Re: Why are mail servers not also key servers?
Viktor Dukhovni <ietf-dane@dukhovni.org> Thu, 20 April 2017 17:35 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6DD21314A3 for <ietf@ietfa.amsl.com>; Thu, 20 Apr 2017 10:35:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GjrntDlLxORS for <ietf@ietfa.amsl.com>; Thu, 20 Apr 2017 10:35:52 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [108.5.242.66]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 948FB1314A5 for <ietf@ietf.org>; Thu, 20 Apr 2017 10:35:52 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id E7CF57A3309; Thu, 20 Apr 2017 17:35:51 +0000 (UTC)
Date: Thu, 20 Apr 2017 17:35:51 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: ietf@ietf.org
Subject: Re: Why are mail servers not also key servers?
Message-ID: <20170420173551.GN25754@mournblade.imrryr.org>
Reply-To: ietf@ietf.org
References: <849511c0-6526-ecbe-2b56-7b459eaf010b@hawaii.edu> <B897A3A3-4A47-4C74-B79F-4F93C86A338C@gmail.com> <82ab9e4d-05ba-bc39-c7d1-bda6ee8d9be5@hawaii.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <82ab9e4d-05ba-bc39-c7d1-bda6ee8d9be5@hawaii.edu>
User-Agent: Mutt/1.7.2 (2016-11-26)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/Sv4fXeYfD8n5rt808edA2eUEjO4>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Apr 2017 17:35:54 -0000
On Thu, Apr 20, 2017 at 07:01:05PM +0200, Jon wrote:
> This is why I think smtp should be extended. All your mail agents
> support (E)SMTP and presumably they would all support an extension to
> smtp. The private keys will need to be stored some how to allow for
> multiple clients, but a key generated from user input could be used to
> decrypt a stored copy of the private key.
A major problems with all E2E email encryption proposals is unrelated
to key distribution, none of the extant MUAs provide an adequate
interface for E2E encrypted email.
+ Encrypted email is not searchable.
+ Encrypted email is difficult to scan for spam and malware
+ Changing the private key can mean loss of access to email
encrypted under the old key.
+ Signatures stop verifying when the signature key expires,
even though they were valid at the the email was received.
In addition, nobody is investing any effort into major improvements
in standalone MUAs. Free webmail has gotten rather fancy, but
content security is not in the provider's interest. Will users
want to pay for security that reduces usability?
Therefore, for the foreseable future, hop-by-hop TLS is the best
security you're likely to get, and is most appropriate for the
vast majority of email.
It is not enough to invest effort in better key distribution,
the effort will be wasted unless the right incentives are in
place to induce a similar effort in usability of E2E encrypted
email after it arrives.
> > 3. How much to you trust your email provider? Because they could
> > trivially serve the wrong public key and intercept your traffic.
>
> I really dislike this argument. You, me, and many others already trust
> our mail servers in the same capacity. Sure a mail server could serve
> the wrong key and then my mail ends up in a nefarious villains hands,
> but that is already the case today. If there's some degree of
> confidentiality we at least have traffic interception as a possible case
> rather than the default.
TLS is quite sufficient to guard against passive monitoring, and
the final message stored unencrypted in the user's mailbox is much
more usable.
Make (stored) E2E email usable, and then there'll may be real
incentives to address key distribution. Otherwise, any effort
to address key distribution will be largely wasted.
Do you have a design for an efficiently searchable and yet secure,
encrypted content index that supports concurrent updates from
multiple clients without losing data integrity?
How do you propose to handle spam and malware?
--
Viktor.
- Why are mail servers not also key servers? Jon
- Re: Why are mail servers not also key servers? Nico Williams
- Re: Why are mail servers not also key servers? Viktor Dukhovni
- Re: Why are mail servers not also key servers? Paul Wouters
- Re: Why are mail servers not also key servers? Yoav Nir
- Re: Why are mail servers not also key servers? Yoav Nir
- Re: Why are mail servers not also key servers? Paul Wouters
- Re: Why are mail servers not also key servers? Viktor Dukhovni
- Re: Why are mail servers not also key servers? Matthew Kerwin
- Re: Why are mail servers not also key servers? Jon
- Re: Why are mail servers not also key servers? Nico Williams
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Viktor Dukhovni
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? John Levine
- Re: Why are mail servers not also key servers? Paul Wouters
- Re: Why are mail servers not also key servers? Phillip Hallam-Baker
- RE: Why are mail servers not also key servers? Paul Wouters
- RE: Why are mail servers not also key servers? Rui Costa
- RE: Why are mail servers not also key servers? Rui Costa
- Re: Why are mail servers not also key servers? Martin Thomson
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? John Levine
- Re: Why are mail servers not also key servers? Philip Homburg
- Re: Why are mail servers not also key servers? John Levine
- Re: Why are mail servers not also key servers? Phillip Hallam-Baker
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Rich Kulawiec
- Re: Why are mail servers not also key servers? John C Klensin
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? John C Klensin
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Phillip Hallam-Baker
- Re: Why are mail servers not also key servers? Philip Homburg
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Phillip Hallam-Baker
- Re: Why are mail servers not also key servers? Wei Chuang
- Re: Why are mail servers not also key servers? Phillip Hallam-Baker
- Re: Why are mail servers not also key servers? John R Levine
- Re: Why are mail servers not also key servers? Martin Thomson
- Re: Why are mail servers not also key servers? Phillip Hallam-Baker
- Re: Why are mail servers not also key servers? Dave Crocker
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Doug Royer