Re: [perpass] Another mail-related proposal

Randy Bush <randy@psg.com> Tue, 20 August 2013 00:38 UTC

Return-Path: <randy@psg.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F97911E81E6 for <perpass@ietfa.amsl.com>; Mon, 19 Aug 2013 17:38:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.95
X-Spam-Level:
X-Spam-Status: No, score=-1.95 tagged_above=-999 required=5 tests=[AWL=-0.591, BAYES_00=-2.599, SARE_LWSHORTT=1.24]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ns+S0b3N4PA9 for <perpass@ietfa.amsl.com>; Mon, 19 Aug 2013 17:38:49 -0700 (PDT)
Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) by ietfa.amsl.com (Postfix) with ESMTP id 21CEF11E80A2 for <perpass@ietf.org>; Mon, 19 Aug 2013 17:38:49 -0700 (PDT)
Received: from localhost ([127.0.0.1] helo=ryuu.psg.com.psg.com) by ran.psg.com with esmtp (Exim 4.76) (envelope-from <randy@psg.com>) id 1VBZy9-0005qs-Rm; Tue, 20 Aug 2013 00:38:46 +0000
Date: Tue, 20 Aug 2013 09:38:44 +0900
Message-ID: <m21u5p9ox7.wl%randy@psg.com>
From: Randy Bush <randy@psg.com>
To: Jim Fenton <fenton@bluepopcorn.net>
In-Reply-To: <52126423.2050209@bluepopcorn.net>
References: <520FE08B.80005@bluepopcorn.net> <alpine.LFD.2.10.1308171723400.14413@bofh.nohats.ca> <5210643F.8030709@bluepopcorn.net> <m2bo4vcuup.wl%randy@psg.com> <Pine.SGI.4.61.1308180959010.1312964@shell01.TheWorld.com> <5210F9D3.5010302@bluepopcorn.net> <m2zjsea6fd.wl%randy@psg.com> <52126423.2050209@bluepopcorn.net>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.7 - "Harue")
Content-Type: text/plain; charset=US-ASCII
Cc: perpass@ietf.org
Subject: Re: [perpass] Another mail-related proposal
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Aug 2013 00:38:50 -0000

>> and the nsa pwns the disk drives of the smtp relays.  e2e, please, in
>> addition to transport.  in 1984, all data and traffic should be
>> encrypted.
> That goes to the question I had in my original message on this thread:
> what is the threat model we are attempting to address? In the short term
> at least, I consider transport-level encryption of email to be helpful,
> because it raises the required attack complexity.

i agree transport should be encrypted.  and, as someone has pointed out,
we should know when that negotiation is not successful and be able to
make some decisions.

smtp is hop by hop.  just because A encrypts to B, A has zero assurance
that B encrypts to C.  hence, e2e encryption is pretty much mandatory
against a purely passive attacker.

randy