Re: The problem we could solve (re github etc.)

[Phillip Hallam-Baker <phill@hallambaker.com>]

On Thu, Jun 10, 2021 at 7:25 AM Alessandro Vesely <vesely@tana.it> wrote:

> On Wed 09/Jun/2021 23:48:30 +0200 Phillip Hallam-Baker wrote:
> > On Wed, Jun 9, 2021 at 5:22 PM John C Klensin <john-ietf@jck.com> wrote:
> >
> >> And I have a question: What does this rather long thread actually have
> to
> >> do with the IETF other than demonstrating that it would be dumb for our
> >> discussions to depend on a providers who intended to support those
> >> discussions by selling subscriptions and/or tracking user behavior
> and/or
> >> comments? >
> > The reason I tried to bring it back to stuff that is in IETF scope was
> > because I see all of these issues as being aspects of the same broken
> > approach to Internet accounts.
>
> There's a field in my Datatracker account linking to my GitHub account.
> GitHub
> has a field for linking Twitter accounts but not IETF ones.  In practice,
> I
> sent the account name to the WG chair via an unsigned email message.  Is
> that
> vulnerable to social engineering attacks?
>

What we need is a mechanism that allows us to link everything to a
permanent identifier that belongs to the user and is thus immutable.

One option is a public key fingerprint. But that has user acceptance issues
and PGP fingerprints have developed as an identifier that is subordinate to
an email address which is the opposite of what we want.

We have to have names that look like 'alice', not a string of base32
characters.

One could find names at less that 1$, but then shouldn't expect to deliver
> much
> of the mail sent from such domains.  The price we pay is for globalness
> and
> some kind of moderation.
>

I spent 25 years working out how to validate keys that a user has attached
to a name and it is near impossible without a national identity card level
of effort and even then the result is limited. It gets us strong binding to
the name holder which is rarely what we want for Internet stuff.

Then I flipped the problem round, what if instead of validating a key, we
have a person use that key to claim a name to serve as an alias for that
key on a first come first served basis. That is entirely tractable and
doesn't require trusted third party, a Merkle Tree over an append only log
is sufficient.

If every message was signed and mail messaging subject to access control,
Alice is going to receive every message from Bob if shed decides to
authorize him to send her mail.

SMTP is not going to be replaced overnight but I think that there might be
a market for an email messaging service for important messages that is
open, end-to-end encrypted and does not allow unauthorized parties to spam.


PHB