IETF Logo Mail Archive

Re: [perpass] (Possibly Dumb) EMail Security Idea

"Russ White" <russw@riw.us> Wed, 04 September 2013 23:41 UTC

Return-Path: <russw@riw.us>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B6F211E8130 for <perpass@ietfa.amsl.com>; Wed, 4 Sep 2013 16:41:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.367
X-Spam-Level:
X-Spam-Status: No, score=-2.367 tagged_above=-999 required=5 tests=[AWL=0.232, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s6Bujh3UY8H6 for <perpass@ietfa.amsl.com>; Wed, 4 Sep 2013 16:40:50 -0700 (PDT)
Received: from da31.namelessnet.net (da31.namelessnet.net [74.124.205.66]) by ietfa.amsl.com (Postfix) with ESMTP id F1C1E21F9A4C for <perpass@ietf.org>; Wed, 4 Sep 2013 16:40:49 -0700 (PDT)
Received: from cpe-098-122-147-095.nc.res.rr.com ([98.122.147.95] helo=RussPC) by da31.namelessnet.net with esmtpa (Exim 4.80.1) (envelope-from <russw@riw.us>) id 1VHMgq-0006tn-CO; Wed, 04 Sep 2013 16:40:48 -0700
From: Russ White <russw@riw.us>
To: 'David Singer' <singer@apple.com>, perpass@ietf.org
References: <00c201cea94a$ed5d45b0$c817d110$@riw.us> <9B462ED5-963C-4618-8FA2-1FA041EB0C72@tik.ee.ethz.ch> <52278CC3.5090002@funwithsoftware.org> <A704B12A-8564-4634-8E35-6453DBF45465@apple.com>
In-Reply-To: <A704B12A-8564-4634-8E35-6453DBF45465@apple.com>
Date: Wed, 04 Sep 2013 19:41:01 -0400
Message-ID: <00e001cea9c8$37701a10$a6504e30$@riw.us>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQIR6KI5VPGSlnCYcdzgGTryK4XgWAGiPwBwAZieJHkBzDYTwZkHha1g
Content-Language: en-us
X-Antivirus-Scanner: Seems clean. You should still use an Antivirus Scanner
Subject: Re: [perpass] (Possibly Dumb) EMail Security Idea
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Sep 2013 23:41:03 -0000

> I recall some incident where people had bought triple-redundant links from
> different long-haul providers -- who all used the same underlying fiber.
One
> backhoe did them all in.  Similarly, if the client can easily identify
which pieces
> go together, so can a snooper.

Shared common fate --but that's a different thing, I think. If you
specifically use a shared secret or something along those lines to break the
chunks up, then I think it might be pretty hard to put the pieces back
together. In this case, you might be able to use something like a "side
channel" to send a one time pad that's used as a hash to break the messiage
up, send each piece along a separate channel, and then put it all back
together on the other end... 

Of course, this all assumes a completely new email transport system, and it
assumes the server where the pieces are put back together is secure, or you
use a more POP-like system, where there is no storage of the complete
message on anything other than a local system...

I think this is all possible/doable. The question is --is the world ready
for a new email transport? Do we try and build it, to see if they will come?

Russ

v2.23.0 | Report a Bug | By Email