IETF Logo Mail Archive

Re: [perpass] perpass: what next?

Adam Caudill <adam@adamcaudill.com> Sat, 18 April 2015 16:38 UTC

Return-Path: <adam@adamcaudill.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F1F0D1A8859 for <perpass@ietfa.amsl.com>; Sat, 18 Apr 2015 09:38:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.378
X-Spam-Level:
X-Spam-Status: No, score=-1.378 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NNsWkuBu_ZYO for <perpass@ietfa.amsl.com>; Sat, 18 Apr 2015 09:38:08 -0700 (PDT)
Received: from mail-lb0-x22a.google.com (mail-lb0-x22a.google.com [IPv6:2a00:1450:4010:c04::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 173B01A0004 for <perpass@ietf.org>; Sat, 18 Apr 2015 09:38:08 -0700 (PDT)
Received: by lbbuc2 with SMTP id uc2so103357882lbb.2 for <perpass@ietf.org>; Sat, 18 Apr 2015 09:38:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=adamcaudill.com; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=mwoMMForLARYSC4Aw+qLr8EfZWMfGp+n0TjyhSYIBhI=; b=piAyl0sNFT0Yovzg4/wus1nFpa/ZmfM6Fw6Q5XPTLr+nXD9dNUuifDOTAQ7zEZa2zU fXKcR8vB8KSF/ya8wZ25t7sqCxEySvi2sdQ8m7PWuK4KR7bYzOMuvzVJoexDq6u21+TH edOmBhb0pmDwgBerCIX6xjveBdpDUZVsGKtMw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=mwoMMForLARYSC4Aw+qLr8EfZWMfGp+n0TjyhSYIBhI=; b=CT3qtOMKD7+2j4nr7cDBPb666TFJATarQfrGNr7cSGKtkcOurr1pBfcAOwyEsVy2lH A5AxlYTgErWzP5mSJSADPUY1/5hKSKM+pHxx6jMEn8WO1GoFq5ODEqghITcuILmRjiNs j/+1QMrcFM+/M/vKHJEEBlJOfrJc0UaCQFRK9HYMe9gwrQ04ERCvbRj6Ll5rFBxMRaug C5OaHVyjPm6nJw/8iKH8pX/SntgWHH79o2z74FvsTgOdTYMkLHzc7+X50gEuKcILScYg s0z8Stre74jKL3+TEa861ySga9epyvXsCqHreVbyalCLn+RzHVyQccDttDmWogYJ84ge CGNw==
X-Gm-Message-State: ALoCoQlfscq2uaU1uIThWU5+klFh2fme43uj3e5c7tldNJpewyN4/qo5OKbOFCzA158F5jBOp73F
X-Received: by 10.152.205.106 with SMTP id lf10mr8871467lac.89.1429375086461; Sat, 18 Apr 2015 09:38:06 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.112.125.9 with HTTP; Sat, 18 Apr 2015 09:37:46 -0700 (PDT)
In-Reply-To: <CACsn0cn7sY8MFCumUknXfqPWqELUtLdyh55Z=av-0NSbMb3xYw@mail.gmail.com>
References: <5530EEAB.5050601@cs.tcd.ie> <CACsn0cn7sY8MFCumUknXfqPWqELUtLdyh55Z=av-0NSbMb3xYw@mail.gmail.com>
From: Adam Caudill <adam@adamcaudill.com>
Date: Sat, 18 Apr 2015 12:37:46 -0400
Message-ID: <CAFJuDmMT9rgjLx6JhBKa9NNiNCpFeYWMxB13TMYL+g2A0JjTOg@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
Content-Type: multipart/alternative; boundary="001a1134990847969e051402522f"
Archived-At: <http://mailarchive.ietf.org/arch/msg/perpass/MnZLRyh6u37Ijkuigx3NO8J8tGU>
Cc: perpass <perpass@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] perpass: what next?
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Apr 2015 16:38:10 -0000

On Sat, Apr 18, 2015 at 12:44 AM, Watson Ladd <watsonbladd@gmail.com> wrote:

> -Key discovery in email has been kicked around a bunch, but no
> reasonable proposals yet. Doesn't seem that hard.
>

Key discovery, if we limit the scope of the initiative, shouldn't be that
hard
to achieve, and could lead to a huge amount of progress.

Email is so horribly broken, I think the entire system needs to be
replaced, but
I think it's clear that we aren't at a point where that's going to happen.
While
I, and I think many of us, would like a solution that addresses the metadata
leaking and other major issues, the changes are too radical to work within
the
current system. So, if we can get to the point that we are encrypting a
higher
percentage, I think that's a goal worth pursuing. We aren't going to
achieve the
perfect, certainly not now, and to achieve anything, I think we are going to
have to limit our definition of good. While I want to see email as we know
it
replaced with something that provides strong modern crypto, forward secrecy,
minimal metadata leaks, and all messages encrypted by default - at this
point
I'd be happy if we could get the number of emails using end to end crypto
to a
non-trivial number. For now, that might be the best we can actually achieve.

Email is likely the largest source of exposed information that end users
expect
to be private, and while much has been done in other areas, email remains
wide
open. Opportunistic SSL/TLS has become more common, and it does provide some
privacy, we all know that it's not real security and how trivial it is for
an
active attacker to disable. This is an area that desperately needs some
progress
made. There's been some discussion on the endymail[1] list, but there hasn't
been any real progress - I don't believe anything actionable has come out
of it
so far.


[1] https://www.ietf.org/mail-archive/web/endymail/current/maillist.html

v2.23.0 | Report a Bug | By Email