Re: Why are mail servers not also key servers?
Viktor Dukhovni <ietf-dane@dukhovni.org> Thu, 20 April 2017 17:35 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6DD21314A3 for <ietf@ietfa.amsl.com>; Thu, 20 Apr 2017 10:35:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GjrntDlLxORS for <ietf@ietfa.amsl.com>; Thu, 20 Apr 2017 10:35:52 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [108.5.242.66]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 948FB1314A5 for <ietf@ietf.org>; Thu, 20 Apr 2017 10:35:52 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id E7CF57A3309; Thu, 20 Apr 2017 17:35:51 +0000 (UTC)
Date: Thu, 20 Apr 2017 17:35:51 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: ietf@ietf.org
Subject: Re: Why are mail servers not also key servers?
Message-ID: <20170420173551.GN25754@mournblade.imrryr.org>
Reply-To: ietf@ietf.org
References: <849511c0-6526-ecbe-2b56-7b459eaf010b@hawaii.edu> <B897A3A3-4A47-4C74-B79F-4F93C86A338C@gmail.com> <82ab9e4d-05ba-bc39-c7d1-bda6ee8d9be5@hawaii.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <82ab9e4d-05ba-bc39-c7d1-bda6ee8d9be5@hawaii.edu>
User-Agent: Mutt/1.7.2 (2016-11-26)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/Sv4fXeYfD8n5rt808edA2eUEjO4>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Apr 2017 17:35:54 -0000
On Thu, Apr 20, 2017 at 07:01:05PM +0200, Jon wrote: > This is why I think smtp should be extended. All your mail agents > support (E)SMTP and presumably they would all support an extension to > smtp. The private keys will need to be stored some how to allow for > multiple clients, but a key generated from user input could be used to > decrypt a stored copy of the private key. A major problems with all E2E email encryption proposals is unrelated to key distribution, none of the extant MUAs provide an adequate interface for E2E encrypted email. + Encrypted email is not searchable. + Encrypted email is difficult to scan for spam and malware + Changing the private key can mean loss of access to email encrypted under the old key. + Signatures stop verifying when the signature key expires, even though they were valid at the the email was received. In addition, nobody is investing any effort into major improvements in standalone MUAs. Free webmail has gotten rather fancy, but content security is not in the provider's interest. Will users want to pay for security that reduces usability? Therefore, for the foreseable future, hop-by-hop TLS is the best security you're likely to get, and is most appropriate for the vast majority of email. It is not enough to invest effort in better key distribution, the effort will be wasted unless the right incentives are in place to induce a similar effort in usability of E2E encrypted email after it arrives. > > 3. How much to you trust your email provider? Because they could > > trivially serve the wrong public key and intercept your traffic. > > I really dislike this argument. You, me, and many others already trust > our mail servers in the same capacity. Sure a mail server could serve > the wrong key and then my mail ends up in a nefarious villains hands, > but that is already the case today. If there's some degree of > confidentiality we at least have traffic interception as a possible case > rather than the default. TLS is quite sufficient to guard against passive monitoring, and the final message stored unencrypted in the user's mailbox is much more usable. Make (stored) E2E email usable, and then there'll may be real incentives to address key distribution. Otherwise, any effort to address key distribution will be largely wasted. Do you have a design for an efficiently searchable and yet secure, encrypted content index that supports concurrent updates from multiple clients without losing data integrity? How do you propose to handle spam and malware? -- Viktor.
- Why are mail servers not also key servers? Jon
- Re: Why are mail servers not also key servers? Nico Williams
- Re: Why are mail servers not also key servers? Viktor Dukhovni
- Re: Why are mail servers not also key servers? Paul Wouters
- Re: Why are mail servers not also key servers? Yoav Nir
- Re: Why are mail servers not also key servers? Yoav Nir
- Re: Why are mail servers not also key servers? Paul Wouters
- Re: Why are mail servers not also key servers? Viktor Dukhovni
- Re: Why are mail servers not also key servers? Matthew Kerwin
- Re: Why are mail servers not also key servers? Jon
- Re: Why are mail servers not also key servers? Nico Williams
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Viktor Dukhovni
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? John Levine
- Re: Why are mail servers not also key servers? Paul Wouters
- Re: Why are mail servers not also key servers? Phillip Hallam-Baker
- RE: Why are mail servers not also key servers? Paul Wouters
- RE: Why are mail servers not also key servers? Rui Costa
- RE: Why are mail servers not also key servers? Rui Costa
- Re: Why are mail servers not also key servers? Martin Thomson
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? John Levine
- Re: Why are mail servers not also key servers? Philip Homburg
- Re: Why are mail servers not also key servers? John Levine
- Re: Why are mail servers not also key servers? Phillip Hallam-Baker
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Rich Kulawiec
- Re: Why are mail servers not also key servers? John C Klensin
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? John C Klensin
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Phillip Hallam-Baker
- Re: Why are mail servers not also key servers? Philip Homburg
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Phillip Hallam-Baker
- Re: Why are mail servers not also key servers? Wei Chuang
- Re: Why are mail servers not also key servers? Phillip Hallam-Baker
- Re: Why are mail servers not also key servers? John R Levine
- Re: Why are mail servers not also key servers? Martin Thomson
- Re: Why are mail servers not also key servers? Phillip Hallam-Baker
- Re: Why are mail servers not also key servers? Dave Crocker
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Doug Royer