IETF Logo Mail Archive

Re: [ietf-smtp] epostage is still a bad idea, the inedible parts of IETF dogfood consumption - SMTP version

Brandon Long <blong@google.com> Thu, 19 December 2019 20:52 UTC

Return-Path: <blong@google.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 89BB312016E for <ietf@ietfa.amsl.com>; Thu, 19 Dec 2019 12:52:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.499
X-Spam-Level:
X-Spam-Status: No, score=-17.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EIc2xkies1ax for <ietf@ietfa.amsl.com>; Thu, 19 Dec 2019 12:52:15 -0800 (PST)
Received: from mail-vk1-xa2c.google.com (mail-vk1-xa2c.google.com [IPv6:2607:f8b0:4864:20::a2c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D23DF1200DF for <ietf@ietf.org>; Thu, 19 Dec 2019 12:52:14 -0800 (PST)
Received: by mail-vk1-xa2c.google.com with SMTP id w67so2026501vkf.1 for <ietf@ietf.org>; Thu, 19 Dec 2019 12:52:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=fs5ZLBvM90K3V6jY4FtCKxabLIzADBf2DHDc4SXSNks=; b=vTapQfliisSZzl2e8IcxadJ6X0PkRSVKK3DEWYVW79jyJePU2KJVhxvjG384MgQ4TK 8PYBQ9G6tzXqfme5fId5HYbTtweT434o8sSeKGIxhjniiaVTLKrk+Hl9Ej9Zt0o0WCnn WVHEVp8aCyRH9KnHsm5spXjrAyChigEC90aIeayT43UjxHlWCRg+UyFOV6O2+A57Kbxy UVub9S9VXhx48X6iKKE9nxjk7wOf8/hFcMrk4t8EDiTDgl0QOOcipvv0rhGlJDhARI1+ GLNtzu9I+yhhwXIrBLryiambZM7XDPyjGJVUCHrm3gpoz/ym1LX+E784rseXivTDOER9 S8IA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=fs5ZLBvM90K3V6jY4FtCKxabLIzADBf2DHDc4SXSNks=; b=jXL9EA5Sqr3GLPnbtYWN46vbkrKx0rfBCiFlF5a4RUXqX0TH6QpTKtIPY6EXVJtGss bx8lrIUW7FFTB528jUsBI5RStEqlz4YzOiQqJyyC0S0ClNpmaKmXGbJq1acRdjIvFS/R +LQgG0tCLgCowhYQ3lAemhASPRpxUEhMR5u4qegDlngmHJ4NscANe4AIM0vOgEQgNvoJ uk/yLwVWlpFQ5mwrlyf8vENakgrBLWFIcruKjNxesQe7CXNOUDL+YwYWsVfJLtwA0Kef +xXHUu05im6WY6nTwJJFsYO/ycUQ+SdWWDyDJuEeLt84v61QMvphedMwWSUTbzHhNKTx itvg==
X-Gm-Message-State: APjAAAXNkdx29JPSwkgyq5UIsh3/5sRdP0y0Q4f7dMF2zV1i3DL58fgr JTdk5dvFAY5rFhYGP52tAQgpeVrUGCMrk72/+vVRaIN62A==
X-Google-Smtp-Source: APXvYqxLe7zrjyBU/13bSyBpMooXN5ZdJr7M89sP0lPaBWY3e6NvxFCmqWmNw/JQ5oFx8evzJjbwLEZf4alNRVhAFkU=
X-Received: by 2002:ac5:cc7a:: with SMTP id w26mr7330979vkm.64.1576788733349; Thu, 19 Dec 2019 12:52:13 -0800 (PST)
MIME-Version: 1.0
References: <20191218020726.4FA601178860@ary.qy> <aacdb008-a894-d116-d0ee-afb5bfa36477@network-heretics.com> <CAKr6gn0JYfziVEyL1mH-WZxyy7tFct77jafjbh2fVGU4CPysQA@mail.gmail.com> <alpine.OSX.2.21.99999.374.1912180916250.77074@ary.qy> <CAMm+Lwg7brq8jb6JZHVuJiAzM4CoJWBMRDf3Q2dnnOzd5KNA-A@mail.gmail.com>
In-Reply-To: <CAMm+Lwg7brq8jb6JZHVuJiAzM4CoJWBMRDf3Q2dnnOzd5KNA-A@mail.gmail.com>
From: Brandon Long <blong@google.com>
Date: Thu, 19 Dec 2019 12:52:02 -0800
Message-ID: <CABa8R6u_xwDH+40eFjg7-pXgW7W1f_2gfNN5f7mfTkVCkKbNYQ@mail.gmail.com>
Subject: Re: [ietf-smtp] epostage is still a bad idea, the inedible parts of IETF dogfood consumption - SMTP version
To: Phillip Hallam-Baker <phill@hallambaker.com>
Cc: John R Levine <johnl@taugh.com>, IETF Discussion Mailing List <ietf@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000056d14a059a14bcd6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/IgUI9fypraTHD1ss-igh6odwG_Q>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Dec 2019 20:52:17 -0000

On Wed, Dec 18, 2019 at 11:12 AM Phillip Hallam-Baker <phill@hallambaker.com>
wrote:

> If we knew how to deploy such a radical change as sender pays, we would
> surely also know how to do the much easier task of replacing SMTP with a
> protocol that is secure by default.
>
> * Every message is signed by the sending client.
> * Every message is signed by the originating mail service.
> * Every mail receiving service performs access control on inbound messages
> * Every mail client performs access control on messages
>
> Messaging abuse isn't entirely absent on Facebook, Skype, Signal, etc. but
> it is virtually non-existent compared to telephone and email. We are
> rapidly reaching the point where a large number of customers are going to
> start unplugging from POTS and only use it for voice mail because the level
> of abuse is utterly insane.
>
> Subjecting every message to access control is pretty straightforward when
> you can start with the principle that every message is authenticated by the
> sender. Defining a set of access control rules that work for me is pretty
> straightforward.
>
> 1) I will accept a contact request of 200 characters or less from anyone
>
> 2) I will accept requests from anyone in my contact book that are
> compatible with the authorizations specified there (e.g. Alice can send me
> mail or voice, Bob only voice, Carol can send me code, etc).
>
> 3) I will accept messages from anyone who has attended an IETF meeting or
> is a member of an an affinity group I am a member of (school, university,
> etc. etc.)
>
> 4) Reject everything else
>
> Trying to shoehorn this into the legacy SMTP environment is tough because
> the default is insecure. But there are plenty of closed environments that
> don't use SMTP which could switch to another messaging protocol.
>
> While I was writing this, I was interrupted by the Nest telling me
> something I didn't need to know. There is also a 'secure' messaging center
> on the Nest site and I have the same for each of my banks, brokers, etc.
> Wouldn't it be nice if all of those could send me messages using a protocol
> they know is secure and meets their HIPPA, GDPR, MMQF, etc. requirements?
>

The challenge with the secure messaging systems is only partially due to
transit concerns, they also want to be in the loop for the ACL to view the
message and control the lifecycle of the message as well.

Brandon

v2.23.0 | Report a Bug | By Email