Re: On email and web security
Paul Wouters <paul@nohats.ca> Wed, 30 December 2015 20:33 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 215AE1A8913 for <ietf@ietfa.amsl.com>; Wed, 30 Dec 2015 12:33:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.789
X-Spam-Level:
X-Spam-Status: No, score=0.789 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_ADSP_ALL=0.8, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XWlBEZCEx5Qn for <ietf@ietfa.amsl.com>; Wed, 30 Dec 2015 12:33:14 -0800 (PST)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D6C71A8912 for <ietf@ietf.org>; Wed, 30 Dec 2015 12:33:14 -0800 (PST)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3pW47W4mD7z3Pp; Wed, 30 Dec 2015 21:33:11 +0100 (CET)
X-OPENPGPKEY: Message passed unmodified
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id iiRJw4sxdolX; Wed, 30 Dec 2015 21:33:10 +0100 (CET)
Received: from bofh.nohats.ca (206-248-139-105.dsl.teksavvy.com [206.248.139.105]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Wed, 30 Dec 2015 21:33:10 +0100 (CET)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id 61FB5603AF10; Wed, 30 Dec 2015 15:33:04 -0500 (EST)
DKIM-Filter: OpenDKIM Filter v2.10.3 bofh.nohats.ca 61FB5603AF10
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 6111D25937; Wed, 30 Dec 2015 15:33:04 -0500 (EST)
Date: Wed, 30 Dec 2015 15:33:04 -0500
From: Paul Wouters <paul@nohats.ca>
To: "Fred Baker (fred)" <fred@cisco.com>
Subject: Re: On email and web security
In-Reply-To: <304F200F-CF0B-4C23-91F9-BFC06C41BDA8@cisco.com>
Message-ID: <alpine.LFD.2.20.1512301527510.9503@bofh.nohats.ca>
References: <304F200F-CF0B-4C23-91F9-BFC06C41BDA8@cisco.com>
User-Agent: Alpine 2.20 (LFD 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/wTbfk-S8jwgvRez71Gxe3bK9VLw>
Cc: "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Dec 2015 20:33:18 -0000
On Wed, 30 Dec 2015, Fred Baker (fred) wrote: > Second, many of my colleagues have asked me to remove their old keys from my database, because they have forgotten them, although the PGP repository has not. It may be necessary to purge the PGP database, obsoleting and removing keys that have been superseded, and advising holders of keys that their keys are old and should be updated. I actually cannot encrypt to the entire set of keys I downloaded, only those whose holders can still decrypt such communications. That is one of the motivations behind: https://tools.ietf.org/html/draft-ietf-dane-openpgpkey You can also add a milter plugin to sendmail/postfix that will encrypt automatically for you on outgoing/forwarding email: https://github.com/letoams/openpgpkey-milter You can generate openpgpkey records using hash-slinger's openpgp command: https://github.com/letoams/hash-slinger > In other words, tools tend to work a lot better when they are used. We need to actually use our tools, not just as individuals, but as an organization, and where they are not serving us well, we need to correct that. I agree. When I first enabled openpgpkey-milter myself, I forgot that my email is delivered to mx.nohats.ca, and forwarded to a private IP that is my local mailserver at home. So mx.nohats.ca dutyfully encrypted ALL my email it forwarded. Neither I or my mail tools were ready for that. I'm hoping mail clients will be able to receive/decrypt a lot more easilly and store email unencrypted (depending on disk crypto for privacy) so one does not lose the ability to read/search through old email) Paul
- On email and web security Fred Baker (fred)
- Re: On email and web security Paul Wouters
- Re: On email and web security Kathleen Moriarty
- Re: On email and web security Fernando Gont
- Re: On email and web security IETF Chair
- Re: On email and web security John Levine
- Re: On email and web security Michael Richardson
- Re: On email and web security Phillip Hallam-Baker
- Re: On email and web security Doug Royer
- Re: On email and web security Doug Royer
- Re: On email and web security Phillip Hallam-Baker
- Re: On email and web security Phillip Hallam-Baker
- Re: On email and web security l.wood
- Re: On email and web security Steve Crocker
- Re: On email and web security John Levine
- Re: On email and web security Phillip Hallam-Baker
- Re: On email and web security Phillip Hallam-Baker
- Re: On email and web security Doug Barton
- Re: On email and web security Phillip Hallam-Baker
- Re: On email and web security Doug Barton
- Re: On email and web security Dave Cridland
- Re: On email and web security Phillip Hallam-Baker
- Re: On email and web security Doug Barton
- Re: On email and web security Doug Royer
- Re: On email and web security Matthew Kerwin
- Re: On email and web security Doug Royer
- Re: On email and web security John Levine
- Re: On email and web security Doug Barton
- Re: On email and web security John Levine
- Re: On email and web security Doug Barton
- Re: On email and web security Phillip Hallam-Baker
- Re: On email and web security George Michaelson