IETF Logo Mail Archive

Re: Scope for self-destructing email?

Ted Hardie <ted.ietf@gmail.com> Wed, 16 August 2017 16:49 UTC

Return-Path: <ted.ietf@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7461B132351 for <ietf@ietfa.amsl.com>; Wed, 16 Aug 2017 09:49:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bUxQxA1eHHY6 for <ietf@ietfa.amsl.com>; Wed, 16 Aug 2017 09:49:42 -0700 (PDT)
Received: from mail-qt0-x22c.google.com (mail-qt0-x22c.google.com [IPv6:2607:f8b0:400d:c0d::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7FC87132339 for <ietf@ietf.org>; Wed, 16 Aug 2017 09:49:42 -0700 (PDT)
Received: by mail-qt0-x22c.google.com with SMTP id 16so24115314qtz.4 for <ietf@ietf.org>; Wed, 16 Aug 2017 09:49:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=ME4HYmjIOxrTex4nPylGyiun/l7Oi4tsApR6SXyuOxY=; b=ASnR1pf//avEqIOTHPsiH4gP/xoxceCoNViZ0BhoG132ethzLMaaPa7/+oQp+CNKvs nWuWMc5vD085/KzAKvuWOHvL3EAgb/KozvEXRdht3ESdrdMMR3bD12RK7IfjyzrXZvEF 7/Lo3kLlVDP73TLgZbtzA50cQIut+ZN3FP/P4FQI6M6AQaDS5xdvDIF9pW24Sj2tcjQ5 cu3Xqg+qzK7YHDLpRuZukBdAkB2Z4jmVmc7lJIDf1fRlTtSVqUdGw2hDtAyrTKOi85uf 5KEaEK3XtJidGh6GMriXkkpG5DgBZVhokYINhzj/aTKt6MUr2OnxGgJXUuKKHKv9Ewdh cNKQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=ME4HYmjIOxrTex4nPylGyiun/l7Oi4tsApR6SXyuOxY=; b=CAsO/Jn9JY2SQ86iMTUfdbUeGejB2I1lAxa4h2NhULG1chZaxT+FC83P4J3x5xCkNa ZGvQ9cwCpOOj7ytqYSYiJQOP79dOo1AucdTxsOxp7VNVItphyY4MAFQ7OusDN8WijBm1 1G31g2TH0YJH0jQe+R6vu245GGIAHHCgUkTzrTE/F6RrNerSfNZfekfMNCj/V567rv6N JapUmRQLW3H2sGmdj8JPvBuhF4lTMi/+nDiQypJJVefZXgctK1TlFoYink9Y+rqMZWDl NF212mTMCVSnMMMSe8tc2OpCaTZUrD3mYKDvE9tzslAYwoYgK8E/1JNshU5WuhhUAEVG EvEQ==
X-Gm-Message-State: AHYfb5g0BRjVrmMUNF2U1EXQEAHHxlcqYGRAkKsEbVA1uiEueKMeKeDk Pd2oXlt+DnHrNMivzFMrpXmOzC3naQ==
X-Received: by 10.200.40.197 with SMTP id j5mr3197092qtj.100.1502902181418; Wed, 16 Aug 2017 09:49:41 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.237.59.248 with HTTP; Wed, 16 Aug 2017 09:49:11 -0700 (PDT)
In-Reply-To: <CACZ1GiooBdEZ_YcBZPQNFkbT0DsGf-Cu25fPYzWcLamLUAH+TA@mail.gmail.com>
References: <CACZ1GipivEf31iHchaM1OPFQF4QkfVRGVNsY_vVx=J8oFZ0JZA@mail.gmail.com> <b1289123-04ac-e62b-879e-614fae9b20b0@bogus.com> <CACZ1GiooBdEZ_YcBZPQNFkbT0DsGf-Cu25fPYzWcLamLUAH+TA@mail.gmail.com>
From: Ted Hardie <ted.ietf@gmail.com>
Date: Wed, 16 Aug 2017 09:49:11 -0700
Message-ID: <CA+9kkMAAQh64M59g0Jn=2j0czS6q56-yoOadGMoeVMTZ=4Z72Q@mail.gmail.com>
Subject: Re: Scope for self-destructing email?
To: vaibhav singh <vaibhavsinghacads@gmail.com>
Cc: joel jaeggli <joelja@bogus.com>, "ietf@ietf.org Discussion" <ietf@ietf.org>
Content-Type: multipart/alternative; boundary="001a114069a4a7df060556e1ae90"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/gMVhb405XlGjrH4ljT_-p6UsN5A>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Aug 2017 16:49:44 -0000

On Tue, Aug 15, 2017 at 9:50 PM, vaibhav singh <vaibhavsinghacads@gmail.com>
wrote:

>
> 4.) A really boiled down version of ephemeral mails could just mark the
> mail "outdated" if the information provided in the mail is not expected to
> hold good after some time, instead of actually expunging the mail.
>
>
>
> *why not try to accommodate both realitys and define a feature which is
> called "Invalidation of Messages" or similar instead of "Destructible
> Messages". The goal of this feature should be to mark messages in a way,
> that the client somehow can mark the message as "not being relevant
> anymore" or something like that. So it could still be displayed but grayed
> out for example telling the receiver that the message can be ignored.
> Additionally there could then be added an attribute "deletionrequest" which
> can be set for clients which really want to have destructible messages like
> Signal does.*
>
> Any thoughts?
>
>
I think there are two potential lines of development here, though I confess
I am skeptical of the value of either.

The first is providing a facility that declares a particular message to be
automatically overcome by events at a particular time, leaving it
completely up to the recipient how to process the message based on that
metadata.  There are simple message types (today's weather, lunch
availability, etc.) that could be thus set to be marked OBE when no longer
relevant.  Some clients might choose to auto-delete them or auto-archive
them when the time is reached, but this would be because of their preferred
handling and not a guarantee to the sender that the sender's intent is
being honored.  A message header like OBE-At: could be registered
provisionally without much hassle, and you could see if it saw
implementation and use.

The second is a trickier question:  is it possible to construct a message
such that it is cryptographically non-repudiable within a set time frame
but repudiable thereafter?  I think the answer to this is yes, but it
relies on a carefully crafted interaction among the use of limited validity
certificates, requirements to confirm validity with a CA, and CA behavior.
You could deploy that in a limited environment, in other words, and see if
it was useful enough to make the behavior standard.  It's less clear to me,
though, why it would be useful.  The one scenario I can construct is
financial, as part of the flow for placing a time limited order, but the
flow seems strictly worse that a simpler flow that includes the time limit
for the order within a message which is permanently non-repudiable.

regards,

Ted

v2.23.0 | Report a Bug | By Email