IETF Logo Mail Archive

Re: Trying to do too much (was Re: the introduction problem, etc.)

Phillip Hallam-Baker <phill@hallambaker.com> Thu, 19 May 2022 02:50 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D464C1D5ADE for <ietf@ietfa.amsl.com>; Wed, 18 May 2022 19:50:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.403
X-Spam-Level:
X-Spam-Status: No, score=-1.403 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.248, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j8zlWijECmSf for <ietf@ietfa.amsl.com>; Wed, 18 May 2022 19:50:46 -0700 (PDT)
Received: from mail-yb1-f170.google.com (mail-yb1-f170.google.com [209.85.219.170]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D20DC1D5ADC for <ietf@ietf.org>; Wed, 18 May 2022 19:50:46 -0700 (PDT)
Received: by mail-yb1-f170.google.com with SMTP id q135so6752368ybg.10 for <ietf@ietf.org>; Wed, 18 May 2022 19:50:46 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=hYp305L/l77bCNRgdOPPK6Y/Lx3ujUi6v2YsEqETz44=; b=6tLvoWXJEY0DrdyNgVckAxkq4Soa6BFBNp29feBvajXuZTVCGSTuh5Q72GHD4jI9k0 urzTcvaziFVNL9ygf/vNxH00OKpGtFaKA9Ov/yBUhryMiZlrK0CE84yKqC97ncjGHs8R fi6XyGTxaO/9as9dYZs5sVJIPk1JyPxbS8OaKZh/2SKKz5ma5WY2byYNfhhJ82W6R1VN fL1TfJ2juEwVpe7qVm8n423BE+Sr25gyBabpJ9byLOzYIb/3o6AUr7v/VtukPzbrdDE1 pXFwgd1OkX8S8JYKdNqejtrwGPrFX50IFgIXKUtP3OecftDe8TM30jx5IJT3npdtfPdE dA5Q==
X-Gm-Message-State: AOAM533h6wB5yLrc4QoRoGlgdXer1t3v/k0eUmiTpz/RmWobNIRr5WQb rVRSTSZicYjMHKrkXmwOILFNbPX7A31xfm6FfPdH4Ml1ITE=
X-Google-Smtp-Source: ABdhPJwkna56L275KeZrwFBbtPTpYF3SJFUpiBSMOJXX5fJzgeltMkM6HWgbX633oZHl3RmyB/+Vy9+IWlJk+0e3rzE=
X-Received: by 2002:a05:6902:154f:b0:64f:2bd1:3d39 with SMTP id r15-20020a056902154f00b0064f2bd13d39mr1704308ybu.456.1652928645714; Wed, 18 May 2022 19:50:45 -0700 (PDT)
MIME-Version: 1.0
References: <CAMm+LwhD8wHJ284z91X5XP-8f+9=Dx1Kd50=8-Pd3SX==W6ivw@mail.gmail.com> <20220514171447.23A3840334EA@ary.qy> <CAMm+LwivypwPG_mAc=3w=dY4w9rgvO8+qY=c3Et+Gkitdw8GMA@mail.gmail.com> <3a66b3f8-03c0-d6b4-51fc-df093d88524f@taugh.com> <CAMm+LwjddEN3zS76SCnNtRb1cvq3ofnDdy6YXP5-SqjEsf2-8Q@mail.gmail.com> <a18d7934-acc8-ec51-1671-fa2ed98285e9@necom830.hpcl.titech.ac.jp> <A744D295-3C2D-46B9-AFD8-E3174115F15A@bluepopcorn.net>
In-Reply-To: <A744D295-3C2D-46B9-AFD8-E3174115F15A@bluepopcorn.net>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Wed, 18 May 2022 22:50:33 -0400
Message-ID: <CAMm+LwiEAfB7T-A6d0_RY0qbNXdw_U999=610n29z4+9OKj1qQ@mail.gmail.com>
Subject: Re: Trying to do too much (was Re: the introduction problem, etc.)
To: Jim Fenton <fenton@bluepopcorn.net>
Cc: IETF Discussion Mailing List <ietf@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c456dd05df5470de"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/yW-VrWGVyGPDSavu58IqKIJUkPU>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 May 2022 02:50:50 -0000

I agree in part.

Over 90% of my emails are from mailing lists and SMTP mailing lists are a
real Rube Goldberg affair. This is the exact problem NNTP set about trying
to solve. It is a flawed solution but the idea that mailing lists are a
separate modality is sound.

That said, I think far too often IETF protocols have failed because they
have tried to do too little. Take PKIX which has three certificate status
mechanisms because each time we tried to do the job properly, there was a
chorus of 'don't try to boil the ocean'. And we ended up with an inadequate
solution that inevitably led to the next one.

What SMTP lacks did not exist when it was first proposed. We did not have
the technology even if we understood the requirements.

* We have portable telephone numbers, why don't we have portable email
addresses?

* Why do I have to use different protocols to send Alice a message of 100
characters, 10MB and 10 GB ?


I have phase 1 of the Mesh ready for release:
https://www.youtube.com/watch?v=zrBv717w8yY

The basic premise here is that the missing part of PUBLIC Key
Infrastructure was managing the private keys. The Mesh is designed to be a
configure and forget technology. Once you have connected a device to your
personal Mesh and said what its authorized functions are, all the
provisioning of keys and credentials takes place automatically.

No matter whether you want your end-to-end messaging scheme to be based on
OpenPGP, S/MIME or Mesh Messaging, the Mesh can do all the heavy lifting of
managing private keys and credentials for you.


Phase 1 of the Mesh provides an end to end secure password vault. Now
provisioning public key pairs to devices so that they can access a password
vault for authentication is a necessary transitional strategy but it is
clearly bogus long term. When I was cutting the demo reels I said the next
phase will be to provision out FIDO keys and credentials to the devices.

After reading the FIDO alliance materials and working on the problem a bit,
I have changed my mind: Every browser already supports everything I need in
TLS Client Authentication. All I need to do is use the Mesh to provision
TLS Client auth keys and certificates to each device.

All we need to do is to write a profile that allows Web sites to specify
Mesh TLS client auth certs and we are done (for authentication at least,
not for ceremony).


I do agree that we need multiple types of messaging interaction but I think
we can use a common messaging protocol base with all the authentication /
encryption / payment schemes in place.

Where I plan to go in phase 3 is workflow.


On Wed, May 18, 2022 at 7:53 PM Jim Fenton <fenton@bluepopcorn.net> wrote:

> Reading this long thread on the introduction problem and all sorts of
> other things reminds me that it isn’t productive to try to solve all of
> email’s problems with a single protocol. Email evolved as an easy way to
> contact basically anyone, and as a result got used for a lot of
> applications with different (and even conflicting) requirements.
>
> We should be working defining a number of protocols that handle some of
> the things that email is used for today, and that email doesn’t do well.
> Some examples might be mailing lists, newsletters, advertising,
> notifications, and even personal correspondence. Some of these have an
> introduction problem, and others are explicitly opt-in and could solve the
> problem at opt-in time. They might even be merged together for the user so
> they don’t need to look at multiple things. And yes, there would still be
> email to handle the “everything else” cases.
>
> I’ve been playing around with something to handle notifications, but it’s
> not clear how that would achieve deployment even if it worked well. There
> is a definite chicken-and-egg problem here.
>
> -Jim
>
>

v2.23.0 | Report a Bug | By Email