Re: [perpass] In case you haven't seen it yet...
Douglas Otis <doug.mtview@gmail.com> Thu, 27 February 2014 20:52 UTC
Return-Path: <doug.mtview@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BEDFE1A0680 for <perpass@ietfa.amsl.com>; Thu, 27 Feb 2014 12:52:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.101
X-Spam-Level:
X-Spam-Status: No, score=-0.101 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W52LdNy7WfmE for <perpass@ietfa.amsl.com>; Thu, 27 Feb 2014 12:52:49 -0800 (PST)
Received: from mail-qc0-x22c.google.com (mail-qc0-x22c.google.com [IPv6:2607:f8b0:400d:c01::22c]) by ietfa.amsl.com (Postfix) with ESMTP id 018C81A067F for <perpass@ietf.org>; Thu, 27 Feb 2014 12:52:48 -0800 (PST)
Received: by mail-qc0-f172.google.com with SMTP id i8so2182859qcq.31 for <perpass@ietf.org>; Thu, 27 Feb 2014 12:52:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=Ad1f+wz+ZSpcPetgxIPK2I+z7MtLMamX+xy0poMtq/k=; b=Ub0A2JqvnHGOqcR9NXXHRmCQvNP5ZZSDr2ZoQ2Smj6kcmZ2/X3epeeBFak4Th/n2SH 3HhUgeYPZlH2paIEKi6b9sZYDj2LYexlvbGtzXLZzJYAo8boAKMafZkYI/sUrsR5uY/4 llUzmCt7DtdNnQYYn6dakHZyOdEAGb2sJLRg6qFuc9DXO8rfScR9jvPcUyux1FTABFsi 3tMax5+97nRlSTHNIrctkG5b/X7llGkVOXDYD+pJTzLRUwH65mHA3kJDOvpWxg6fkNBD 74PyQ9IGrGrvsDOpM5euXN/6JIOaJGMGG5QMxFOWxzPvc3ayncmxJ16b6Xxig6hRXhLq VU7Q==
X-Received: by 10.140.86.51 with SMTP id o48mr10111871qgd.67.1393534367223; Thu, 27 Feb 2014 12:52:47 -0800 (PST)
Received: from [192.168.0.54] (107-0-5-6-ip-static.hfc.comcastbusiness.net. [107.0.5.6]) by mx.google.com with ESMTPSA id q10sm17242459qah.22.2014.02.27.12.52.45 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 27 Feb 2014 12:52:46 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
From: Douglas Otis <doug.mtview@gmail.com>
In-Reply-To: <1F22A1C6-CABA-4927-8FCE-CE5AC682554D@cisco.com>
Date: Thu, 27 Feb 2014 12:52:47 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <1A4880FB-7DFA-49C4-AF30-5F9BD279D98C@gmail.com>
References: <1F22A1C6-CABA-4927-8FCE-CE5AC682554D@cisco.com>
To: "Fred Baker (fred)" <fred@cisco.com>
X-Mailer: Apple Mail (2.1874)
Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/s14QljK5Pu3Lpf3KjhR_txG2yv4
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] In case you haven't seen it yet...
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Feb 2014 20:52:51 -0000
Dear Perpass WG, Technological solutions can address most security issues. Those related to PKI limitations can be addressed with DNSSEC and DANE, for example. Regardless of the number of hops, protocols such as XMPP's direct federation model can ensure multiple hop security. Of course, not all federations require full compliance, but at least XMPP offers a means. The level of abuse and risk associated with lax management found with email is likely responsible for a shift away from services dominated by mass mailers and toward those suitable for individuals as characterized by growing social networks. Even so, most social networks also represent a potential for substantial privacy intrusion. The IETF could do more at reducing these exposures. Moving from SMTP to XMPP is not insurmountable, especially when it offers greater security with reduced complexity when dealing with threats. Such a transition offers a means to bolster waning system security and use. The IETF has done well to discourage email prompted exchange of "office" documents. Such exchanges represent a major and common exploit vector, especially when from unknown sources. Any such exchange must be considered a bad practice. The explosion of browser plugins and Apps from poorly vetted sources however are of equal concern and also demand source confirmation as well. More consideration needs to be made regarding both client and server certificates that can be exchanged with TLS, otherwise MiTM attacks may go undetected. It is also wrong to suggest IPv6 now offers secure BGP and is immune to address spoofing. The size of the IPv6 prefix address space precludes effective sharing of threats at being effective in mitigating abuse. Authenticated domains representing both ends of an exchange promise more effective protection strategies. Please forgive any apparent lack of etiquette, as there is no intent to demean anyone. Regards, Douglas Otis
- [perpass] In case you haven't seen it yet... Fred Baker (fred)
- Re: [perpass] In case you haven't seen it yet... Ted Lemon
- Re: [perpass] In case you haven't seen it yet... heinerhummel
- Re: [perpass] In case you haven't seen it yet... Spencer Dawkins at IETF
- Re: [perpass] In case you haven't seen it yet... Douglas Otis
- Re: [perpass] In case you haven't seen it yet... dan
- Re: [perpass] In case you haven't seen it yet... Robin Wilton