IETF Logo Mail Archive

Re: Why are mail servers not also key servers?

Phillip Hallam-Baker <phill@hallambaker.com> Fri, 21 April 2017 16:56 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48990129A8F for <ietf@ietfa.amsl.com>; Fri, 21 Apr 2017 09:56:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.397
X-Spam-Level:
X-Spam-Status: No, score=-2.397 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, LOTS_OF_MONEY=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PkXT5WaKNlF2 for <ietf@ietfa.amsl.com>; Fri, 21 Apr 2017 09:56:29 -0700 (PDT)
Received: from mail-oi0-x22d.google.com (mail-oi0-x22d.google.com [IPv6:2607:f8b0:4003:c06::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D47A3127871 for <ietf@ietf.org>; Fri, 21 Apr 2017 09:56:28 -0700 (PDT)
Received: by mail-oi0-x22d.google.com with SMTP id y11so70998940oie.0 for <ietf@ietf.org>; Fri, 21 Apr 2017 09:56:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=gqzuRARF6Aqv1qLNiLNU/OLF/eWyXQKIMGK6c+wKbAA=; b=OPupVy6rhCjZhOOk4mSuMGFN92Dtou3Vif656Tb9jZXUSbeCWQF6qLmk6yJH0Xxyz9 2YBL/+uiPmDetZqOY4AvjIPd7oDEzYiEkYMsstYSOsym2jD2qP8Mmmm7RwC7SO+qzoVo 8hFleawDzk+Mr133dwDvYSUXrLfQ02vvzvPQaRkMcQK5bJclJ2MUYVgZIedYHnhcTu7z Wm42YN2DoMNR7xNKNTwwXDkz014BL0OUSrTylv8SzebJ9TR0NzeTjfqOpPJOxJzbf10s QTuTFkN1dxWiZKzRwgwEE+E3NWz6ePBCzUmCK2Puutmzdul8TN7opeFE8rcUuvIZV6yG xoqg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=gqzuRARF6Aqv1qLNiLNU/OLF/eWyXQKIMGK6c+wKbAA=; b=BILQaUO7Xhw97iMTyQRVUMRwqLAUNWgfF1/EP+JuLFd9CrL6ImJLZjl9VctKlc4v98 9VfO2KNxJ2QJ3z84pWi75FeP5t2vCYyeI8A6aFAjr4uYz5YrI0jEpE102sDT9LPPybWQ ZJJw+9uSoHA0vxyOYDuQQfalxTJ0Y5PiXk8UJ2488Lq2qzyic2lfdKOUz4GrBW4VQPAv W6g04cblBDYtttmr6gh7ncOc7DWyANADh6smry+HuRVrXEBnlIirafZPbKa5lR9lvBSE kCqxM4SkXzyFIkrGb6fmZIIoymVwwjgadPLm5FInP6s2XuX8CJAIMIpuh5DzGMb0N96K 2IBg==
X-Gm-Message-State: AN3rC/7owR3YlQRC9GCdNUu8piToS+2MEdhUTpDbsHNKQCKC51wpEcQf mDfjFqaHCqwJfaKnE/1bYVoT1ItkaQ==
X-Received: by 10.157.47.69 with SMTP id h63mr9016570otb.89.1492793788185; Fri, 21 Apr 2017 09:56:28 -0700 (PDT)
MIME-Version: 1.0
Sender: hallam@gmail.com
Received: by 10.157.22.175 with HTTP; Fri, 21 Apr 2017 09:56:27 -0700 (PDT)
In-Reply-To: <DC47E6048E80CB088257D00D@PSB>
References: <849511c0-6526-ecbe-2b56-7b459eaf010b@hawaii.edu> <B897A3A3-4A47-4C74-B79F-4F93C86A338C@gmail.com> <82ab9e4d-05ba-bc39-c7d1-bda6ee8d9be5@hawaii.edu> <32b6bba4-cd4b-167f-b3d1-36733d1504c2@gmail.com> <20170421133535.GA21229@gsp.org> <E690BED1BD448540F502C8DD@PSB> <4e394b3d-0f12-ef16-65b6-a2b712e98da5@gmail.com> <DC47E6048E80CB088257D00D@PSB>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Fri, 21 Apr 2017 12:56:27 -0400
X-Google-Sender-Auth: OCm50nF4M1aunuBwjDzQq1t_4og
Message-ID: <CAMm+LwhwMwWoXf48dudE_zu=S8xkNOj_cbCRDhwFjipZQEecUQ@mail.gmail.com>
Subject: Re: Why are mail servers not also key servers?
To: John C Klensin <john-ietf@jck.com>
Cc: Doug Royer <douglasroyer@gmail.com>, IETF Discussion Mailing List <ietf@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c030bf677c2c0054db023f1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/rPv1nkpSlCF5A36slaS9cWRzQA0>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Apr 2017 16:56:31 -0000

On Fri, Apr 21, 2017 at 12:28 PM, John C Klensin <john-ietf@jck.com> wrote:

> --On Friday, April 21, 2017 09:52 -0600 Doug Royer
> <douglasroyer@gmail.com> wrote:
>
> > On 04/21/2017 09:48 AM, John C Klensin wrote:
> >
> >>
> >> In addition, as others have pointed out, if you can't trust
> >> your email (server) provider, then expecting others to trust
> >> keys on the basis that they are obtained from that server may
> >> not make a lot of sense.
> >
> > You do not have to trust your or their email server. If you
> > trust the cert issuer. Then use the result.
> >
> > If you do not trust the cert issuer, then do not use the
> > results.
>
> Doug,
>
> Sorry... should have been more explicit (or just stayed out of
> this).  While I agree with you, given the current state of
> certification quality readily available to most of us and the
> process needed, in the general case, to verify a cert, I have a
> lot of trouble figuring out what this thread is about if getting
> the cert from the mail server doesn't add value.
>
​...

The big flaw I see in the current S/MIME PKI is that the WebPKI is only
really designed to support validation of organizations and there is no
comparable infrastructure for individuals. Nor is it possible to extend the
WebPKI approach usefully.

The total market for TLS certs is over $1 billion a year. The market for
S/MIME certs to be used across organizations is less than $10 million. Yes,
there is a market to support Intranet S/MIME but the internet market is
tiny.


One change I would like to see is to make enterprise level S/MIME certs the
norm. So instead of the CA issuing certificates for Alice@example.com, it
issues an example.com certificate that can then be combined with some other
credential issued by example.com that is specific to Alice.

We could use PKIX pathmath and issuer constraints for this of course. But
they are kinda screwed up by existing deployment.
​

​My problem with my code right now is that my original demo was designed to
deep integrate with Outlook Express which became Windows Essentials and is
now unavailable. The new Windows 10 mail client looks like it should be a
lot better and a lot easier to integrate to. However, the client only
became viable a few months ago, with the Anniversary update and the ​API
documentation is almost non existent.

What I need for my demo is the ability to

1) Read the mail client configuration to enumerate accounts and determine
the outbound mail server, etc, etc. for each

2) Create a mail account via an API.

3) Bind the S/MIME credentials.

At present, it seems like the last might need no more than just inserting
the correct cert into the correct cert store and watching it get picked up
automatically.

I would do this for Thunderbird only the code is really impenetrable and
the developers are planning to declare that code base EOL and move to a
scratch rewrite.


​For encryption, an outbound SUBMIT proxy running on the same machine as
the mail client is going to be essential in the short run as strong
addresses and policy driven opportunistic email encryption requires a plug
in approach and plug ins are disappearing from the infrastructure.

v2.23.0 | Report a Bug | By Email