Re: the introduction problem, was Email and reputation (was Re: Service outages planned for April 25)
Keith Moore <moore@network-heretics.com> Tue, 03 May 2022 04:24 UTC
Return-Path: <moore@network-heretics.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B719C14F74D for <ietf@ietfa.amsl.com>; Mon, 2 May 2022 21:24:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.74
X-Spam-Level:
X-Spam-Status: No, score=-3.74 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, NICE_REPLY_A=-1.857, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, T_SPF_TEMPERROR=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=messagingengine.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AqINK0iC8e-D for <ietf@ietfa.amsl.com>; Mon, 2 May 2022 21:24:28 -0700 (PDT)
Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0650DC14F728 for <ietf@ietf.org>; Mon, 2 May 2022 21:24:20 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 731DC5C0164 for <ietf@ietf.org>; Tue, 3 May 2022 00:24:19 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Tue, 03 May 2022 00:24:19 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:date:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:sender:subject:subject:to:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; t=1651551859; x=1651638259; bh=uVVXz15vgLLQZNgxzsoC8EfmeaA7 ZfvfB/b5MIFVWyQ=; b=SO01H6pScYvmYS/MpJbPUzL7jGm4Qbb6vy/ROGuFcB9c Al783ibMi9yNW26RRL6c3fcOUJ1L/gbz+jyzcBJ+CksmM4V+bogDKvnE2txN1TyT SzY/APHYLF/+PJPiPyW6dBqKTGm+qzqMFkP8it6nPmDWnbC2u2QM/cBU14RmUXio HM8c75vV2DF/XATYZ6vqBPbwNtBkiWc8JvDQGx+d395VCqtWJCh9m2QY5sHKFrFg jR5GIGmn2L/1WvbvP4I045wiS61ZqYZpqUY6d9dUmgDn8XpfPxsaDbmnLivFABPL VddU/xfdjeInDmsg/Kz3BFj67nB9Bzn4v22+mcMt8g==
X-ME-Sender: <xms:c65wYtBhKV-0vIzinqGtoJqGbG3GiF-r-GkZjZx6DG5jpy2cQDbneg> <xme:c65wYrihNYbjMYfoImDKshQ_t8KqfY_NPAzl_PNS_x0TZrWn3cqvs0-KkamvYOI_f ia0GPeadxMoQA>
X-ME-Received: <xmr:c65wYomDIfFe8V7DvXluR9gd4Pof86OHfBF3d0NMdogAZS1gX2xBfkgDvNczQ2rWfyQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrvdeigdekvdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepkfffgggfuffvfhfhjggtgfesthekre dttdefjeenucfhrhhomhepmfgvihhthhcuofhoohhrvgcuoehmohhorhgvsehnvghtfiho rhhkqdhhvghrvghtihgtshdrtghomheqnecuggftrfgrthhtvghrnhepfedtvdelieejve ekjefhueduheeviefhjeefvdfgudfhfffhudduudefgefgteevnecuvehluhhsthgvrhfu ihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepmhhoohhrvgesnhgvthifohhrkh dqhhgvrhgvthhitghsrdgtohhm
X-ME-Proxy: <xmx:c65wYnyDoRycDM43bFQM7C-RMpFUmHgxMeyxvYZ-83BDpAh0-QsoFw> <xmx:c65wYiQoekcRN_tknpukrF2ciR3wwUAd9Ny5xgzGSbA8HoV7LmYsxQ> <xmx:c65wYqYLKun0uvLFdk-zeVQv9XVDXkILZIOdjRTNzb8Q5Viphf14HQ> <xmx:c65wYpc2dtcPuQpnyunHLAARBuKXtciwAbZgkAaCPhLnuR9lvZVfxw>
Received: by mail.messagingengine.com (Postfix) with ESMTPA for <ietf@ietf.org>; Tue, 3 May 2022 00:24:19 -0400 (EDT)
Message-ID: <837df6ce-a771-ff2f-515b-1021cc242c23@network-heretics.com>
Date: Tue, 03 May 2022 00:24:01 -0400
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0
Subject: Re: the introduction problem, was Email and reputation (was Re: Service outages planned for April 25)
Content-Language: en-US
To: ietf@ietf.org
References: <dcc27c29-51f8-c2a4-8ce4-ee1a3c6cb017@nostrum.com> <AAE3C51B-0150-483C-8244-3D60BC31B19A@tzi.org> <2c5df733-0f86-d319-b886-81882328caa9@network-heretics.com> <1870005490.14504.1651151102962@appsuite-gw1.open-xchange.com> <t4f3j1$1mpc$1@gal.iecc.com> <626060406.28268.1651487745123@appsuite-gw1.open-xchange.com> <2480fd36-c16a-6d98-ddac-15d02259ffbe@taugh.com>
From: Keith Moore <moore@network-heretics.com>
In-Reply-To: <2480fd36-c16a-6d98-ddac-15d02259ffbe@taugh.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/8reGPYuh01R7GoIPxEMFu3b0UX0>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 May 2022 04:24:35 -0000
On 5/2/22 09:20, John R Levine wrote: > We have several decades of S/MIME and PGP failing because nobody knows > how to do key distribution at scale. I'm not convinced that that's the (only or even most important) reason, or that it's even true. From my perspective there have been several barriers to adopting S/MIME and/or PGPMIME, e.g. lack of MUA support, lack of email domain CAs and support for them among root CAs, lack of a well known and trusted set of root CAs such as exist for the web (it's not clear that they should should be the same set), lack of a standard key discovery mechanism, and (mostly I suspect) lack of mindshare. When there are multiple barriers to solving a problem, any one of those problems can become an excuse to avoid solving the other problems. But it seems likely that enterprises could issue email-only certs for their employees, and MSPs could issue email-only certs for their customers. There are limitations with that model, especially for private individuals. But such a model could be extremely useful for B2B communications, where what you really want to authenticate is not the sender's "real name" so much as the sender's role with a company. And it could be useful for others also, though not for every conceivable purpose. The biggest problem in generating such certs is arguably that there are no established protocols for MUAs to generate keypairs and CSRs, and to have them request that the MSP issue certs in response. There might also need to be some new extensions to X.509. Having the MSP act as CA makes sense when the important identity for the user being authenticated is their email address and not their name. Certificates used in email need to reflect that (perhaps SAN already does that sufficiently), and - more importantly - so do the UIs of the MUAs that interpret those certificates. "Keith Moore" is NOT the same as moore@network-heretics.com and it's important that MUAs not conflate the two. (MUAs are already notorious for hiding people's email addresses from message recipients, by default, whether to save display space or out of some misguided notion of usability.) Even if MUAs had a way to generate keypairs and CSRs and get certs back, many people read their mail from multiple MUAs. So that needs to be managed. Either each user's MUA has a separate key pair, or there needs to be a secure way to distribute the user's private key to all of the user's MUAs. I know which one I'd prefer, but either way there are details to be worked out. Of course a "3rd party" cert issued by a trustworthy but neutral CA could be useful in addition to these, especially for mail sent by or to private individuals. But email is not like the public web. The model of having a small set of trusted CAs for the web doesn't extend well to signing keys used in email from or to private individuals. I used to say that I'd never trust the US Government's certificate for Phil Zimmerman's key. (nowdays I'd probably say Edward Snowden's key, but you get the idea). There is no one party or even hierarchy that is sufficiently trustworthy for all purposes. There are incentives for even widely-trusted CAs to occasionally lie about the keys for a small number of specific individuals, and less chance that they'd get caught doing so when those keys are used in private email than when used on the public web. One party might well want multiple assurances of another's public key before trusting that key, but this needs to be made clear in their user interface. User interface issues seem like some of the more significant problems because (for example) it really does make sense for the President's secretary to sign an email from the President. How do you communicate to users who has the authority to sign something for purpose A but not purpose B? And yet, humans have been doing similar things with signatures on paper for many centuries. I don't think it's an unsolvable problem unless perhaps you want to cram all of that information on a watch face. Then there are questions of how encrypted or signed email should interact with forwarding and/or mailing lists. Should encrypted mail sent to a mailing list be decrypted by the list and re-encrypted for each recipient? How, again, to communicate to the sender that their message is going to a list and that it's entirely up to the list to decide how to disseminate the cleartext? Should the sender be made aware of that before composing or at least sending the message? And then there's the problem of searching encrypted mail in a mail store, when you'd like to be able to store the messages as received rather than having them be stored in cleartext and accessible to the MSP. Some users, perhaps, will be fine with having their messages stored in cleartext; others will not. And finally there are the various enemies of privacy who will fight any effort to make email more secure, no matter how badly it's needed. And they won't be honest about either their concerns or their goals. *** So I see a lot of careful engineering that's needed, and a lot of user interface work (which is admittedly problematic for IETF), and probably some hard political work by honest people to overcome the efforts of dishonest people who will try to subvert it (whether or not they believe they're doing good). But I don't think there are fundamentally unsolvable technical problems, so much as problems that make people uncomfortable - because there's no simple system that spans a wide enough range of compromises to suit everyone. But that doesn't mean that there's no system that doesn't solve most people's problems. Keith
- Service outages planned for April 25 Robert Sparks
- Re: Service outages planned for April 25 Robert Sparks
- Re: Service outages planned for April 25 tom petch
- Re: Service outages planned for April 25 Jay Daley
- Re: Service outages planned for April 25 Keith Moore
- Re: Service outages planned for April 25 Carsten Bormann
- Re: Service outages planned for April 25 Keith Moore
- Re: Service outages planned for April 25 Carsten Bormann
- Re: Service outages planned for April 25 Keith Moore
- Email and reputation (was Re: Service outages pla… Vittorio Bertola
- Re: Email and reputation (was Re: Service outages… Keith Moore
- Re: Mail is worse than everything except all the … John Levine
- Re: the introduction problem, was Email and reput… John Levine
- Re: Mail is worse than everything except all the … Keith Moore
- Re: Mail is worse than everything except all the … Phillip Hallam-Baker
- Re: Mail is worse than everything except all the … Keith Moore
- Re: Mail is worse than everything except all the … John R Levine
- Re: Mail is worse than everything except all the … Keith Moore
- Re: Mail is worse than everything except all the … touch@strayalpha.com
- Re: Mail is worse than everything except all the … Keith Moore
- Re: Mail is worse than everything except all the … Viktor Dukhovni
- Re: Mail is worse than everything except all the … Keith Moore
- Re: Mail is worse than everything except all the … touch@strayalpha.com
- Re: Mail is worse than everything except all the … Keith Moore
- Re: the introduction problem, was Email and reput… Vittorio Bertola
- Re: the introduction problem, was Email and reput… John R Levine
- Re: the introduction problem, was Email and reput… Keith Moore
- Re: the introduction problem, was Email and reput… Viktor Dukhovni
- Re: the introduction problem, was Email and reput… Christian Huitema
- Re: the introduction problem, was Email and reput… Keith Moore
- Re: the introduction problem, was Email and reput… Keith Moore
- Re: the introduction problem, was Email and reput… Viktor Dukhovni
- Re: the introduction problem, was Email and reput… Masataka Ohta
- Re: the introduction problem, was Email and reput… Keith Moore
- Re: the introduction problem, was Email and reput… Masataka Ohta
- Re: the introduction problem, was Email and reput… Viktor Dukhovni
- Re: the introduction problem, was Email and reput… Keith Moore
- Re: the introduction problem, was Email and reput… Michael Richardson
- Re: the introduction problem, was Email and reput… Laurence Lundblade
- Re: the introduction problem, was Email and reput… Keith Moore
- Re: the introduction problem, was Email and reput… John Levine
- Re: the introduction problem, was Email and reput… Lyndon Nerenberg (VE7TFX/VE6BBM)
- Re: mail crypto, was the introduction problem, wa… John Levine
- Re: mail crypto, was the introduction problem, wa… Keith Moore
- Re: mail crypto, was the introduction problem, wa… Christopher Morrow
- Re: mail crypto, was the introduction problem, wa… Keith Moore
- Re: mail crypto, was the introduction problem, wa… John Levine
- Re: mail crypto, was the introduction problem, wa… Keith Moore
- Re: mail crypto, was the introduction problem, wa… Christopher Morrow
- Re: mail crypto, was the introduction problem, wa… Keith Moore
- Deployment strategy for email+ Was: Mail is worse… Phillip Hallam-Baker
- Re: mail crypto, was the introduction problem, wa… Phillip Hallam-Baker
- Re: the introduction problem, was Email and reput… Phillip Hallam-Baker
- Re: the introduction problem, was Email and reput… Phillip Hallam-Baker
- Re: the introduction problem, was Email and reput… John Levine
- Re: the introduction problem, was Email and reput… Keith Moore
- Re: the introduction problem, was Email and reput… Phillip Hallam-Baker
- Re: the introduction problem, was Email and reput… John R Levine
- Re: the introduction problem, was Email and reput… Phillip Hallam-Baker
- Re: the introduction problem, was Email and reput… Masataka Ohta
- Re: the introduction problem, was Email and reput… Masataka Ohta
- Trying to do too much (was Re: the introduction p… Jim Fenton
- Re: Trying to do too much (was Re: the introducti… lloyd.wood@yahoo.co.uk
- Re: Trying to do too much (was Re: the introducti… Phillip Hallam-Baker
- Re: Trying to do too much (was Re: the introducti… Keith Moore
- Re: Trying to do too much (was Re: the introducti… Keith Moore
- Re: Trying to do too much (was Re: the introducti… Michael Richardson
- Re: Trying to do too much (was Re: the introducti… Masataka Ohta
- Re: Trying to do too much (was Re: the introducti… Masataka Ohta
- Re: potable e-mail, now Trying to do too much (wa… John Levine
- Re: Trying to do too much (was Re: the introducti… Phillip Hallam-Baker
- Re: Trying to do too much (was Re: the introducti… Phillip Hallam-Baker
- Re: potable e-mail, now Trying to do too much (wa… Michael Richardson
- Re: Trying to do too much (was Re: the introducti… Keith Moore
- Re: portable e-mail, now Trying to do too much (w… John R Levine
- Re: potable e-mail, now Trying to do too much (wa… Keith Moore
- Re: Trying to do too much (was Re: the introducti… Masataka Ohta
- Re: potable e-mail, now Trying to do too much (wa… Masataka Ohta
- Re: portable e-mail, now Trying to do too much (w… Michael Richardson
- Re: portable e-mail, now Trying to do too much (w… John Levine
- Re: portable e-mail, now Trying to do too much (w… Michael Richardson
- We are not a mail forwarding service Carsten Bormann
- Re: We are not a mail forwarding service John R Levine
- ugly hacks (was: Re: We are not a mail forwarding… Keith Moore
- Re: ugly hacks (was: Re: We are not a mail forwar… John Levine
- Re: ugly hacks (was: Re: We are not a mail forwar… Keith Moore
- Re: We are not a mail forwarding service Robert Sparks
- Re: We are not a mail forwarding service Carsten Bormann
- Re: portable e-mail, now Trying to do too much (w… Phillip Hallam-Baker
- Re: potable e-mail, now Trying to do too much (wa… Phillip Hallam-Baker
- Re: portable e-mail, now Trying to do too much (w… Keith Moore
- Re: portable e-mail, now Trying to do too much (w… Phillip Hallam-Baker