Re: [perpass] Another mail-related proposal

Paul Wouters <paul@cypherpunks.ca> Sat, 17 August 2013 21:26 UTC

Return-Path: <paul@cypherpunks.ca>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E67AF11E8178 for <perpass@ietfa.amsl.com>; Sat, 17 Aug 2013 14:26:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gDlTPXXZUN81 for <perpass@ietfa.amsl.com>; Sat, 17 Aug 2013 14:26:14 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) by ietfa.amsl.com (Postfix) with ESMTP id 0C9C411E8159 for <perpass@ietf.org>; Sat, 17 Aug 2013 14:26:14 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3cHZFg588pz30V; Sat, 17 Aug 2013 17:25:59 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id r7Uo2ER1rTBl; Sat, 17 Aug 2013 17:25:57 -0400 (EDT)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) by mx.nohats.ca (Postfix) with ESMTP; Sat, 17 Aug 2013 17:25:57 -0400 (EDT)
Received: by bofh.nohats.ca (Postfix, from userid 500) id 413EC80EE1; Sat, 17 Aug 2013 17:25:58 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 358A5804AB; Sat, 17 Aug 2013 17:25:58 -0400 (EDT)
Date: Sat, 17 Aug 2013 17:25:58 -0400 (EDT)
From: Paul Wouters <paul@cypherpunks.ca>
X-X-Sender: paul@bofh.nohats.ca
To: Jim Fenton <fenton@bluepopcorn.net>
In-Reply-To: <520FE08B.80005@bluepopcorn.net>
Message-ID: <alpine.LFD.2.10.1308171723400.14413@bofh.nohats.ca>
References: <520FE08B.80005@bluepopcorn.net>
User-Agent: Alpine 2.10 (LFD 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: perpass@ietf.org
Subject: Re: [perpass] Another mail-related proposal
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Aug 2013 21:26:20 -0000

On Sat, 17 Aug 2013, Jim Fenton wrote:

> There might be times when I'm interested in sending a message that I'd
> rather not be in the clear on the wire, and I'd rather that the message
> bounce rather than be sent in the clear. How about an SMTP option that
> allows a sender to specify whether the message transmission requires (1)
> TLS and (2) that the receiving MTA also enforce this option. It could
> also specify whether the recipient MTA is required to have a certificate
> trusted (e.g., via trust chain) by the sending MTA, or whether any TLS
> negotiation (e.g., self-signed cert) is OK.

I'd argue it the other way. If you publish a OPENPGPKEY/SMIMEKEY record,
then you ONLY want to receive encrypted email. The problem is trying to
prevent receiving it, as most email servers are message based and they
have to accept the full message before rejecting it, at which point the
cleartext has gone over the network and the NSA has a copy even if you
don't.

The postfix TLSA record fails hard for this reason - but that's the
transport security, not data security.

Paul