IETF Logo Mail Archive

Re: mail crypto, was the introduction problem, was Email

Keith Moore <moore@network-heretics.com> Wed, 04 May 2022 15:10 UTC

Return-Path: <moore@network-heretics.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4009C157B4A for <ietf@ietfa.amsl.com>; Wed, 4 May 2022 08:10:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.753
X-Spam-Level:
X-Spam-Status: No, score=-3.753 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-1.857, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=messagingengine.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nzew_vcYYg59 for <ietf@ietfa.amsl.com>; Wed, 4 May 2022 08:10:43 -0700 (PDT)
Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BAD77C14F72F for <ietf@ietf.org>; Wed, 4 May 2022 08:10:40 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 045DA5C01CE; Wed, 4 May 2022 11:10:39 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Wed, 04 May 2022 11:10:39 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1651677039; x= 1651763439; bh=uMPDiRuM/IpLPgf8jcB7M3xfjJt7Kx6sKlYE4j6vKHc=; b=b DMhKyx8Lvlr74vE7Fkx5w863lSX/w8ruLL9Irp/v3QNw7Wgn8EtLYdml57xcNLmP m5h0WtrdVRUzX1/nQze/XvFHNcS90pHuINtXaomC58EffPSOBwARnIwmz4sv0COu wJ4kykT492tYTBu74OU/ojgOaUk75dHLEiwFHb5ir/vN3wkonNL4aI24uMw8pKGs bL6tnxTnEanf8hewYUnaTqAen0khavWO2CyjdZGEbMsfgYNP3V3aTJGnzAEHrNFd 0yVpwM2Qm6ig+7yBsuCrJ7YHMwmQ+Lf905CEuotgBOzPh5lTpdAhIYv3wC2riJ3G GouZQRehQYJXtpJar6FvA==
X-ME-Sender: <xms:bpdyYoOYrIJjQTxYBCIWHv0qlUJatoC7_oTqxelBiwuSFm_wYWZjfQ> <xme:bpdyYu-9PC8KfSCNAkXHKb9MxqJarq3RPpYpO7b3-3fnvM_5mh4Ys6BAhxLibgDMS fbsM6aV0hMVkw>
X-ME-Received: <xmr:bpdyYvTwNQFBy1u6u_pyK1xAWDITPNou2L1IXaq0I8IM1lQETLufEcidr3pOVxELMvytvtxCELIAkr6cz3tpp23E-HEjzwWrIKGg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrvdelgdekgecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpegtkfffgggfuffvvehfhfgjsegrtderredtfeejnecuhfhrohhmpefmvghithhh ucfoohhorhgvuceomhhoohhrvgesnhgvthifohhrkhdqhhgvrhgvthhitghsrdgtohhmqe enucggtffrrghtthgvrhhnpedtffdtvddvieefffeigffhtdduudetheeigeeviefggfeg vdekiefhheefudejteenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrih hlfhhrohhmpehmohhorhgvsehnvghtfihorhhkqdhhvghrvghtihgtshdrtghomh
X-ME-Proxy: <xmx:bpdyYgs8Rvj7POkHWV--i6aY7OhiHdbGSMbAnoSyXP-UTOLXsSuZuA> <xmx:bpdyYgc3QfAPp5BlWWJgZL0xLIB26u60rE2ciM3RTfE3aAOYu4YR7Q> <xmx:bpdyYk1UjzD5veV1aupDYr7soIi4CiWEPGFf3OmGY2sT4eg9wJpXtg> <xmx:b5dyYqofGyWsuisTvTBeU0RsWUJi2pC6X4mBkBSCY1hFlDL8IAXw-g>
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 4 May 2022 11:10:38 -0400 (EDT)
Content-Type: multipart/alternative; boundary="------------PksGtIngzmgryghJrlbWgIfJ"
Message-ID: <fbcf06d4-6d29-4330-6ba6-f5beeb2310e4@network-heretics.com>
Date: Wed, 04 May 2022 11:10:37 -0400
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0
Subject: Re: mail crypto, was the introduction problem, was Email
Content-Language: en-US
To: Christopher Morrow <morrowc.lists@gmail.com>
Cc: ietf <ietf@ietf.org>
References: <20220504024539.852F23F56A58@ary.qy> <36aef7c4-0df5-34be-725c-02e702986c92@network-heretics.com> <CAL9jLaZAL-v2fgXaGoHcK+UeNpuq-84Ccs4-BBOVoFEDaDaOZQ@mail.gmail.com>
From: Keith Moore <moore@network-heretics.com>
In-Reply-To: <CAL9jLaZAL-v2fgXaGoHcK+UeNpuq-84Ccs4-BBOVoFEDaDaOZQ@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/hVzL1pr-1hJSs74nlJcc7otW9XU>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 May 2022 15:10:47 -0000

On 5/4/22 10:09, Christopher Morrow wrote:

> On Tue, May 3, 2022 at 10:51 PM Keith Moore 
> <moore@network-heretics.com> wrote:
>
>
>     Of course, having email transmitted in cleartext creates lots of
>     nontrivial problems also.  It's just that we regard those problems as
>     "normal", or pretend that they don't exist.
>
>
> How much do we think 'transmitted in cleartext' exists anymore?
> Hadn't all of the large email vendors basically forced TLS on the smtp 
> path ~4-5yrs back?
> Hasn't imap (without TLS) been non-supported by pretty much everyone 
> for ~10+yrs?
TLS is still negotiated on a per-hop basis, and STARTTLS is subject to 
downgrading attacks from well-placed intermediaries.
> Is the problem you (and to some extent John) point out actually 
> data-at-rest and not data-in-flight?

It's both, of course.

Keith

v2.23.0 | Report a Bug | By Email