X-SA-Exim-Scanned: No (on bsa2.jck.com); SAEximRunCond expanded to false
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/7ehGs_qW2igQWqW_CHpg5gyNAjE>
Cc: IETF Discussion Mailing List <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Jun 2015 07:45:21 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


- --On Wednesday, June 03, 2015 15:14 -0400 Hector Santos
<hector.santos45@yahoo.com> wrote:

> On 6/2/2015 11:24 AM, Måns Nilsson wrote:
>> The above benefits of signing apply roughly equally well to
>> both  methods. /Måns, signing all outgoing e-mail. If e-mail
>> from me is  not signed, something is fishy. 
> 
> But if you are not signing the mail yourself, its already
> "fishy." Or do you mean sign by some trusted 3rd party and
> wish for others to trust as well?

Hector, I assume he meant "signed by some mechanism, including
key
certification, that most recipients would have reason to trust".
Now that
raises a lot of issues, some of which interact with claims that
HTTPS
provides significant data integrity protection.    I wish that,
at least as
a demonstration matter, more MUAs made it easy to create a
security-based
whitelist for incoming mail to particular mailbox or folders,
e.g., to
reject anything that was not signed in a key that was either
stored and
certified locally or that was certified by a CA that the user
had chosen to
trust.  In addition to allowing some noise-free (as well as
merely
spam-free) folders, it would help the broader community
understand the
limitations of such approaches.  For example, we could not use
it for the
IETF list and preserve the position that anyone could post and
that
pseudononymous postings were ok.

I also note that "PGP key signing parties" used to be a regular
feature at
almost every IETF meeting.  If we were serious about secure
communications
(not just email) within the IETF community, we would reinstitute
those,
review signing criteria and create some guidelines, and make
sure we could
get X.509 certs issued/signed too, if necessary in an IETF or
ISOC tree.

If we were trying to make good demonstrations for the wider
community, we
would move in those sorts of directions.  We might also pick up
on Måns's
"if it isn't signed, it isn't from me" assertion and modify our
various
protocols for domain-based assertions about mail to allow "if
something
claims to come from this domail and its content isn't digitally
signed
using method X, it is bogus" assertions.

Lots of things we could be doing.   Or we can contribute to the
repertoire
of security theater and make our lives harder in the process.

regards,
   john




-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.3.0 (Build 8741)
Charset: utf-8

wj8DBQFVcAHo5pJ/EbOJ8NoRAoJyAKCERi9i+hicycOBc+Mc5zgxKEGh8QCfZJWx
V6JIsVatL3bA/LnpUv9xNbA=
=VMXb
-----END PGP SIGNATURE-----