Re: Why are mail servers not also key servers?
Philip Homburg <pch-ietf-6@u-1.phicoh.com> Fri, 21 April 2017 14:46 UTC
Return-Path: <pch-bF054DD66@u-1.phicoh.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1B38128C84 for <ietf@ietfa.amsl.com>; Fri, 21 Apr 2017 07:46:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RdW6Nv8sIQzw for <ietf@ietfa.amsl.com>; Fri, 21 Apr 2017 07:46:24 -0700 (PDT)
Received: from stereo.hq.phicoh.net (stereo6-tun.hq.phicoh.net [IPv6:2001:888:1044:10:2a0:c9ff:fe9f:17a9]) by ietfa.amsl.com (Postfix) with ESMTP id 2C3B01204DA for <ietf@ietf.org>; Fri, 21 Apr 2017 07:46:24 -0700 (PDT)
Received: from stereo.hq.phicoh.net (localhost [::ffff:127.0.0.1]) by stereo.hq.phicoh.net with esmtp (Smail #130) id m1d1ZpH-0000HJC; Fri, 21 Apr 2017 16:46:23 +0200
Message-Id: <m1d1ZpH-0000HJC@stereo.hq.phicoh.net>
To: ietf@ietf.org
Cc: Doug Royer <douglasroyer@gmail.com>
Subject: Re: Why are mail servers not also key servers?
From: Philip Homburg <pch-ietf-6@u-1.phicoh.com>
Sender: pch-bF054DD66@u-1.phicoh.com
In-reply-to: Your message of "Fri, 21 Apr 2017 07:59:35 -0600 ." <c4492e1e-aa10-b163-6525-7420ef5e4ffd@gmail.com>
Date: Fri, 21 Apr 2017 16:46:22 +0200
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/FlcOpsMDemA0ykhoBpPMHX_XWQQ>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Apr 2017 14:46:26 -0000
>> Is there any kind of description and any kind of agreement of what attacks >> secure mail is supposed to defend against? > >I am not a security expert, I did however buy a couple of them lunch at >an IETF meeting years ago and I am sure that the experts will correct >any misstatements I have made here. S/MIME has been working for years. At a technical level, yes. S/MIME does stuff. Whether it does the right thing? Who knows. >> People have wildly different ideas of what e-mail security means. >> >> In the context of this discussion, one thing I'm curious about, and somethin >g >> that should be clear from the description of the attack vectors, is who >> controls a key. > >You should be in control of your private keys. You private key is as >secure as you make it. The average non-technical user will just send >email, get email, and might make sure that the signed, or encrypted >email checkbox is checked in their MUA. By and large, private keys are the boring part. Yes, private keys will leak every now and then. But overall that's not a big issue. The big issue is how do you make sure that a public key actually belongs to the party you want to communicate with and is not a key inserted by an attacker. It is easy to say 'trusted third party' without actually defining what such a third party will look like. That gives the mess that is the current CA system. It is also easy to say, just use DNSSEC. Disregarding the trust issues with that model. >> It is easy to come up with lots of ways in which a domain holder can provide >> a public key for a mailbox at that domain. But is that what we want? >> In some cases, like corporate mailboxes, probably yes. In other cases, >> journalists or activists with an e-mail account at a big e-mail provider, >> probably not. > >The only reason you need to fetch a persons private key first, is so >that you do not have to exchange the signed and not encrypted key first. You never 'fetch' a private key. >And I would imagine that a journalist and activists would most >definitely want people to send them encrypted email. Only if governments or other large parties cannot mount a man in the middle attack. Which they can, if they can control the distribution of public keys.
- Why are mail servers not also key servers? Jon
- Re: Why are mail servers not also key servers? Nico Williams
- Re: Why are mail servers not also key servers? Viktor Dukhovni
- Re: Why are mail servers not also key servers? Paul Wouters
- Re: Why are mail servers not also key servers? Yoav Nir
- Re: Why are mail servers not also key servers? Yoav Nir
- Re: Why are mail servers not also key servers? Paul Wouters
- Re: Why are mail servers not also key servers? Viktor Dukhovni
- Re: Why are mail servers not also key servers? Matthew Kerwin
- Re: Why are mail servers not also key servers? Jon
- Re: Why are mail servers not also key servers? Nico Williams
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Viktor Dukhovni
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? John Levine
- Re: Why are mail servers not also key servers? Paul Wouters
- Re: Why are mail servers not also key servers? Phillip Hallam-Baker
- RE: Why are mail servers not also key servers? Paul Wouters
- RE: Why are mail servers not also key servers? Rui Costa
- RE: Why are mail servers not also key servers? Rui Costa
- Re: Why are mail servers not also key servers? Martin Thomson
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? John Levine
- Re: Why are mail servers not also key servers? Philip Homburg
- Re: Why are mail servers not also key servers? John Levine
- Re: Why are mail servers not also key servers? Phillip Hallam-Baker
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Rich Kulawiec
- Re: Why are mail servers not also key servers? John C Klensin
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? John C Klensin
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Phillip Hallam-Baker
- Re: Why are mail servers not also key servers? Philip Homburg
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Phillip Hallam-Baker
- Re: Why are mail servers not also key servers? Wei Chuang
- Re: Why are mail servers not also key servers? Phillip Hallam-Baker
- Re: Why are mail servers not also key servers? John R Levine
- Re: Why are mail servers not also key servers? Martin Thomson
- Re: Why are mail servers not also key servers? Phillip Hallam-Baker
- Re: Why are mail servers not also key servers? Dave Crocker
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Doug Royer