Re: Proposed Proposed Statement on e-mail encryption at the IETF
Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 02 June 2015 14:12 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0AC4B1AC3E9 for <ietf@ietfa.amsl.com>; Tue, 2 Jun 2015 07:12:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZceNinXbBeq9 for <ietf@ietfa.amsl.com>; Tue, 2 Jun 2015 07:12:01 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CC38D1A6F39 for <ietf@ietf.org>; Tue, 2 Jun 2015 07:11:46 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 2A340BEED; Tue, 2 Jun 2015 15:11:45 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9Ju_X2M8iz5r; Tue, 2 Jun 2015 15:11:39 +0100 (IST)
Received: from [10.87.48.73] (unknown [86.46.31.250]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id BD761BEE7; Tue, 2 Jun 2015 15:11:38 +0100 (IST)
Message-ID: <556DB997.6030800@cs.tcd.ie>
Date: Tue, 02 Jun 2015 15:11:35 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: Joe Abley <jabley@hopcount.ca>, IETF Discussion Mailing List <ietf@ietf.org>
Subject: Re: Proposed Proposed Statement on e-mail encryption at the IETF
References: <DD88F4E4-6BBA-4610-BB49-3158A26DF55B@hopcount.ca>
In-Reply-To: <DD88F4E4-6BBA-4610-BB49-3158A26DF55B@hopcount.ca>
OpenPGP: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="dG2E4DIrTEl8LxCROeDl2AfFCuJ1IMfg2"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/pwGk7aBhhwZfdEMUEKDqRsNtgJU>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jun 2015 14:12:04 -0000
Hiya, On 02/06/15 14:44, Joe Abley wrote: > Hi all, > > All this "HTTPS everywhere" mail collided for me this morning with a > similar avalanche of press about Facebook's freshly-announced use of > PGP: > > https://www.facebook.com/notes/protecting-the-graph/securing-email-communications-from-facebook/1611941762379302 > > Mail to public mailing lists can already be signed (like this one > is). It'd be nice if mailman didn't MITM the signed content, so that > the signature can be validated. (Perhaps it will; I will find out > after I hit send.) A lot of signatures do survive our lists. I think most bad PGP signatures I see on IETF mail happen when someone forwards or quotes and my MUA tries to be a bit too clever. Most s/mime signatures seem to show as bad, I suspect because they chain up to an enterprise CA, but I've not checked. Someone with interest could do a study about that that'd be interesting and informative. (Hint for anyone with cycles and interest:-) One could even imagine creating a useful database of public keys used by IETFers and automating the refresh of that. If there were such a thing that fed into engimail/gpg or the s/mime support in common MUAs that'd be excellent. > There's lots of other mail from individuals to > closed groups like the IAB and the IESG and from IETF robots to > individuals that *could* be encrypted, or at least signed. There is > work here that *could* be done. > > If the argument that we should use HTTPS everywhere (which I do not > disagree with) is reasonable, it feels like an argument about sending > encrypted e-mail whenever possible ought to be similarly reasonable. I think that's not unreasonable but has additional barriers to being tractable. In particular, in my case, I'd need to ensure I could decrypt email on multiple devices (I currently just do that on one) and I'd want (but probably not have) a way to mirror information I store on public keys across those devices too. I think that's all doable for me, but it'd be a bit of work. I doubt I'm alone in either of those respects. I'd also wonder if MUAs would be up to handling all the kinds of forwarding we do, but that's something it'd be useful to find out. > Given that so much of the work of the IETF happens over e-mail, a > focus on HTTP seems a bit weird. Well, putting the initial focus on HTTP(S) is probably correct given that we can more easily do more there, but if you read the proposed statement it does say that it applies across the board (modulo pragmatism of course). > > Note that this is not an attempt to start a conversation about > whether PGP is usable, or whether S/MIME is better. I will fall off > my chair in surprise if it doesn't turn into one, though. We have a list for such discussion [1] if folks feel the need. And I know PHB has an interesting idea to try to merge the two in terms of message formats. I'm not sure that's feasible but discuss on [1] if you feel the need. And please don't have that discussion here unless there's a reason for it to be here and not there:-) Cheers, S. [1] https://www.ietf.org/mailman/listinfo/endymail > > > Joe >
- Proposed Proposed Statement on e-mail encryption … Joe Abley
- RE: Proposed Proposed Statement on e-mail encrypt… MH Michael Hammer (5304)
- Re: Proposed Proposed Statement on e-mail encrypt… Russ Housley
- Re: Proposed Proposed Statement on e-mail encrypt… Jari Arkko
- Re: Proposed Proposed Statement on e-mail encrypt… Stephen Farrell
- Re: Proposed Proposed Statement on e-mail encrypt… Xiaoyin Liu
- Re: Proposed Proposed Statement on e-mail encrypt… Xiaoyin Liu
- Re: Proposed Proposed Statement on e-mail encrypt… Joe Abley
- Re: Proposed Proposed Statement on e-mail encrypt… Hector Santos
- Re: Proposed Proposed Statement on e-mail encrypt… Phillip Hallam-Baker
- Re: Proposed Proposed Statement on e-mail encrypt… Joe Abley
- Re: Proposed Proposed Statement on e-mail encrypt… Måns Nilsson
- Re: Proposed Proposed Statement on e-mail encrypt… John Levine
- Re: Proposed Proposed Statement on e-mail encrypt… John Levine
- Re: Proposed Proposed Statement on e-mail encrypt… Paul Hoffman
- Re: Proposed Proposed Statement on e-mail encrypt… Nico Williams
- Re: Proposed Proposed Statement on e-mail encrypt… Nico Williams
- Re: Proposed Proposed Statement on e-mail encrypt… Phillip Hallam-Baker
- Re: Proposed Proposed Statement on e-mail encrypt… Joe Abley
- Re: Proposed Proposed Statement on e-mail encrypt… Joe Abley
- Re: Proposed Proposed Statement on e-mail encrypt… Paul Hoffman
- Re: Proposed Proposed Statement on e-mail encrypt… Joe Abley
- Re: Proposed Proposed Statement on e-mail encrypt… Paul Wouters
- Re: Proposed Proposed Statement on e-mail encrypt… Måns Nilsson
- Re: Proposed Proposed Statement on e-mail encrypt… Matt Mathis
- Re: Proposed Proposed Statement on e-mail encrypt… Brian E Carpenter
- Re: Proposed Proposed Statement on e-mail encrypt… Phillip Hallam-Baker
- Re: Proposed Proposed Statement on e-mail encrypt… Warren Kumari
- Re: Proposed Proposed Statement on e-mail encrypt… Hector Santos
- Re: Proposed Proposed Statement on e-mail encrypt… Måns Nilsson
- Re: Proposed Proposed Statement on e-mail encrypt… John C Klensin
- Re: Proposed Proposed Statement on e-mail encrypt… Joe Abley
- Re: Proposed Proposed Statement on e-mail encrypt… Glen