Re: Proposed Proposed Statement on e-mail encryption at the IETF

Hiya,

On 02/06/15 14:44, Joe Abley wrote:
> Hi all,
> 
> All this "HTTPS everywhere" mail collided for me this morning with a
> similar avalanche of press about Facebook's freshly-announced use of
> PGP:
> 
> https://www.facebook.com/notes/protecting-the-graph/securing-email-communications-from-facebook/1611941762379302
>
>  Mail to public mailing lists can already be signed (like this one
> is). It'd be nice if mailman didn't MITM the signed content, so that
> the signature can be validated. (Perhaps it will; I will find out
> after I hit send.) 

A lot of signatures do survive our lists. I think most bad
PGP signatures I see on IETF mail happen when someone forwards
or quotes and my MUA tries to be a bit too clever. Most s/mime
signatures seem to show as bad, I suspect because they chain
up to an enterprise CA, but I've not checked.

Someone with interest could do a study about that that'd be
interesting and informative. (Hint for anyone with cycles
and interest:-) One could even imagine creating a useful
database of public keys used by IETFers and automating the
refresh of that. If there were such a thing that fed into
engimail/gpg or the s/mime support in common MUAs that'd
be excellent.

> There's lots of other mail from individuals to
> closed groups like the IAB and the IESG and from IETF robots to
> individuals that *could* be encrypted, or at least signed. There is
> work here that *could* be done.
> 
> If the argument that we should use HTTPS everywhere (which I do not
> disagree with) is reasonable, it feels like an argument about sending
> encrypted e-mail whenever possible ought to be similarly reasonable.

I think that's not unreasonable but has additional barriers to
being tractable. In particular, in my case, I'd need to ensure
I could decrypt email on multiple devices (I currently just do
that on one) and I'd want (but probably not have) a way to mirror
information I store on public keys across those devices too. I
think that's all doable for me, but it'd be a bit of work.

I doubt I'm alone in either of those respects.

I'd also wonder if MUAs would be up to handling all the kinds of
forwarding we do, but that's something it'd be useful to find
out.

> Given that so much of the work of the IETF happens over e-mail, a
> focus on HTTP seems a bit weird.

Well, putting the initial focus on HTTP(S) is probably correct
given that we can more easily do more there, but if you read the
proposed statement it does say that it applies across the board
(modulo pragmatism of course).

> 
> Note that this is not an attempt to start a conversation about
> whether PGP is usable, or whether S/MIME is better. I will fall off
> my chair in surprise if it doesn't turn into one, though.

We have a list for such discussion [1] if folks feel the need.
And I know PHB has an interesting idea to try to merge the two
in terms of message formats. I'm not sure that's feasible but
discuss on [1] if you feel the need. And please don't have that
discussion here unless there's a reason for it to be here and
not there:-)

Cheers,
S.

[1] https://www.ietf.org/mailman/listinfo/endymail

> 
> 
> Joe
> 

Re: Proposed Proposed Statement on e-mail encryption at the IETF

Attachment: 0x805F8DA2.asc

Attachment: signature.asc