IETF Logo Mail Archive

Re: mail crypto, was the introduction problem, was Email

Keith Moore <moore@network-heretics.com> Wed, 04 May 2022 20:20 UTC

Return-Path: <moore@network-heretics.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4DEF5C159A2A for <ietf@ietfa.amsl.com>; Wed, 4 May 2022 13:20:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.753
X-Spam-Level:
X-Spam-Status: No, score=-3.753 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-1.857, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=messagingengine.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ElI3boeEDkVK for <ietf@ietfa.amsl.com>; Wed, 4 May 2022 13:20:31 -0700 (PDT)
Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F4ACC159A23 for <ietf@ietf.org>; Wed, 4 May 2022 13:20:26 -0700 (PDT)
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.west.internal (Postfix) with ESMTP id 0DB623200930 for <ietf@ietf.org>; Wed, 4 May 2022 16:20:21 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163]) by compute5.internal (MEProxy); Wed, 04 May 2022 16:20:22 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1651695621; x= 1651782021; bh=MqZsQSDT7f+YxrdP9nhDFmB3+jqpDf+BZwQCsMUNK+0=; b=v nTImv9jWlqKlOxkvuSQEfXwls2jMUW5UxOr2yPs5rSnNdXWwqJYJ4ngFPcpg42SA QGJXHTsXy89Yt80SwfV3W4NTBPGOlX8RIrOSA44WcU7z03EbmytcyGhRr5YPJQ6i KfZ9jL0W3RT5P05iK5iA8gf6dnCGAVHQ6yS8DnELnYHAq6XYSatwX3zoXqy0h3DA CfZPb5xn6L1INJ31DN4urVlpB05HWGmROQK9nMOJy65xHw0BHrIc4UyvD80QUvzD OUxXJ8XdH2OUwfOGRfH6xnmJxgxkIgtAzMx6XXdJWjiNtzTloWT4bq7p/JZKcQr7 2MFEio3UIt49c8w2S20bg==
X-ME-Sender: <xms:BeByYpkCZzu4ySiRfsYkA0891McDhQ2y73dIVvFTUOBypm3Amt4Wvg> <xme:BeByYk2tMzIKFCo5_bHhN8QU9FBKulOTgy2PPqHTNQeY2ggQLvrFoClvOp4cz21Cx V1YKQh6r6Fp2w>
X-ME-Received: <xmr:BeByYvpPEE6vpan4wwS1nNMwNxy8GIatRquveYliNHBNYB4QlOwebTwM2uHBJD0kaG1BBogkBObHfmsWgpNN-2Pxf1kwcZbvN-dG>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrvdelgddugeejucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpegtkfffgggfuffvfhfhjgesrgdtre ertdefjeenucfhrhhomhepmfgvihhthhcuofhoohhrvgcuoehmohhorhgvsehnvghtfiho rhhkqdhhvghrvghtihgtshdrtghomheqnecuggftrfgrthhtvghrnhepheefuddvgefgfe evieeigfegledufeejudeiteeludegfeffleffveeiffekieffnecuvehluhhsthgvrhfu ihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepmhhoohhrvgesnhgvthifohhrkh dqhhgvrhgvthhitghsrdgtohhm
X-ME-Proxy: <xmx:BeByYpkVKLDjWCi66BleVCYxG3vz-zaRr8kCKPjfSxDRRYbepfEDOQ> <xmx:BeByYn1syNdbtvvUfId5jErVwFJlOStVaAao8-mz5clufkZ-IjVugg> <xmx:BeByYosb8dsmBltrY8POrsjMeXo_gKrRtnQgbOJDEG50Gm9-TxTK1w> <xmx:BeByYoDHUZaVzIMUfpPx9JsnTNjZlww6SPRMwSL4gIKELSbS5b0Fog>
Received: by mail.messagingengine.com (Postfix) with ESMTPA for <ietf@ietf.org>; Wed, 4 May 2022 16:20:21 -0400 (EDT)
Content-Type: multipart/alternative; boundary="------------yqwZjfDVVyXb0enXqiz0A3gT"
Message-ID: <a4b68123-a0f2-bf4a-f576-f7858f441fad@network-heretics.com>
Date: Wed, 04 May 2022 16:20:20 -0400
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0
Subject: Re: mail crypto, was the introduction problem, was Email
Content-Language: en-US
To: ietf@ietf.org
References: <20220504190313.9F3D13F5F019@ary.qy>
From: Keith Moore <moore@network-heretics.com>
In-Reply-To: <20220504190313.9F3D13F5F019@ary.qy>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/rz51yJIcSVzEia_ov_fjYXxChRI>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 May 2022 20:20:35 -0000

On 5/4/22 15:03, John Levine wrote:

>>> How much do we think 'transmitted in cleartext' exists anymore?
>> TLS is still negotiated on a per-hop basis, and STARTTLS is subject to
>> downgrading attacks from well-placed intermediaries.
> Only for domains that don't support MTA-STS or DANE TLSA.

Fair point but I wonder how much it actually matters in practice.  I 
suppose setting up a "well-placed intermediary" is somewhat easier if 
you don't need an insider to give you access to the cleartext emails.  
But having emails stored in cleartext on relaying SMTP servers still 
seems like a big vulnerability in today's world.

Keith

v2.23.0 | Report a Bug | By Email