IETF Logo Mail Archive

Re: Scope for self-destructing email?

"John R Levine" <johnl@taugh.com> Sat, 19 August 2017 14:27 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B29E41323B8 for <ietf@ietfa.amsl.com>; Sat, 19 Aug 2017 07:27:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.791
X-Spam-Level:
X-Spam-Status: No, score=-1.791 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=iecc.com header.b=jrpQHNW0; dkim=neutral reason="invalid (public key: not available)" header.d=taugh.com header.b=Ek3FkL5x
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GVXzPcCnJdVA for <ietf@ietfa.amsl.com>; Sat, 19 Aug 2017 07:27:26 -0700 (PDT)
Received: from miucha.iecc.com (www.iecc.com [IPv6:2001:470:1f07:1126::4945:4343]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A2971321A2 for <ietf@ietf.org>; Sat, 19 Aug 2017 07:27:26 -0700 (PDT)
Received: (qmail 73599 invoked from network); 19 Aug 2017 14:27:25 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=11f7d.59984acd.k1707; bh=tZuv2JrJarpN9Zsb5+Dt9ybjy0K06yHBqZRSAvPCrbQ=; b=jrpQHNW05hUxZ0xmcuvtYqSxt2iAwU/f/YngBeujDQVwi2mLUj9VfhSANx9Efuoijz10zTJ2MHZYWlgQdg3kXRobUSxQ0V4vVIF9mPrsgEeLMvWuPSDYhYMNdkKJZO8w7TGCvS2TIpJGibpqNtVmeCjX86icIqOuVnt+mhVZQgMedjiOeW7BmHyb4Exm5VAuYWqHEoTTqr+BgqnhvncM5Jv/6IxgdoQpvS+knIj9z+2i1dS2Y04GQEXcGD3Ji6ZT
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=11f7d.59984acd.k1707; bh=tZuv2JrJarpN9Zsb5+Dt9ybjy0K06yHBqZRSAvPCrbQ=; b=Ek3FkL5x081AkSN11H29ifA7LGXxTmQ/Ns0+nACfxfFeeflNvXwHhCm6K2YqPgymtSsDyKR+LzkGit3Gsix2km97vPHjkaYkEPSXxUhR8b/xVJt7Eb95fyWykzj6dFir7YZzPieFu5GuCexQdtCe3HuPZLwioGg+/4eHJKcg0zw+mBOD50YAPX2s1Njqz5pp6HZhum3UPVqiENgCVnWz0hYm69cA8iVmFIUskjL4pS9Z5IoXdWsw2vJQC7kiA4zK
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2/X.509/AEAD) via TCP6; 19 Aug 2017 14:27:24 -0000
Date: Sat, 19 Aug 2017 10:27:24 -0400
Message-ID: <alpine.OSX.2.21.1708191024470.65721@ary.local>
From: John R Levine <johnl@taugh.com>
To: Phillip Hallam-Baker <phill@hallambaker.com>
Cc: IETF Discussion Mailing List <ietf@ietf.org>, Michael Richardson <mcr+ietf@sandelman.ca>
Subject: Re: Scope for self-destructing email?
In-Reply-To: <CAMm+Lwh=wO-LSY46F9+s_V0AhNVGA18LNQb1m4j_hsuV5uUVng@mail.gmail.com>
References: <7877.1502972732@obiwan.sandelman.ca> <20170818013037.6784.qmail@ary.lan> <CAMm+Lwh=wO-LSY46F9+s_V0AhNVGA18LNQb1m4j_hsuV5uUVng@mail.gmail.com>
User-Agent: Alpine 2.21 (OSX 202 2017-01-01)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0-288079867-1503152844=:65721"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/CZU-4yCMh9G_Wdpg85ueAc_5T4Q>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Aug 2017 14:27:28 -0000

On Fri, 18 Aug 2017, Phillip Hallam-Baker wrote:
>> Seems like overkill.  How about you pay attention to the Supersedes:
>> (see RFC 2156 and RFC 4021, section 2.1.46) if old and new messages
>> both have DKIM signatures from the same domain?  Same question about
>> why after 20 years nobody uses it outside of netnews.
>
> ​DKIM almost helps but this is a data level feature and it really does not
> work well with a presentation layer authentication scheme like DKIM.

I suppose, but you'd need something like DKIM if you want to prevent 
attacks where the bad guy splices his headers onto your message, and it 
has the advantage that it exists and is widely deployed.

It's certainly not perfect, e.g., any gmail user could supersede anyone 
else's unless gmail limited what headers they sign, but that doesn't seem 
like a high value attack.

> And to make it work well, you have to start from a messaging infrastructure
> where every message and sender can authenticate themselves
> cryptographically from the beginning...​

  ... with a pony?

R's,
John

v2.23.0 | Report a Bug | By Email