IETF Logo Mail Archive

Re: Proposed Proposed Statement on e-mail encryption at the IETF

Nico Williams <nico@cryptonector.com> Tue, 02 June 2015 17:54 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A76FB1B343A for <ietf@ietfa.amsl.com>; Tue, 2 Jun 2015 10:54:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.666
X-Spam-Level:
X-Spam-Status: No, score=-1.666 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SPvEVnluih9c for <ietf@ietfa.amsl.com>; Tue, 2 Jun 2015 10:54:55 -0700 (PDT)
Received: from homiemail-a98.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id EE4FD1B342B for <ietf@ietf.org>; Tue, 2 Jun 2015 10:54:54 -0700 (PDT)
Received: from homiemail-a98.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a98.g.dreamhost.com (Postfix) with ESMTP id CDD1355409F; Tue, 2 Jun 2015 10:54:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=TGDA7Iq6RJC0D0 q8YnXkCvPjvrU=; b=M7gi8Ic7/sw3CkrvUSOhsotorg+c6yzngu/2kKLMOZE9r8 hUfJHNyNWInCfEH3kycxbwa0eVogrA6VXP4Gk8L7ogVW6kUcTmDFzaMXJN1yZohV ALiOtnIB0k61fJdzi/FcmDrgcjLg/+7ZvlsDJAB1maG6esv4WGKBdSu9TKqTA=
Received: from localhost (108-207-244-174.lightspeed.austtx.sbcglobal.net [108.207.244.174]) (Authenticated sender: nico@cryptonector.com) by homiemail-a98.g.dreamhost.com (Postfix) with ESMTPA id 765D2554137; Tue, 2 Jun 2015 10:48:34 -0700 (PDT)
Date: Tue, 02 Jun 2015 12:48:32 -0500
From: Nico Williams <nico@cryptonector.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: Proposed Proposed Statement on e-mail encryption at the IETF
Message-ID: <20150602174825.GM17122@localhost>
References: <DD88F4E4-6BBA-4610-BB49-3158A26DF55B@hopcount.ca> <2DA10E34-02DA-4245-9031-8C0F2749461D@vpnc.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <2DA10E34-02DA-4245-9031-8C0F2749461D@vpnc.org>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/Uq2VacmHiaKb-BwHRiesHfuS0UE>
Cc: IETF Discussion Mailing List <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jun 2015 17:54:55 -0000

On Tue, Jun 02, 2015 at 10:15:54AM -0700, Paul Hoffman wrote:
> On Jun 2, 2015, at 6:44 AM, Joe Abley <jabley@hopcount.ca> wrote:
> > If the argument that we should use HTTPS everywhere (which I do not
> > disagree with) is reasonable, it feels like an argument about
> > sending encrypted e-mail whenever possible ought to be similarly
> > reasonable. Given that so much of the work of the IETF happens over
> > e-mail, a focus on HTTP seems a bit weird.

There's no point to encrypting (to subscribers) posts to *public*
mailing lists!

There's also no point to doing anything more than DKIM as far as the
mailing list processor goes.

Users should be (and are) able to sign their posts if they like, but I
don't think there's much point to requiring them to.

As to SMTP, see below.

> This is a terrible idea. If the IETF mailer thinks it knows my PGP
> encryption key, and I don't because I have lost it or invalidated it,
> [...]

I agree, but SMTP should still get confidentiality protection,
opportunistically and with DANE.  The reason for this being that sending
MTAs can't know whether some message they are transmitting is going to a
public list -- they must assume that confidentiality is desired in SMTP.

MUAs should also demand confidentiality in SUBMIT, of course.

Nico
--

v2.23.0 | Report a Bug | By Email