Re: [perpass] Another mail-related proposal

Dan Schlitt <schlitt@theworld.com> Sun, 18 August 2013 14:02 UTC

Return-Path: <schlitt@theworld.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 473B911E8292 for <perpass@ietfa.amsl.com>; Sun, 18 Aug 2013 07:02:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.98
X-Spam-Level:
X-Spam-Status: No, score=-2.98 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, RCVD_IN_SORBS_WEB=0.619]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BXM93-iuDc-P for <perpass@ietfa.amsl.com>; Sun, 18 Aug 2013 07:02:36 -0700 (PDT)
Received: from TheWorld.com (pcls6.std.com [192.74.137.146]) by ietfa.amsl.com (Postfix) with ESMTP id 8486C11E828F for <perpass@ietf.org>; Sun, 18 Aug 2013 07:02:36 -0700 (PDT)
Received: from shell.TheWorld.com (root@shell01.theworld.com [192.74.137.71]) by TheWorld.com (8.14.5/8.14.5) with ESMTP id r7IE21V2011163; Sun, 18 Aug 2013 10:02:07 -0400
Received: from shell01.TheWorld.com (localhost.theworld.com [127.0.0.1]) by shell.TheWorld.com (8.13.6/8.12.8) with ESMTP id r7IE20Ik1306465; Sun, 18 Aug 2013 10:02:00 -0400 (EDT)
Received: from localhost (schlitt@localhost) by shell01.TheWorld.com (8.13.6/8.13.6/Submit) with ESMTP id r7IE20qm1296762; Sun, 18 Aug 2013 10:02:00 -0400 (EDT)
X-Authentication-Warning: shell01.TheWorld.com: schlitt owned process doing -bs
Date: Sun, 18 Aug 2013 10:01:59 -0400
From: Dan Schlitt <schlitt@theworld.com>
To: Randy Bush <randy@psg.com>
In-Reply-To: <m2bo4vcuup.wl%randy@psg.com>
Message-ID: <Pine.SGI.4.61.1308180959010.1312964@shell01.TheWorld.com>
References: <520FE08B.80005@bluepopcorn.net> <alpine.LFD.2.10.1308171723400.14413@bofh.nohats.ca> <5210643F.8030709@bluepopcorn.net> <m2bo4vcuup.wl%randy@psg.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
Cc: Jim Fenton <fenton@bluepopcorn.net>, perpass@ietf.org
Subject: Re: [perpass] Another mail-related proposal
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Aug 2013 14:02:41 -0000

I thought that I was long ago taught that encrypting only messages with 
"sensitive information" in them was bad security. The encrypted messages 
called attention to them and even if they could not be read were subject 
to traffic analysis.

/dan

-- 

Dan Schlitt
schlitt@world.std.com


On Sun, 18 Aug 2013, Randy Bush wrote:

>> I'm having more trouble coming up with use cases where I'd want to
>> reject messages that don't use PGP or S/MIME.
>
> visualize a future world where e2e message privacy is the default.  in
> that world, some parties could view an unencrypted message as an attack.
>
>> The originator of a message is in a better position to decide whether
>> it contains sensitive information. And as the receiver you can't
>> generally protect against the message traversing the network in the
>> clear -- SMTP is often more than one hop and an earlier hop (or
>> submission) could have been in the clear, even if you did require TLS
>> for the last hop.
>
> i do what is in my power to do.  just because there might be a weakness
> in the system n hops away does not mean i should indulge in weakness.
>
> randy
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass
>