Re: [perpass] Mail encryption as an example

Stephen Farrell <stephen.farrell@cs.tcd.ie> Sat, 17 August 2013 11:59 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F5E511E8104 for <perpass@ietfa.amsl.com>; Sat, 17 Aug 2013 04:59:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rzgLJ+9JHa1L for <perpass@ietfa.amsl.com>; Sat, 17 Aug 2013 04:59:17 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 450B611E80F6 for <perpass@ietf.org>; Sat, 17 Aug 2013 04:59:17 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 6F455BE24; Sat, 17 Aug 2013 12:59:16 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ILhVpnQbfF-5; Sat, 17 Aug 2013 12:59:15 +0100 (IST)
Received: from [10.87.48.8] (unknown [86.44.67.197]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 92C5CBE20; Sat, 17 Aug 2013 12:59:15 +0100 (IST)
Message-ID: <520F6589.4060808@cs.tcd.ie>
Date: Sat, 17 Aug 2013 12:59:05 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130803 Thunderbird/17.0.8
MIME-Version: 1.0
To: Yaron Sheffer <yaronf.ietf@gmail.com>
References: <520F63BC.7030808@gmail.com>
In-Reply-To: <520F63BC.7030808@gmail.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: perpass@ietf.org
Subject: Re: [perpass] Mail encryption as an example
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Aug 2013 11:59:28 -0000

On 08/17/2013 12:51 PM, Yaron Sheffer wrote:
> Hi,
> 
> Stephen mentioned that S/MIME is not good enough because headers
> (to/from) are still exposed. 

Didn't really mean "not good enough", more that protecting those
headers would be my favourite improvement to make.

> But there's still tons of benefit when the
> content is encrypted, even if the metadata is exposed (provided users
> know that it is exposed, of course). E.g. I would like all my internal
> company email to be encrypted, even if tracing recipients is trivial for
> the attacker.
> 
> In other words, is the scope of the mailing list/solutions limited to
> security of individuals, as opposed to organizations?
> 
> From a deployment perspective, I think we know how to provide privacy
> ("identity protection") only by using heavyweight solutions, such as
> onion routing. But there's a whole lot of important things we could do
> (make S/MIME usable, standardize OTR, revive IPsec OE) if we remove this
> constraint. Are such items in scope of this discussion?

Absolutely.

I think there is a qualitative difference between this discussion and
our usual security protocol discussions - in the latter case (as you
say above) we always aim for "strong" mechanisms, where even the
weakest link is "strong."

In this case, its not quite so clear - it could well be that less
strong mechanisms would produce a better outcome - opportunistic
encryption for example as you also mentioned above - if they for
example increase the cost of pervasive passive monitoring sufficiently
or change the set of endpoints at which such monitoring is doable
so that those endpoints might not be seen as good partners with
whom to co-operate, for folks who would like to monitor.

S.

> 
> Thanks,
>     Yaron
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass
> 
>