Re: [perpass] Mail encryption as an example
Russ Housley <housley@vigilsec.com> Sat, 17 August 2013 18:25 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix)
with ESMTP id 113C921F8EC3 for <perpass@ietfa.amsl.com>;
Sat, 17 Aug 2013 11:25:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.567
X-Spam-Level:
X-Spam-Status: No, score=-102.567 tagged_above=-999 required=5 tests=[AWL=0.032,
BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HraPA7Tiqev5 for
<perpass@ietfa.amsl.com>; Sat, 17 Aug 2013 11:25:51 -0700 (PDT)
Received: from odin.smetech.net (mail.smetech.net [208.254.26.82]) by
ietfa.amsl.com (Postfix) with ESMTP id 7BE5311E81D9 for <perpass@ietf.org>;
Sat, 17 Aug 2013 11:25:50 -0700 (PDT)
Received: from localhost (unknown [208.254.26.81]) by odin.smetech.net
(Postfix) with ESMTP id 56B46F24038; Sat, 17 Aug 2013 14:25:58 -0400 (EDT)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([208.254.26.82]) by localhost
(ronin.smetech.net [208.254.26.81]) (amavisd-new, port 10024) with ESMTP id
bY3j0aVHugQt; Sat, 17 Aug 2013 14:25:48 -0400 (EDT)
Received: from [192.168.0.8] (75-139-113-21.dhcp.mant.nc.charter.com
[75.139.113.21]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No
client certificate requested) by odin.smetech.net (Postfix) with ESMTP id
5549AF24032; Sat, 17 Aug 2013 14:25:56 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1085)
Content-Type: text/plain; charset=us-ascii
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <520F63BC.7030808@gmail.com>
Date: Sat, 17 Aug 2013 14:25:46 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <7BCB3CC3-3E06-41F2-B2AE-CC8A697F45CF@vigilsec.com>
References: <520F63BC.7030808@gmail.com>
To: Yaron Sheffer <yaronf.ietf@gmail.com>
X-Mailer: Apple Mail (2.1085)
Cc: perpass@ietf.org
Subject: Re: [perpass] Mail encryption as an example
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF
protocols and concrete ways in which those could be improved. "
<perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>,
<mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>,
<mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Aug 2013 18:25:56 -0000
There is a technique for protecting the subject line for S/MIME, but the recipients MUST be exposed for the mail to b delivered. This exposure can be limited to the clients and various mail servers if SMTP/POP/IMAP are run over TLS.
Russ
On Aug 17, 2013, at 7:51 AM, Yaron Sheffer wrote:
> Hi,
>
> Stephen mentioned that S/MIME is not good enough because headers (to/from) are still exposed. But there's still tons of benefit when the content is encrypted, even if the metadata is exposed (provided users know that it is exposed, of course). E.g. I would like all my internal company email to be encrypted, even if tracing recipients is trivial for the attacker.
>
> In other words, is the scope of the mailing list/solutions limited to security of individuals, as opposed to organizations?
>
> From a deployment perspective, I think we know how to provide privacy ("identity protection") only by using heavyweight solutions, such as onion routing. But there's a whole lot of important things we could do (make S/MIME usable, standardize OTR, revive IPsec OE) if we remove this constraint. Are such items in scope of this discussion?
>
> Thanks,
> Yaron
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass
- [perpass] Mail encryption as an example Yaron Sheffer
- Re: [perpass] Mail encryption as an example Stephen Farrell
- Re: [perpass] Mail encryption as an example Russ Housley