Re: [perpass] perpass: what next?
Adam Caudill <adam@adamcaudill.com> Sat, 18 April 2015 16:38 UTC
Return-Path: <adam@adamcaudill.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F1F0D1A8859 for <perpass@ietfa.amsl.com>; Sat, 18 Apr 2015 09:38:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.378
X-Spam-Level:
X-Spam-Status: No, score=-1.378 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NNsWkuBu_ZYO for <perpass@ietfa.amsl.com>; Sat, 18 Apr 2015 09:38:08 -0700 (PDT)
Received: from mail-lb0-x22a.google.com (mail-lb0-x22a.google.com [IPv6:2a00:1450:4010:c04::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 173B01A0004 for <perpass@ietf.org>; Sat, 18 Apr 2015 09:38:08 -0700 (PDT)
Received: by lbbuc2 with SMTP id uc2so103357882lbb.2 for <perpass@ietf.org>; Sat, 18 Apr 2015 09:38:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=adamcaudill.com; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=mwoMMForLARYSC4Aw+qLr8EfZWMfGp+n0TjyhSYIBhI=; b=piAyl0sNFT0Yovzg4/wus1nFpa/ZmfM6Fw6Q5XPTLr+nXD9dNUuifDOTAQ7zEZa2zU fXKcR8vB8KSF/ya8wZ25t7sqCxEySvi2sdQ8m7PWuK4KR7bYzOMuvzVJoexDq6u21+TH edOmBhb0pmDwgBerCIX6xjveBdpDUZVsGKtMw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=mwoMMForLARYSC4Aw+qLr8EfZWMfGp+n0TjyhSYIBhI=; b=CT3qtOMKD7+2j4nr7cDBPb666TFJATarQfrGNr7cSGKtkcOurr1pBfcAOwyEsVy2lH A5AxlYTgErWzP5mSJSADPUY1/5hKSKM+pHxx6jMEn8WO1GoFq5ODEqghITcuILmRjiNs j/+1QMrcFM+/M/vKHJEEBlJOfrJc0UaCQFRK9HYMe9gwrQ04ERCvbRj6Ll5rFBxMRaug C5OaHVyjPm6nJw/8iKH8pX/SntgWHH79o2z74FvsTgOdTYMkLHzc7+X50gEuKcILScYg s0z8Stre74jKL3+TEa861ySga9epyvXsCqHreVbyalCLn+RzHVyQccDttDmWogYJ84ge CGNw==
X-Gm-Message-State: ALoCoQlfscq2uaU1uIThWU5+klFh2fme43uj3e5c7tldNJpewyN4/qo5OKbOFCzA158F5jBOp73F
X-Received: by 10.152.205.106 with SMTP id lf10mr8871467lac.89.1429375086461; Sat, 18 Apr 2015 09:38:06 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.112.125.9 with HTTP; Sat, 18 Apr 2015 09:37:46 -0700 (PDT)
In-Reply-To: <CACsn0cn7sY8MFCumUknXfqPWqELUtLdyh55Z=av-0NSbMb3xYw@mail.gmail.com>
References: <5530EEAB.5050601@cs.tcd.ie> <CACsn0cn7sY8MFCumUknXfqPWqELUtLdyh55Z=av-0NSbMb3xYw@mail.gmail.com>
From: Adam Caudill <adam@adamcaudill.com>
Date: Sat, 18 Apr 2015 12:37:46 -0400
Message-ID: <CAFJuDmMT9rgjLx6JhBKa9NNiNCpFeYWMxB13TMYL+g2A0JjTOg@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
Content-Type: multipart/alternative; boundary="001a1134990847969e051402522f"
Archived-At: <http://mailarchive.ietf.org/arch/msg/perpass/MnZLRyh6u37Ijkuigx3NO8J8tGU>
Cc: perpass <perpass@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] perpass: what next?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Apr 2015 16:38:10 -0000
On Sat, Apr 18, 2015 at 12:44 AM, Watson Ladd <watsonbladd@gmail.com> wrote: > -Key discovery in email has been kicked around a bunch, but no > reasonable proposals yet. Doesn't seem that hard. > Key discovery, if we limit the scope of the initiative, shouldn't be that hard to achieve, and could lead to a huge amount of progress. Email is so horribly broken, I think the entire system needs to be replaced, but I think it's clear that we aren't at a point where that's going to happen. While I, and I think many of us, would like a solution that addresses the metadata leaking and other major issues, the changes are too radical to work within the current system. So, if we can get to the point that we are encrypting a higher percentage, I think that's a goal worth pursuing. We aren't going to achieve the perfect, certainly not now, and to achieve anything, I think we are going to have to limit our definition of good. While I want to see email as we know it replaced with something that provides strong modern crypto, forward secrecy, minimal metadata leaks, and all messages encrypted by default - at this point I'd be happy if we could get the number of emails using end to end crypto to a non-trivial number. For now, that might be the best we can actually achieve. Email is likely the largest source of exposed information that end users expect to be private, and while much has been done in other areas, email remains wide open. Opportunistic SSL/TLS has become more common, and it does provide some privacy, we all know that it's not real security and how trivial it is for an active attacker to disable. This is an area that desperately needs some progress made. There's been some discussion on the endymail[1] list, but there hasn't been any real progress - I don't believe anything actionable has come out of it so far. [1] https://www.ietf.org/mail-archive/web/endymail/current/maillist.html
- Re: [perpass] perpass: what next? John Levine
- [perpass] perpass: what next? Stephen Farrell
- Re: [perpass] perpass: what next? Michael Richardson
- Re: [perpass] perpass: what next? Mike Liebhold
- Re: [perpass] perpass: what next? Watson Ladd
- Re: [perpass] perpass: what next? Stephen Farrell
- Re: [perpass] perpass: what next? Tim Bray
- Re: [perpass] perpass: what next? Adam Caudill
- Re: [perpass] perpass: what next? Paul Wouters
- Re: [perpass] perpass: what next? carlo von lynX
- Re: [perpass] perpass: what next? Mike Liebhold
- Re: [perpass] perpass: what next? Watson Ladd
- Re: [perpass] perpass: what next? carlo von lynX
- Re: [perpass] perpass: what next? Joseph Lorenzo Hall
- Re: [perpass] perpass: what next? Christian Huitema
- Re: [perpass] perpass: what next? Stefan Winter
- Re: [perpass] perpass: what next? Michael Richardson
- Re: [perpass] perpass: what next? Ted Lemon
- Re: [perpass] perpass: what next? Mike Liebhold
- Re: [perpass] perpass: what next? Stefan Winter
- Re: [perpass] perpass: what next? Stefan Winter
- Re: [perpass] perpass: what next? Stephen Farrell
- Re: [perpass] perpass: what next? Kathleen Moriarty