[Mailsec] (no subject)
Steffen Nurpmeso <steffen@sdaoden.eu> Thu, 26 August 2021 21:57 UTC
Return-Path: <steffen@sdaoden.eu>
X-Original-To: mailsec@ietfa.amsl.com
Delivered-To: mailsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 054FA3A07DA; Thu, 26 Aug 2021 14:57:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.101
X-Spam-Level:
X-Spam-Status: No, score=-0.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MISSING_SUBJECT=1.799, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NQRJF7DugtDa; Thu, 26 Aug 2021 14:57:37 -0700 (PDT)
Received: from sdaoden.eu (sdaoden.eu [217.144.132.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9130C3A07DE; Thu, 26 Aug 2021 14:57:35 -0700 (PDT)
Received: from kent.sdaoden.eu (kent.sdaoden.eu [10.5.0.2]) by sdaoden.eu (Postfix) with ESMTPS id 6712616056; Thu, 26 Aug 2021 23:57:32 +0200 (CEST)
Received: by kent.sdaoden.eu (Postfix, from userid 1000) id 30952CA3; Thu, 26 Aug 2021 23:57:30 +0200 (CEST)
Date: Thu, 26 Aug 2021 23:57:30 +0200
Author: Steffen Nurpmeso <steffen@sdaoden.eu>
From: Steffen Nurpmeso <steffen@sdaoden.eu>
To: Michael Peddemors <michael@linuxmagic.com>
Cc: extra@ietf.org, Michael Slusarz <michael.slusarz=40open-xchange.com@dmarc.ietf.org>, mailsec@ietf.org, Steffen Nurpmeso <steffen@sdaoden.eu>
Message-ID: <20210826215730.ispdH%steffen@sdaoden.eu>
Mail-Followup-To: Michael Peddemors <michael@linuxmagic.com>, extra@ietf.org, Michael Slusarz <michael.slusarz=40open-xchange.com@dmarc.ietf.org>, mailsec@ietf.org, Steffen Nurpmeso <steffen@sdaoden.eu>
User-Agent: s-nail v14.9.22-175-gc118a4a5c7
OpenPGP: id=EE19E1C1F2F7054F8D3954D8308964B51883A0DD; url=https://ftp.sdaoden.eu/steffen.asc; preference=signencrypt
BlahBlahBlah: Any stupid boy can crush a beetle. But all the professors in the world can make no bugs.
Archived-At: <https://mailarchive.ietf.org/arch/msg/mailsec/9B6B4xY-xbvPFNGWAoqaSmEfj-0>
Subject: [Mailsec] (no subject)
X-BeenThere: mailsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Email Security Issues <mailsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mailsec>, <mailto:mailsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mailsec/>
List-Post: <mailto:mailsec@ietf.org>
List-Help: <mailto:mailsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mailsec>, <mailto:mailsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Aug 2021 21:57:42 -0000
Subject: Re: [OFFLIST] Re: [Mailsec] [Extra] Advanced ("Modern & Secure") Email Authentication # Removing or modifying In-Reply-To: breaks the old, and starts a new thread. # Assigning hyphen-minus - creates a thread of only the replied-to message In-Reply-To: <9b64aff9-d9fa-f374-a302-25edc1922648@linuxmagic.com> Michael Peddemors wrote in <9b64aff9-d9fa-f374-a302-25edc1922648@linuxmagic.com>: ... I apologise to have addressed you -- it rather should have been sent primarily to the original poster. And in general it was possibly a bit over-reacted. But ..hm.. not that much. I already read mails from administrators stating to me "i now use X" when setting free my mail account, and i understood that Signal. It is just that i personally get angry when even better security is spoken ill of, whereas people sit in front of browser code bases of dozens of millions lines of code, with enabled Javascript, and logging into accounts via HTTPS and Cookies that have been set months ago. I at least use two totally separated browser sandboxes for normal browsing (everything but x) and "secure" browsing (everything with an account, etc, where that profile directory is an encrypted directory). But i think this is not normal, i think the default is people using one browser instance for anything. Of course, this is nothing the IETF can improve. Since JMAP was the starter of this thread, i guess the time where "anything is an object accessible via an omnipotent protocol that is spoken also by browsers" is not that far off. In sofar clamping client possibilities now that the protocol is omnipotent is the right way to go. Nothing the IETF can do about (no?). An interesting topic for user interface providers, configuring firefox just to turn off all the things is an experience, what if i would have a smartphone with dozens of apps, and my service provider would present me with a long list of switches to configure access of that app when i use it the first time to contact service provider a, b, c? Wow! (In fact i _cannot_ configure firefox right, it is just too messy. Someone pointed me to the uMatrix Plug-In, and i use it, it really helps -- it is the only plugin i have. One would not think _how_ messy even the simplemost web pages are, and from _how many_ different providers they slurp in scripts, graphics, and whatever else. It is just a huge pile of crap! _How can this be secure??_ And scripting everywhere, and "most modern" other things, where the results could have been implemented pre-Y2K with the CSS available by then. Etc. etc.) Again apologies for addressing you as the primary receiver! --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
- [Mailsec] (no subject) Steffen Nurpmeso