IETF Logo Mail Archive

Re: the introduction problem, was Email and reputation (was Re: Service outages planned for April 25)

Laurence Lundblade <lgl@island-resort.com> Tue, 03 May 2022 15:13 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EAA70C159524 for <ietf@ietfa.amsl.com>; Tue, 3 May 2022 08:13:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XhLOY1-w8uWg for <ietf@ietfa.amsl.com>; Tue, 3 May 2022 08:13:38 -0700 (PDT)
Received: from p3plsmtpa12-09.prod.phx3.secureserver.net (p3plsmtpa12-09.prod.phx3.secureserver.net [68.178.252.238]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A628DC14F749 for <ietf@ietf.org>; Tue, 3 May 2022 08:13:38 -0700 (PDT)
Received: from [192.168.1.224] ([187.223.246.171]) by :SMTPAUTH: with ESMTPSA id luDXntNP1QE2DluDYn7uzB; Tue, 03 May 2022 08:13:36 -0700
X-CMAE-Analysis: v=2.4 cv=Csl6zl0D c=1 sm=1 tr=0 ts=627146a0 a=wKfQDskiydb3cER590+wrQ==:117 a=wKfQDskiydb3cER590+wrQ==:17 a=nPCgVW7m7dsnAMOb:21 a=IkcTkHD0fZMA:10 a=l70xHGcnAAAA:8 a=lyf1682xAAAA:8 a=ZTIgijCsx5xGoKQz0-IA:9 a=QEXdDO2ut3YA:10 a=Dg0FMxRAAcqWM_GeaegB:22 a=JtN_ecm89k2WOvw5-HMO:22 a=22KFQSEqVl9V9wpDgu0m:22
X-SECURESERVER-ACCT: lgl@island-resort.com
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
Subject: Re: the introduction problem, was Email and reputation (was Re: Service outages planned for April 25)
From: Laurence Lundblade <lgl@island-resort.com>
In-Reply-To: <32031.1651585670@localhost>
Date: Tue, 03 May 2022 09:13:35 -0600
Cc: ietf@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <0F103DCC-96CF-4FA4-A72B-28731D5BA1CA@island-resort.com>
References: <dcc27c29-51f8-c2a4-8ce4-ee1a3c6cb017@nostrum.com> <AAE3C51B-0150-483C-8244-3D60BC31B19A@tzi.org> <2c5df733-0f86-d319-b886-81882328caa9@network-heretics.com> <1870005490.14504.1651151102962@appsuite-gw1.open-xchange.com> <t4f3j1$1mpc$1@gal.iecc.com> <626060406.28268.1651487745123@appsuite-gw1.open-xchange.com> <2480fd36-c16a-6d98-ddac-15d02259ffbe@taugh.com> <837df6ce-a771-ff2f-515b-1021cc242c23@network-heretics.com> <2E576046-0532-41C8-AF51-1C2D09BC8BAE@dukhovni.org> <32031.1651585670@localhost>
To: Michael Richardson <mcr+ietf@sandelman.ca>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
X-CMAE-Envelope: MS4xfI25Mj4JD3eXMBi47t4lT5bQj64COKH63IEn/1INZr2kt/n6dydEc4LqE9WsqvTdaIVYg03JCDUpLtNuPqDE3XmbktR9rd/OPLbKyLgAdchWr2LkK5G+ 9FYdx/saZaa3kM71xHQhvG8C1sIni7N4OPiTzkXrYfXQBhEiLudOxf2qteI+4UV50P5RBwb1s3ALCaVl/pnEyWJ3euMGMZZnEjbkg1pTYhK7gutPkqnk8CJV
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/T7RdRimNEsUqKFMI_nm7MoRPLj4>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 May 2022 15:13:41 -0000

> On May 3, 2022, at 7:47 AM, Michael Richardson <mcr+ietf@sandelman.ca> wrote:
> 
> 
> Viktor Dukhovni <ietf-dane@dukhovni.org> wrote:
>> Until encrypted email is usable (**search**, long-term signature validation,
>> personal private key rollover, ...), all the key distribution tech in the
>> world won't make it worth adopting.
> 
> But signed email is useable, and having enterprises, banks, and governments
> identity roles would be a significant win against phishing, and yet it's
> still not happening.

Agree about signing. (Related, some people like TruePic are working on signing photos so they can be used for insurance evidence and such. Signing pictures from Ukraine would be good for war crimes prosecution).

Also, the MUA can store the email in decrypted form so it is searchable. Some loss of protection, but not horrible. And the MUA might have an encrypted email database.

I think another big reason that encrypted email hasn’t taken off is that most services that need high security are put into a web page where the provider of the service has much more control over the security. They don’t send your bank statement as a signed & encrypted email, but rather give you a link to a web site to get your bank statement. 

They like driving you to the web site because they can 1) offer a much richer UX, 2) control security with time outs and such, 3) log what is happening, 4) up sell you on other services, 5) make money from advertising.

LL

v2.23.0 | Report a Bug | By Email