Re: On email and web security

Doug Barton <dougb@dougbarton.us> Wed, 13 January 2016 21:13 UTC

Return-Path: <dougb@dougbarton.us>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B8B411A0141 for <ietf@ietfa.amsl.com>; Wed, 13 Jan 2016 13:13:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.003
X-Spam-Level:
X-Spam-Status: No, score=-2.003 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jfzWo_3mdLuF for <ietf@ietfa.amsl.com>; Wed, 13 Jan 2016 13:13:23 -0800 (PST)
Received: from dougbarton.us (dougbarton.us [IPv6:2607:f2f8:ab14::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C5EF71A0140 for <ietf@ietf.org>; Wed, 13 Jan 2016 13:13:23 -0800 (PST)
Received: from [IPv6:2001:4830:1a00:8056:256e:3c74:d125:8cc1] (unknown [IPv6:2001:4830:1a00:8056:256e:3c74:d125:8cc1]) by dougbarton.us (Postfix) with ESMTPSA id 372B539D07 for <ietf@ietf.org>; Wed, 13 Jan 2016 21:13:23 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dougbarton.us; s=dkim; t=1452719603; bh=50CeUlWSoYrj0GSqWDThcgZ3ZBrI6ZSScJMCt3Yd6xw=; h=Subject:References:To:From:Date:In-Reply-To; b=Ls8lEMdTsuiTHYjt4qefhZZgu3GxNtkYqSWKFD/8PPeR5ORYLgUwNsgEqQmyhgV/C vn7KdKsAcuRHrquUMSWNVZpmE9GunP6jqxZTWHkhc51wEE1OnrAOCps4lXQL3XR+/j s6FqDvNTuu9ZN50mSmyLFC9fScDrmV7/yHo3OXS0=
Subject: Re: On email and web security
References: <304F200F-CF0B-4C23-91F9-BFC06C41BDA8@cisco.com> <5686E386.70008@gmail.com> <CAMm+LwhExTXC6xWDbR0Q5owi45UfBAgR+Z96p4BJWi-_5Q5tXA@mail.gmail.com> <DB4PR06MB4571A77D35C4B525CE73398ADF00@DB4PR06MB457.eurprd06.prod.outlook.com> <CAMm+Lwh_6EP4d4tW8CgKZm36De7rO3VCbrBwa+1PGp9M2F4KLQ@mail.gmail.com> <5695A941.1010501@dougbarton.us> <CAMm+LwiJi+ecYU9edkTJ30rTWtRcarUD2BBYfyvRedRvVzcV5Q@mail.gmail.com> <5695EFC1.7070708@dougbarton.us> <CAKHUCzzxO7V=zipoQR1a_-Sy4AuY6ie7hCa55fd0aaj_BTURXg@mail.gmail.com>
To: ietf@ietf.org
From: Doug Barton <dougb@dougbarton.us>
Openpgp: id=E3520E149D053533C33A67DB5CC686F11A1ABC84
Message-ID: <5696BDF1.5040802@dougbarton.us>
Date: Wed, 13 Jan 2016 13:13:21 -0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0
MIME-Version: 1.0
In-Reply-To: <CAKHUCzzxO7V=zipoQR1a_-Sy4AuY6ie7hCa55fd0aaj_BTURXg@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/WgptLzPzWyRUOHCrgTgfIX5wdfY>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Jan 2016 21:13:24 -0000

On 01/13/2016 12:23 AM, Dave Cridland wrote:
> When senders send to the proxy, they're encrypting in a special way
> which means that the proxy can't decrypt; instead it can only re-key the
> message to each member. The proxy also cannot add other keys (including
> its own), so cannot just add itself as a member and decrypt the result.
> Members receive the message, and thanks to the crypto-fairies, they see
> it as signed by the sender. I like to think of this as a special-case of
> homomorphic encryption, but only so I can sound like I know what I'm
> talking about.

I don't see any way that this could work using PGP, but I confess I 
don't know enough about S/MIME to know if it could be done using it or not.

Doug