[Mailsec] (no subject)

Steffen Nurpmeso <steffen@sdaoden.eu> Thu, 26 August 2021 21:57 UTC

Return-Path: <steffen@sdaoden.eu>
X-Original-To: mailsec@ietfa.amsl.com
Delivered-To: mailsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 054FA3A07DA; Thu, 26 Aug 2021 14:57:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.101
X-Spam-Level:
X-Spam-Status: No, score=-0.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MISSING_SUBJECT=1.799, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NQRJF7DugtDa; Thu, 26 Aug 2021 14:57:37 -0700 (PDT)
Received: from sdaoden.eu (sdaoden.eu [217.144.132.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9130C3A07DE; Thu, 26 Aug 2021 14:57:35 -0700 (PDT)
Received: from kent.sdaoden.eu (kent.sdaoden.eu [10.5.0.2]) by sdaoden.eu (Postfix) with ESMTPS id 6712616056; Thu, 26 Aug 2021 23:57:32 +0200 (CEST)
Received: by kent.sdaoden.eu (Postfix, from userid 1000) id 30952CA3; Thu, 26 Aug 2021 23:57:30 +0200 (CEST)
Date: Thu, 26 Aug 2021 23:57:30 +0200
Author: Steffen Nurpmeso <steffen@sdaoden.eu>
From: Steffen Nurpmeso <steffen@sdaoden.eu>
To: Michael Peddemors <michael@linuxmagic.com>
Cc: extra@ietf.org, Michael Slusarz <michael.slusarz=40open-xchange.com@dmarc.ietf.org>, mailsec@ietf.org, Steffen Nurpmeso <steffen@sdaoden.eu>
Message-ID: <20210826215730.ispdH%steffen@sdaoden.eu>
Mail-Followup-To: Michael Peddemors <michael@linuxmagic.com>, extra@ietf.org, Michael Slusarz <michael.slusarz=40open-xchange.com@dmarc.ietf.org>, mailsec@ietf.org, Steffen Nurpmeso <steffen@sdaoden.eu>
User-Agent: s-nail v14.9.22-175-gc118a4a5c7
OpenPGP: id=EE19E1C1F2F7054F8D3954D8308964B51883A0DD; url=https://ftp.sdaoden.eu/steffen.asc; preference=signencrypt
BlahBlahBlah: Any stupid boy can crush a beetle. But all the professors in the world can make no bugs.
Archived-At: <https://mailarchive.ietf.org/arch/msg/mailsec/9B6B4xY-xbvPFNGWAoqaSmEfj-0>
Subject: [Mailsec] (no subject)
X-BeenThere: mailsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Email Security Issues <mailsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mailsec>, <mailto:mailsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mailsec/>
List-Post: <mailto:mailsec@ietf.org>
List-Help: <mailto:mailsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mailsec>, <mailto:mailsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Aug 2021 21:57:42 -0000

Subject: Re: [OFFLIST] Re: [Mailsec] [Extra] Advanced ("Modern & Secure") Email Authentication
# Removing or modifying In-Reply-To: breaks the old, and starts a new thread.
# Assigning hyphen-minus - creates a thread of only the replied-to message
In-Reply-To: <9b64aff9-d9fa-f374-a302-25edc1922648@linuxmagic.com>

Michael Peddemors wrote in
 <9b64aff9-d9fa-f374-a302-25edc1922648@linuxmagic.com>:
 ...

I apologise to have addressed you -- it rather should have been
sent primarily to the original poster.

And in general it was possibly a bit over-reacted.
But ..hm.. not that much.  I already read mails from
administrators stating to me "i now use X" when setting free my
mail account, and i understood that Signal.

It is just that i personally get angry when even better security
is spoken ill of, whereas people sit in front of browser code
bases of dozens of millions lines of code, with enabled
Javascript, and logging into accounts via HTTPS and Cookies that
have been set months ago.  I at least use two totally separated
browser sandboxes for normal browsing (everything but x) and
"secure" browsing (everything with an account, etc, where that
profile directory is an encrypted directory).  But i think this is
not normal, i think the default is people using one browser
instance for anything.  Of course, this is nothing the IETF can
improve.  Since JMAP was the starter of this thread, i guess the
time where "anything is an object accessible via an omnipotent
protocol that is spoken also by browsers" is not that far off.  In
sofar clamping client possibilities now that the protocol is
omnipotent is the right way to go.  Nothing the IETF can do about
(no?).  An interesting topic for user interface providers,
configuring firefox just to turn off all the things is an
experience, what if i would have a smartphone with dozens of apps,
and my service provider would present me with a long list of
switches to configure access of that app when i use it the first
time to contact service provider a, b, c?  Wow!  (In fact
i _cannot_ configure firefox right, it is just too messy.  Someone
pointed me to the uMatrix Plug-In, and i use it, it really helps
-- it is the only plugin i have.  One would not think _how_ messy
even the simplemost web pages are, and from _how many_ different
providers they slurp in scripts, graphics, and whatever else.  It
is just a huge pile of crap!  _How can this be secure??_  And
scripting everywhere, and "most modern" other things, where the
results could have been implemented pre-Y2K with the CSS available
by then.  Etc. etc.)

Again apologies for addressing you as the primary receiver!

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)