IETF Logo Mail Archive

Re: Proposed Proposed Statement on e-mail encryption at the IETF

Matt Mathis <mattmathis@google.com> Tue, 02 June 2015 21:50 UTC

Return-Path: <mattmathis@google.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D32661B2F4F for <ietf@ietfa.amsl.com>; Tue, 2 Jun 2015 14:50:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.088
X-Spam-Level:
X-Spam-Status: No, score=-1.088 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pbxhLmIeT4RX for <ietf@ietfa.amsl.com>; Tue, 2 Jun 2015 14:50:08 -0700 (PDT)
Received: from mail-ob0-x234.google.com (mail-ob0-x234.google.com [IPv6:2607:f8b0:4003:c01::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 16B8D1B2F42 for <ietf@ietf.org>; Tue, 2 Jun 2015 14:50:07 -0700 (PDT)
Received: by obbnx5 with SMTP id nx5so138499280obb.0 for <ietf@ietf.org>; Tue, 02 Jun 2015 14:50:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=rwGOY5w2SpoGLf5AMbSjQuiiPAvP+6kNBqYVFIjxFT4=; b=b927/w6LD4Nn7DZgkT7jA06AQUwCAHwrToVlg+nUJh8ahIQbApbQRYd/2pyjQYWz7R So6/HFGChArsA+mCmV1P9y0MkRhyeKsFj0kHILGF+tzonDEcQzAdaBgmxtWbqPmXkXRU 2d1aL6qdLAhga/ymxp9V7puetn/7be0Qt41CAiO/UfiHLCVbwrfbRafB1yji/Zu91UvK 66dcFJweHpMER+R1EtPfbxlnzmygB3NykNLmqGAUTQAistW/tDHv3VNwZR3JowEqB2UM 0HKcn0XAHoZrFfzFzh2s25riY+/KL/P6vb21H+2gmAzi8cK+Tq/+b2a9KwgTTHHq7IBf F5MA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=rwGOY5w2SpoGLf5AMbSjQuiiPAvP+6kNBqYVFIjxFT4=; b=FoDzkuyJRGkIGksAFyO9XDvvg8kkUcEL1jn9NJYoXvdjibGJzmiO9UudmLgLydhfS8 9XbS7l98+rHGBqrnxn3tRmbIYiMieDxPezbIST+vW3xP50zKJg0pQTHd5Xpxn0ZhRMki AoQaktQ5bEFMdnOSGoAXApurYLUO1h+OgqJGBRNMMvBD2Vg0CaGcXL57iT/IsH8JyN6k HZP4PBORO0gOGG3edjronOxP65RwhnhQmlFjDu5nn/AWVzb/AXvBMO+V7uC6yn1EGlsU OeWjBm69osbdqutFO/Xb7E1d1h1tMG29ykOdMKPUWt4u8S/Qfvah0oYlbxQrWVXlF90O fgow==
X-Gm-Message-State: ALoCoQl3XQ2tIEKBHvfglOYWHqaTnZxWmxu6Si5lYPyKM+i+MlG9ri2O2uc8P7KLmMWQyFA7bdxz
MIME-Version: 1.0
X-Received: by 10.202.51.66 with SMTP id z63mr23210949oiz.49.1433281807320; Tue, 02 Jun 2015 14:50:07 -0700 (PDT)
Received: by 10.182.59.79 with HTTP; Tue, 2 Jun 2015 14:50:07 -0700 (PDT)
In-Reply-To: <20150602200949.GF5551@besserwisser.org>
References: <DD88F4E4-6BBA-4610-BB49-3158A26DF55B@hopcount.ca> <2DA10E34-02DA-4245-9031-8C0F2749461D@vpnc.org> <9DCD66D2-A8AD-4810-A912-D2CFF2E387BC@hopcount.ca> <20150602200949.GF5551@besserwisser.org>
Date: Tue, 02 Jun 2015 14:50:07 -0700
Message-ID: <CAH56bmCrOOLs7Zg5RX+PQ7H_+RU6ZhVFCp-9USbZ_KmirTvmbA@mail.gmail.com>
Subject: Re: Proposed Proposed Statement on e-mail encryption at the IETF
From: Matt Mathis <mattmathis@google.com>
To: Måns Nilsson <mansaxel@besserwisser.org>
Content-Type: multipart/alternative; boundary="001a113ce1b4fd33c305178fecda"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/KImr0u7R79oFijCdqHdUWCAOJgU>
Cc: IETF Discussion Mailing List <ietf@ietf.org>, Paul Hoffman <paul.hoffman@vpnc.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jun 2015 21:50:10 -0000

BTW you can see encryption stats here:
https://www.google.com/transparencyreport/saferemail/?hl=en#search=ietf.org
 .

Or for that matter, look up your own favorite domains.   The per region
stats are pretty alarming.

Thanks,
--MM--
The best way to predict the future is to create it.  - Alan Kay

Privacy matters!  We know from recent events that people are using our
services to speak in defiance of unjust governments.   We treat privacy and
security as matters of life and death, because for some users, they are.

On Tue, Jun 2, 2015 at 1:11 PM, Måns Nilsson <mansaxel@besserwisser.org>
wrote:

> Subject: Re: Proposed Proposed Statement on e-mail encryption at the IETF
> Date: Tue, Jun 02, 2015 at 07:08:15PM +0100 Quoting Joe Abley (
> jabley@hopcount.ca):
>
> > But agreed, if the IETF was able to show that its work conducted by
> > e-mail could incorporate cryptography in such a way that it was a
> > benefit to all concerned rather than a headache, I think that would
> > be great.
>
> I think we have achieved this in one way; we now accept and deliver
> e-mail via SMTP using TLS. Everyone should do this, as long as they
> don't risk ending up in jail for doing it. (for those cases and for
> RFC 854 debugging, we keep the downgrade option. Reluctantly. Building
> an interceptor that strips the TLS offers from the SMTP dialogue and
> effects a downgrade attack is trivial. More often than not this device is
> "the firewall". QED.)
>
> Another way we've dogfooded in this area is by signing email. (And that
> might be done via any of the unuseable protocols. I pretend I don't care,
> to keep Joe on his chair.)  There are operational, direct advantages
> from signing email today.  Everyone who some day might want to send a
> sensitive e-mail over any network ought to think very hard about climbing
> on the mechanical bull known as "getting PGP to work in my email setup
> (and with some security at that)." Signed email is not "au contraire" to
> the open nature of IETF lists. It serves as verification and reassurement.
>
> I somewhat keep repeating myself.  But we can do, and actually do,
> this, today. Now, getting DANE data for the IETF SMTP TLS certs going,
> and perhaps working on fetching that data into the validation process
> of some well-known MUAs, that would be a good step.
>
> --
> Måns Nilsson     primary/secondary/besserwisser/machina
> MN-1334-RIPE                             +46 705 989668
> I am a traffic light, and Alan Ginzberg kidnapped my laundry in 1927!
>

v2.23.0 | Report a Bug | By Email