Re: mail crypto, was the introduction problem, was Email
Phillip Hallam-Baker <phill@hallambaker.com> Fri, 13 May 2022 18:27 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35EB1C15EB27 for <ietf@ietfa.amsl.com>; Fri, 13 May 2022 11:27:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.402
X-Spam-Level:
X-Spam-Status: No, score=-1.402 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.248, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qiMiI6WbVvNY for <ietf@ietfa.amsl.com>; Fri, 13 May 2022 11:27:49 -0700 (PDT)
Received: from mail-yb1-f175.google.com (mail-yb1-f175.google.com [209.85.219.175]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 360A0C18352C for <ietf@ietf.org>; Fri, 13 May 2022 11:27:49 -0700 (PDT)
Received: by mail-yb1-f175.google.com with SMTP id r1so16700874ybo.7 for <ietf@ietf.org>; Fri, 13 May 2022 11:27:49 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=vh8bbwRmfSqrLWL6+hmNBW8YYEfT6b4ShqPPaVJ/wIY=; b=F538Z1HStk2kT+m6A6AVx8utKUCdHWNpdBiuSGFitF4QYBzu/5sEyJM+6wsut4zELq Y4KSVZTUV7584xEBo/Mfbo/eDLNL4lBfn1iYxGlHZtsaS8zaTYE8LFuULQ3dPuqGPqGL 53PxgTZxg5DcTIFbbqVFWIIuiI8vGRgcrJOCdQr5XadPper/pqWPdIfKI6dVcdRMDX/n EmlmKnV4RcLS1E/tVD62/vn0gmwXMf3X7iyke5hI5NPsCusHJWjn29MpFJbEfibzU4Qd zfQfAnQNgeiABv6SvUeoNPvtA8u03IgMFSRI3H90brWllTpTDYmbxTVQVNDPMQX+zpvh /caA==
X-Gm-Message-State: AOAM532PJ6sM34z93Kx1gfgOJBuY/lhO26XBLVXlt/u7qShwWVnqJ6V0 vvH0fw5HWYRbwQtR7488zSpL12v0idbV0z8Q7Pg=
X-Google-Smtp-Source: ABdhPJw6+zR/PQSNSu1SddMPNmt4qhs9iP3cvEWXA3lsatSSDnKT2ti3NCpQ1jKNyroIzVBqxY6wWqBbljNw9kY9Tqw=
X-Received: by 2002:a25:2406:0:b0:64c:70a0:af75 with SMTP id k6-20020a252406000000b0064c70a0af75mr1822355ybk.456.1652466468339; Fri, 13 May 2022 11:27:48 -0700 (PDT)
MIME-Version: 1.0
References: <93d9d549a93ce396@orthanc.ca> <20220504024539.852F23F56A58@ary.qy>
In-Reply-To: <20220504024539.852F23F56A58@ary.qy>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Fri, 13 May 2022 14:27:34 -0400
Message-ID: <CAMm+LwgYTWsrV+SM9CP+vZ=CJRLsF6HgmL7Bgd0zxuDds5i+7Q@mail.gmail.com>
Subject: Re: mail crypto, was the introduction problem, was Email
To: John Levine <johnl@taugh.com>
Cc: IETF Discussion Mailing List <ietf@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000d945b705dee8d4f6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/bGDT8m46A_nF9UvyIcJS47_jm9Q>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 May 2022 18:27:50 -0000
On Tue, May 3, 2022 at 10:46 PM John Levine <johnl@taugh.com> wrote: > It appears that Lyndon Nerenberg (VE7TFX/VE6BBM) <lyndon@orthanc.ca> said: > >For an IMAP store things get a bit tricker. It would need a protocol > >exstention that allowed for on-the-fly decryption. > > IMAP does header and content searches, and invariably indexes the > message store and update the indices as messages arrive so the > searches are reasonably fast. A lot of them use SIEVE or something > like it to do mail sorting as the mail arrives. Other than storing all > your keys in your IMAP server, how do you plan to do that? It is my > impression that the vast majority of mail users leave their mail on > the server and see the same folders from multiple devices, so this is > not an edge case, it's the most common case. > > These are not trivial problems. The people who write mail servers are not > completely inept, and if there were easy solutions to key management > problems, > we would have solved them. > There are many things that only look simple AFTER they have been solved. The Web for instance. The key advance in the Web was jettisoning a lot of Ted Nelson's ideology. The focus on payments and copyright and most importantly his insistence that links must never break. What made the Web possible is 404 not found. We have hobbled ourselves with a lot of bad decisions in the PKI space. First and foremost, the P stands for Public. We only ever really focused on managing public keys and left private key management to the users to sort out. Another major issue is that PKIX and PGP are both focused on managing credentials for people that conflate authentication and authorization. This in turn results in the need for certificate expiry and the need for frequent certificate refresh. WebPKI is a little better but it is welded to the DNS which in turn is designed for discovery of Internet hosts, not users and the entire naming system is designed for organizations, not people. This in turn cripples PGP and S/MIME because a binding of a key to ' alice@example.com' is only telling me about the example.com account 'alice', it is not a binding to Alice herself because Alice doesn't own that name. The problem with deployment is that there are a lot of vested interests and everyone is determined that it won't be their ox that is gored. This is not my first rodeo though. The Web did have one major technical advance that Ted did not anticipate: URIs. DECNET file names provided something similar but Dan Connolly's addition of the scheme prefix changed the game. The key to making key management work is to make use of threshold cryptography. At the moment, getting folk to even take notice of my work is a bit difficult. But as I said, this is not my first rodeo. My demo reels show how easy key management can be if we use the right tools: https://www.youtube.com/playlist?list=PLK2hHAOxepEgZtTxX3BtkPUDIJ3--_FAu I have a very simple value proposition for IETF-ers taking notice of Threshold Cryptography: Most employers send employees to forums like IETF so they are up to date with current technology. They are paid to be the eyes and ears of the company. As Principal Scientist, I made it my business to be sure that I understood every technical development that my CEO might call me up to ask a question about at any time without notice. So I am going to be announcing this work at HOPE in NYC just before IETF Philadelphia. Former member of CERN Web team proposes new open infrastructure to secure the Internet is a story designed for the media. I used to get a lot of earned media when I was at VeriSign and I will soon be hiring a PR team to the Mesh Foundation. People can ignore me if they like but having your CEO find out about the next thing through the press could be a career limiting move. The current collapse of the criminal-currency schemes might well make this a very opportune time to launch the Mesh. If people recall, when the Web launched, Time Warner and co were investing hundreds of millions of dollars in what they called 'interactive television' which was not interactive at all, not in any degree. It was the collapse of Interactive TV that led to all those dollars being poured into the Web. As pretty much everyone in this forum knows, 'Web/3' is a fraud, it is not a 'decentralized' anything, it is just another scam designed to empty the pockets of the gullible. What I have is the real deal. Web3 sets expectations that the scammers have no intention of meeting. The Mesh delivers. I think a lot of 'cryptocurrency' companies are going to find that a pivot to the Mesh is the best way to save their investments.
- Service outages planned for April 25 Robert Sparks
- Re: Service outages planned for April 25 Robert Sparks
- Re: Service outages planned for April 25 tom petch
- Re: Service outages planned for April 25 Jay Daley
- Re: Service outages planned for April 25 Keith Moore
- Re: Service outages planned for April 25 Carsten Bormann
- Re: Service outages planned for April 25 Keith Moore
- Re: Service outages planned for April 25 Carsten Bormann
- Re: Service outages planned for April 25 Keith Moore
- Email and reputation (was Re: Service outages pla… Vittorio Bertola
- Re: Email and reputation (was Re: Service outages… Keith Moore
- Re: Mail is worse than everything except all the … John Levine
- Re: the introduction problem, was Email and reput… John Levine
- Re: Mail is worse than everything except all the … Keith Moore
- Re: Mail is worse than everything except all the … Phillip Hallam-Baker
- Re: Mail is worse than everything except all the … Keith Moore
- Re: Mail is worse than everything except all the … John R Levine
- Re: Mail is worse than everything except all the … Keith Moore
- Re: Mail is worse than everything except all the … touch@strayalpha.com
- Re: Mail is worse than everything except all the … Keith Moore
- Re: Mail is worse than everything except all the … Viktor Dukhovni
- Re: Mail is worse than everything except all the … Keith Moore
- Re: Mail is worse than everything except all the … touch@strayalpha.com
- Re: Mail is worse than everything except all the … Keith Moore
- Re: the introduction problem, was Email and reput… Vittorio Bertola
- Re: the introduction problem, was Email and reput… John R Levine
- Re: the introduction problem, was Email and reput… Keith Moore
- Re: the introduction problem, was Email and reput… Viktor Dukhovni
- Re: the introduction problem, was Email and reput… Christian Huitema
- Re: the introduction problem, was Email and reput… Keith Moore
- Re: the introduction problem, was Email and reput… Keith Moore
- Re: the introduction problem, was Email and reput… Viktor Dukhovni
- Re: the introduction problem, was Email and reput… Masataka Ohta
- Re: the introduction problem, was Email and reput… Keith Moore
- Re: the introduction problem, was Email and reput… Masataka Ohta
- Re: the introduction problem, was Email and reput… Viktor Dukhovni
- Re: the introduction problem, was Email and reput… Keith Moore
- Re: the introduction problem, was Email and reput… Michael Richardson
- Re: the introduction problem, was Email and reput… Laurence Lundblade
- Re: the introduction problem, was Email and reput… Keith Moore
- Re: the introduction problem, was Email and reput… John Levine
- Re: the introduction problem, was Email and reput… Lyndon Nerenberg (VE7TFX/VE6BBM)
- Re: mail crypto, was the introduction problem, wa… John Levine
- Re: mail crypto, was the introduction problem, wa… Keith Moore
- Re: mail crypto, was the introduction problem, wa… Christopher Morrow
- Re: mail crypto, was the introduction problem, wa… Keith Moore
- Re: mail crypto, was the introduction problem, wa… John Levine
- Re: mail crypto, was the introduction problem, wa… Keith Moore
- Re: mail crypto, was the introduction problem, wa… Christopher Morrow
- Re: mail crypto, was the introduction problem, wa… Keith Moore
- Deployment strategy for email+ Was: Mail is worse… Phillip Hallam-Baker
- Re: mail crypto, was the introduction problem, wa… Phillip Hallam-Baker
- Re: the introduction problem, was Email and reput… Phillip Hallam-Baker
- Re: the introduction problem, was Email and reput… Phillip Hallam-Baker
- Re: the introduction problem, was Email and reput… John Levine
- Re: the introduction problem, was Email and reput… Keith Moore
- Re: the introduction problem, was Email and reput… Phillip Hallam-Baker
- Re: the introduction problem, was Email and reput… John R Levine
- Re: the introduction problem, was Email and reput… Phillip Hallam-Baker
- Re: the introduction problem, was Email and reput… Masataka Ohta
- Re: the introduction problem, was Email and reput… Masataka Ohta
- Trying to do too much (was Re: the introduction p… Jim Fenton
- Re: Trying to do too much (was Re: the introducti… lloyd.wood@yahoo.co.uk
- Re: Trying to do too much (was Re: the introducti… Phillip Hallam-Baker
- Re: Trying to do too much (was Re: the introducti… Keith Moore
- Re: Trying to do too much (was Re: the introducti… Keith Moore
- Re: Trying to do too much (was Re: the introducti… Michael Richardson
- Re: Trying to do too much (was Re: the introducti… Masataka Ohta
- Re: Trying to do too much (was Re: the introducti… Masataka Ohta
- Re: potable e-mail, now Trying to do too much (wa… John Levine
- Re: Trying to do too much (was Re: the introducti… Phillip Hallam-Baker
- Re: Trying to do too much (was Re: the introducti… Phillip Hallam-Baker
- Re: potable e-mail, now Trying to do too much (wa… Michael Richardson
- Re: Trying to do too much (was Re: the introducti… Keith Moore
- Re: portable e-mail, now Trying to do too much (w… John R Levine
- Re: potable e-mail, now Trying to do too much (wa… Keith Moore
- Re: Trying to do too much (was Re: the introducti… Masataka Ohta
- Re: potable e-mail, now Trying to do too much (wa… Masataka Ohta
- Re: portable e-mail, now Trying to do too much (w… Michael Richardson
- Re: portable e-mail, now Trying to do too much (w… John Levine
- Re: portable e-mail, now Trying to do too much (w… Michael Richardson
- We are not a mail forwarding service Carsten Bormann
- Re: We are not a mail forwarding service John R Levine
- ugly hacks (was: Re: We are not a mail forwarding… Keith Moore
- Re: ugly hacks (was: Re: We are not a mail forwar… John Levine
- Re: ugly hacks (was: Re: We are not a mail forwar… Keith Moore
- Re: We are not a mail forwarding service Robert Sparks
- Re: We are not a mail forwarding service Carsten Bormann
- Re: portable e-mail, now Trying to do too much (w… Phillip Hallam-Baker
- Re: potable e-mail, now Trying to do too much (wa… Phillip Hallam-Baker
- Re: portable e-mail, now Trying to do too much (w… Keith Moore
- Re: portable e-mail, now Trying to do too much (w… Phillip Hallam-Baker