IETF Logo Mail Archive

Re: mail crypto, was the introduction problem, was Email

Christopher Morrow <morrowc.lists@gmail.com> Wed, 04 May 2022 14:10 UTC

Return-Path: <christopher.morrow@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B5E1C15E6ED for <ietf@ietfa.amsl.com>; Wed, 4 May 2022 07:10:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EUxxUJ5zglEv for <ietf@ietfa.amsl.com>; Wed, 4 May 2022 07:10:04 -0700 (PDT)
Received: from mail-qv1-xf2d.google.com (mail-qv1-xf2d.google.com [IPv6:2607:f8b0:4864:20::f2d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E06AC159497 for <ietf@ietf.org>; Wed, 4 May 2022 07:09:18 -0700 (PDT)
Received: by mail-qv1-xf2d.google.com with SMTP id jt15so904015qvb.8 for <ietf@ietf.org>; Wed, 04 May 2022 07:09:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=9AZ3Yoj4xKREnwJyrMyv6J3SHIXCmBrSlzrc9NJa/8w=; b=bcMDNABWXZ9+4E36oR2tOXum0Yz5vG6JOt2EPuQarbW19or77w0bYSK1g7FvJE53ij bdRSnkwwvU2paFGhlyHoskMB7vwb1Aesk4WVjc8c7fL8sRHyJUiS7cFBitc/6xYnMnXQ 1GEayDkZckTvcfDj0W7JS33ZdhtNeXuWM0Zt9gc3pT2eWv6rv0waRA3y0/gjq5us3Tk1 Uq/dqXWG4zZCgS3jv06hJg2fzSBvVAqHiXUWnEtHHPFUOJ/KEMUJkM91iVPpIFgo+uU6 Ld/jbiHOi2t5TXDK21QBKB/h2FFRhSmq4V6VIK3ZeA7PBcfSvvNL51Qa2cgpNfKlyqJm ratQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=9AZ3Yoj4xKREnwJyrMyv6J3SHIXCmBrSlzrc9NJa/8w=; b=YJrb86FVY/Zjwvdxm1adsl9L0a4Vx5jfp1Bca8thMbmSWIXCMM3r3hhyZ52xbNX6d+ gzS3QJyUIpNbhuV39eixDRff76D5vwUtFFW2cWvdIZQa4PeBs28UyLKi+k23R7IllG6l i36H7QhmdUk5GDwjtWA7ARH9ZhxmUTQOMwi3p9aNN1oJA5Kqa0hJ2mz7M6C31/msNFcr u2voiT7hKsvhyvD9SUkbEZ74dognhVs66tiDyiKtOlORHJPAWIyDTIoo5DFxQuZFVe0A fSt7PcuP44VfysPFk5AkptMl6NfjZhp0u/8GdsNIIgJzLXVUuMxZ0Q/Lh7Jwk5iZFxBF R+Vw==
X-Gm-Message-State: AOAM530kovV5ScOp7hCUQ8krYyPEFbDZ/2Zdu43BBpl3AyxJWMjHMYS1 aCPJf3FlZjQQBhMFIg7h+brNZKLJ+BiuUdMvk4M=
X-Google-Smtp-Source: ABdhPJwFZLXla+69ADWWvR3s0oHTy3dNmT7S9IKbRtaQ0Gylf2zQIwSv7cri5ZUE8MxwKN3tONY8y+ypeuHWydLLYgs=
X-Received: by 2002:a05:6214:3012:b0:45a:afde:568b with SMTP id ke18-20020a056214301200b0045aafde568bmr4049870qvb.2.1651673357002; Wed, 04 May 2022 07:09:17 -0700 (PDT)
MIME-Version: 1.0
References: <20220504024539.852F23F56A58@ary.qy> <36aef7c4-0df5-34be-725c-02e702986c92@network-heretics.com>
In-Reply-To: <36aef7c4-0df5-34be-725c-02e702986c92@network-heretics.com>
From: Christopher Morrow <morrowc.lists@gmail.com>
Date: Wed, 04 May 2022 10:09:06 -0400
Message-ID: <CAL9jLaZAL-v2fgXaGoHcK+UeNpuq-84Ccs4-BBOVoFEDaDaOZQ@mail.gmail.com>
Subject: Re: mail crypto, was the introduction problem, was Email
To: Keith Moore <moore@network-heretics.com>
Cc: ietf <ietf@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000baa9ae05de302b1b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/Av-tK1WQ_Evxa5259QZwhpnl0QM>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 May 2022 14:10:09 -0000

On Tue, May 3, 2022 at 10:51 PM Keith Moore <moore@network-heretics.com>
wrote:

>
> Of course, having email transmitted in cleartext creates lots of
> nontrivial problems also.  It's just that we regard those problems as
> "normal", or pretend that they don't exist.
>
>
How much do we think 'transmitted in cleartext' exists anymore?
Hadn't all of the large email vendors basically forced TLS on the smtp path
~4-5yrs back?
Hasn't imap (without TLS) been non-supported by pretty much everyone for
~10+yrs?

Is the problem you (and to some extent John) point out actually
data-at-rest and not data-in-flight?
(and that if the email itself is not encrypted the MTAs in path will have
the ability to snoop at the content, of course)

v2.23.0 | Report a Bug | By Email